485939cbff47d7081e327309295f67ccb9be619ae72d8334c13157b9ccdf7a00

Analysis

max time kernel
144s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 11:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-html-2.html
Size

11KB
MD5

179549c57081ae02dc13e95baed8e240
SHA1

e9bee85dfb278ebe6277b0d161b0ec70b5c961b6
SHA256

e7c2c423299fba777115a64107c9b5d7fd77e29cd1706429e86d180cd859c8d0
SHA512

cff8d2a777176bf779f73967c4633aca12f7a40352b905270851c4e3d3b46d6dcb16fcebaaf7751238d5bde4de0dc796c497932f8fd120a8562bcb736efbff6e
SSDEEP

96:9gP1snL+00NvW5u+CRoQbKzNHKKJBsNnuQyoIVXpzJkuFzN9jT59OxJ1snL+00NW:zx2PUx2Sx2Bx23Bx2QGx29OBx27v

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_2022634153\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_2022634153\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\keys.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1804_336066100\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_376256616\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_696666087\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_2022634153\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1804_376256616\deny_domains.list	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875476844340597"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{3FED414E-51BA-477A-9C25-09DC3C70DB84}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4996	msedge.exe
4996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe
1804	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1804 wrote to memory of 1596	1804	msedge.exe	86
PID 1804 wrote to memory of 1596	1804	msedge.exe	86
PID 1804 wrote to memory of 1588	1804	msedge.exe	87
PID 1804 wrote to memory of 1588	1804	msedge.exe	87
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 2516	1804	msedge.exe	88
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89
PID 1804 wrote to memory of 5280	1804	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-2.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2ac,0x7ffcafd1f208,0x7ffcafd1f214,0x7ffcafd1f220
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1788,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2220,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3488,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3500,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4876,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=4908 /prefetch:8
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4552,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=5032 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5664,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:8
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5980,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5788,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6248 /prefetch:8
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5308,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6248,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=760,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5220,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3408,i,14682543024556173526,4612821116333944447,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:8
  2⤵
  PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1314000742\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1804_1791775850\manifest.json

Filesize
114B

MD5
e6cd92ad3b3ab9cb3d325f3c4b7559aa

SHA1
0704d57b52cf55674524a5278ed4f7ba1e19ca0c

SHA256
63dfb8d99ce83b3ca282eb697dc76b17b4a48e4065fc7efafb77724739074a9d

SHA512
172d5dc107757bb591b9a8ed7f2b48f22b5184d6537572d375801113e294febfbe39077c408e3a04c44e6072427cbe443c6614d205a5a4aa290101722e18f5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CertificateRevocation\6498.2024.12.2\crl-set

Filesize
21KB

MD5
846feb52bd6829102a780ec0da74ab04

SHA1
dd98409b49f0cd1f9d0028962d7276860579fb54

SHA256
124b7eeba31f0e3d9b842a62f3441204beb13fade81da38b854aecba0e03a5b4

SHA512
c8759e675506ccc6aa9807798252c7e7c48a0ab31674609738617dc105cee38bce69d4d41d6b95e16731466880b386d35483cbeea6275773f7041ba6e305fae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
33f0fc4aefce8efbd3787c3ce605b952

SHA1
db6bf0c3e600d766d945ca6f2d43252a2cfaa727

SHA256
6b473dce1dcdd67104344b65e7249a1d2675ef52d38550e20f414732335b7ee3

SHA512
1dba20b57a1780c47abebc635b8319da3bc40c9aa1f3d0f0a8c058f94556f85a3d5025b9660ff54f476ae08c78dd60accd0c18ea2a3d2768a5f3d34811d4c417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
44e81d5fa71252d02e95fc37ced1966a

SHA1
eca8ed9b192573aa199c954bf27919df26829089

SHA256
44cc212bfc12f4cd6049ac8fd21019ed790343cc3489dcc68a7b98db392e7ff7

SHA512
9eae0c122650205fcb0d396d62a2e6960d059171d32c53f65da0a4a936edd7c04fbb8da338e797ab3a5747cd6a4a442a731a588146252bf593f2b65ac2280235

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
bd881bff42598a783919143ad6dc1a72

SHA1
36915f04a1e4deeec0fec1a5cf4971a91cc4ef35

SHA256
721dfcf563c829e8189b3ef6a8a9be462481e319281000c9d2a3fae49a214c73

SHA512
0e8fb8d9f4f25b23fe2727ad8457021d0282650518dcbc924b99baa8f5e0bfa33b3749beeb93b85ab539798d2dce28e0a25aea620a74ee5872fd8c99c8ae8936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
81386db31f3eda2a8c9cc360a2716d47

SHA1
2539c67671af80c50217729a3b8560161e045e1c

SHA256
45aeb84a8da0cb782daeabcc3df49a58c2ebfe055c612c6083921f32a30160c9

SHA512
7b25d9702d1ea61514b0721cabad2c95ce7dd1ea7c7fef91607eabf5a0650ab8fe604bcf33c5f0b19885e3e094bccb1612008fdca5d03c890babfa5f0e1a0e17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
5efacd4e289c3db62aa3b61aa2e7a988

SHA1
f02582c3237aad5e67d65bae7f97b3a7150e1a44

SHA256
28e2997b884badc66f7d46f50f4a2d4d288c1638677d6de9ad0fbb10adaa29c9

SHA512
22eea4a21559c54bc6d37614b68c3556581ff37f5461a66451d0317fdb806c47d89e985d51897d1fbe9b5df6df2d292bd154fa4f05ae549b39e86b35878acf5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
99003e9288597d9ef0f71a55a273edb1

SHA1
40a4cdf0807df18172a1cc74a2322ebcdc2085dd

SHA256
382f8960fdf204f3bbbdd3ae0f6aa227d5d21e0db647538dbfebb6a771411712

SHA512
4ce70ef3a51f5e265e7813ea4d9f365d5889e550bb77f79ab3984cf0aaa1b4454277e00b4dfd9c00d83e566037b6e0541b060015183b400734506e1bd088f1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
6130b85ec90a79fa46d96277ad71f475

SHA1
b0e915103776525a7b47d7a2f2fc1d886dc5433e

SHA256
6773d7183622df8801a00b21dc15f0b62972856cf47e930d4645969c4ff7fac8

SHA512
3cf77d0ddd2ea90f26cdd1f610bd6b538d09df34a3bbb3238c040362f2a36b13cdff2138bd42d4cfc4f585fa64f3634b1c8b33b977f026d9734f6059463ebfb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
86c62c3750b7e325f372642205d09f4b

SHA1
b8bf2c419089fb9ce71b56afe5074f336018b16f

SHA256
aac94260567ddea4dd06692de367503e194cfcea8ea0b0271948262b18fabe10

SHA512
78ef7e6df13d5c4ec07a875a381c6ec6c19c9b6a4bd4583800669709dfb30b3875bb00907c46b82f66e10789a077c9a3e8e94ae941d38d8a549793c2a37739c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
3ec20961b890170f015c222d27a1120c

SHA1
27c2766df3aae782ae6d8fe813b7fc99a7ea5b51

SHA256
5b943e7706feb5d9a99e8b084b297099adf8283e43983db6ca5d9e5561ccde8d

SHA512
9ebc659fa4efcce6d454d1768f0b1c78a3d8a2c2dfd97fb2495053bad6705e361ef2ac14d5d1b1a21fb81bfa36081460f8f0b3ce8cd0e29f1ad7a5020276a20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
89b24bdb5baa15ef2042da789bc7ac7e

SHA1
70682ae18a14176bd1d0cb56d5d15a07075a3dd4

SHA256
254f5385d3f6754cca5304495b1bff4eb4a2455cef3fdbff3c0787efa536c68d

SHA512
660f42a01f4eac4fb78608b68bbd24d16e29faeae00739e8eb7ac059b80c576938f40c6fdaf8b529b4b4ee11ed18a287e82e52d03c68b6cbf1f34687fe16cc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
3102fdf3ce0a5cb29d4001dc6314c2e2

SHA1
db3439882f3e16b773863803d0ca456115067726

SHA256
a92d1718f28365258f3d5cab912fc827b9203892adc06ca95e7c57cc8ac912b0

SHA512
f2f63fbdab561dade2491ef68e94d48cc079d80cc46d4ce1aa8e607e6a8264c9b47840da3ba99895f6936d4eee200d5519920cd9fdddbd54ed37976269f5b097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
0de00504163a48bcdd7021ef0db4c72b

SHA1
63f46a554eed3eba8df2a07f928d7205641656ff

SHA256
a4096904fb9a0c8526c1f842a0d00677d28519782d8eedb0f659adf39db8d66f

SHA512
84f557b95ed9477bc3e34c214e14d4ebc22f9f758d9eba455cf4a66c34015649fc5742863a25468b6dea6778592d384b4d95f0844cdef4f4affc5994e88f978f

Download Submit