5842375b33d1461015322baac92a5d31e460dcc3b85e1d30d20196af96f81612

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2025, 08:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Mal2/breast.html
Size

51KB
MD5

32b7055e66439065de5ea5c8cc51ec80
SHA1

b3af36490fc9bec19b6041221191eadf582e14b5
SHA256

467459cf4763513e74820b221770142c560620d749fcf588fad4d38bb3d15cc7
SHA512

fc9903fdeae2e21cfa58e716dbc9892f3b4de4e81286a22ae9e3a084502d161d14257690fb1f0815327ffd3140bd0fa774683a120c32a41bbb8d849b04abaa34
SSDEEP

768:2XM8+KzTjc2gqtbminV1FibevwtqhhftLEayWud/DGC/QNZU50ugfCTgccp20t7j:UpzPSqh7vRXLExvrGdC0cK77GpN+/UI

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-hy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-nl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-cy.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-de-ch-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-ru.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-sk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-sv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-ta.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-de-1901.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-or.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-sq.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-te.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-pt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-de-1996.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-af.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-da.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-et.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-mn-cyrl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-uk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-hr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_959493721\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-bn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-ml.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-nb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-lt.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-en-us.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-eu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-hi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-und-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-es.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-mr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-mul-ethi.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_959493721\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-gu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-kn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-la.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-as.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-ga.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_170919880\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-lv.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_170919880\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_959493721\Microsoft.CognitiveServices.Speech.core.dll	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-gl.hyb	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865872871240859"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{7DDBFAE5-B1EB-46BE-AF53-255AD1AD7DBA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5332	msedge.exe
5332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3512	2672	msedge.exe	85
PID 2672 wrote to memory of 3512	2672	msedge.exe	85
PID 2672 wrote to memory of 1616	2672	msedge.exe	86
PID 2672 wrote to memory of 1616	2672	msedge.exe	86
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 4672	2672	msedge.exe	87
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88
PID 2672 wrote to memory of 3552	2672	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Mal2\breast.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff99c1cf208,0x7ff99c1cf214,0x7ff99c1cf220
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1892,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2100,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2524,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=2532 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3484,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3480,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4940,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5564,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5800 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6048,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5912,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5476,i,4041997430092258862,196829009396492809,262144 --variations-seed-version --mojo-platform-channel-handle=4004 /prefetch:8
  2⤵
  PID:5272

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_1405327097\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_639127344\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2672_959493721\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7f6743dafcfcbecce6d6a5cf54b30e5d

SHA1
4e94dfcb2e70004ad7378de3d972f2e6c8f8d5dd

SHA256
53452148e748a2c2de116a07790e59a3f6103fd49607e5111f16741325d38697

SHA512
55644a1c660a418b8dcfce72ad605cff6b44005f6c4cff7e06eb911182165e2f46a3e14e921b8d2bad18dd213cda2eccd166204984d170a1cf9cb0ace4e04c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9559d31cdc672c1d86555c80abb420f2

SHA1
9da734eada762328fa457be12bf67c7f97033799

SHA256
a9ac73c29429a292c1d51a97e2b8958a76a3a042880b0c5cc2a8f3940070b3f9

SHA512
da0e3a70a77042620db2520a7d1d7f5723f72648dd1f9aa765e8b73b394d08c3257d50494796d8a547411e09c0ad2e7e9d049d4356152a0e7e3388b52686e65f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
8f7d983f1c1b1540a37bfb170832c58d

SHA1
2550b9f94f797fb63585cac79417b668e4c0fc49

SHA256
c40a63899035d72e06deee72655136aedc09011487c11115819159fec9ad3dec

SHA512
bf22e87c32f8c4d428b4915b8a4d8cd572a53392001c88e32d6abf31417cc29aaa592b76bd2feb3216a30421e365c3816a589e64bc8007cd0ffcae5fa69e6daf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
7d2f1bb516f471d54e5ff1d0ae292480

SHA1
73a3dce7f864879df75c8ae2b4e0774a90f0639f

SHA256
7cf3874f87b5b17ab185214e7b3b7ffdc0e96d5d4807ec4bcea93270bab6ebcc

SHA512
5640d845d0a9afbf24ddaba483f6f81b9fcb5385f03750f47c19309a8c4c5afb3e57153af04dc5a76d2904d59fdb32272bd46aa7c1af6588d2ef7210731aba24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
9326307f7dbabe74f0a88f3eed68015b

SHA1
ddb9aee632b5a58606d8a112c683a235d34122d6

SHA256
32f585e2e157da1165e5271a081461de8c4dd94f816c49a295f34bac99604a7e

SHA512
54c056be2436c9d7bc075ed4912f21eac494d0b9424cea1c6ca75f245e20a8550b23bc3dd26362bc979b518bb61b8d25d00db6e5aebcbb48c083e6dc0a443a89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
460B

MD5
a65b408e42fb8dd5767035b7cf838b82

SHA1
85d369ac291b2858126204ee71a374c686f2d7e2

SHA256
20fd22793a5725f24e6d4acb54671086c575b04832fb190446c1d6f21d27123f

SHA512
2956031c95bcf52041487173ecf93d00fa0060deb226757efb3317854870685b1c6ed4858fdc7aee5d191b103ab3cc86f3214f508c84052b4e912f6afa9fa257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
415b14e7cacc3c2e797ab7839dd1bfc7

SHA1
30ceb690d3b8ee6af037daa1a7500795a63be67d

SHA256
303dd833173a6b08d85e48f5c690a92c62b5096623acc384c1b768acb983f9e3

SHA512
c807bbaada5fdb96e943a2b1b0660a8fa009c4e82d3d93d12a4bcef756864d5d1859fbcadf95944cbba5014c05334d5b5b482556db9a7a4db7298df6697230c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
732ff8f027e434735df66c0e1ab0dbdb

SHA1
d61cf0355209b63882807d91a23dcebddd47590b

SHA256
76b2aa74c6511251fbe3a9f452532b899f18e4ad4a26df5ae8d72ccce7c7c5f6

SHA512
305e887dba946ccce9e3d1c705bd48d4efe3e658d999f0a655668cf1c2efc42d02b7b1c1af13fa36f7fa8acb76b1f3afb958e843509d511f0f7f0527f60951f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
ec927d5d96e6b1067a4037067b0c608e

SHA1
37e36c82814f7021091431d6cb684585c50aeccb

SHA256
db59cbc085e7bb23af39da40b8dd4ce53105c492aecb105119fc6154a2554bab

SHA512
2cabeda3ab9816a9f6e9cc549715a261ab5e59963f5f384c03d3ebde63dc2d892483b0318f37cc48df11abc95657a7811d427de90aa5cf4db1ccceff9056d847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
e619f4306d388b711d5c8893ead877e8

SHA1
d50a1b10ae18fe3dde6f3cf07d4c6d6073c165a9

SHA256
1f1e4b612617ac8fbfdc4c681204b77621323a757f091be9b648eab33ad47336

SHA512
3605c60a58844ee07cbd262b594a57e84442e122cb521b89ca7fddaa5660a004e1c8299a4ec5cb9b9ed3c2155a1f7d71eeedb5b3ce3eff2644ea159c2891a014

Download Submit