hxxp://serve[.]tigogtm[.]top/puntos

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2025, 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://serve.tigogtm.top/puntos

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_921417765\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1939665737\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_921417765\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_921417765\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_921417765\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1939665737\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1939665737\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_858932263\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1939665737\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_858932263\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1880831766\_locales\tr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133875687868242990"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-446031748-3036493239-2009529691-1000\{44A952F6-42D5-4AC6-823D-A6FC9AD4CED3}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe
3080	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 1788	3080	msedge.exe	86
PID 3080 wrote to memory of 1788	3080	msedge.exe	86
PID 3080 wrote to memory of 2472	3080	msedge.exe	87
PID 3080 wrote to memory of 2472	3080	msedge.exe	87
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 5808	3080	msedge.exe	88
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89
PID 3080 wrote to memory of 216	3080	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://serve.tigogtm.top/puntos
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffb963ff208,0x7ffb963ff214,0x7ffb963ff220
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=276,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3448,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3456,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4992,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3928,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3916,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=3932 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5816,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5816,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5576,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=6180 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5896,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2104,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=2012 /prefetch:8
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1620,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5252,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,7582537807232620173,7658902985313261439,262144 --variations-seed-version --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3080_1559005510\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3080_858932263\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping3080_921417765\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
8625e8ce164e1039c0d19156210674ce

SHA1
9eb5ae97638791b0310807d725ac8815202737d2

SHA256
2f65f9c3c54fe018e0b1f46e3c593d100a87758346d3b00a72cb93042daf60a2

SHA512
3c52b8876982fe41d816f9dfb05cd888c551cf7efd266a448050c87c3fc52cc2172f53c83869b87d7643ce0188004c978570f35b0fcc1cb50c9fffea3dec76a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dec55011629c6be26e91e93c4f4753f2

SHA1
6dbc23bb36535489ed795951bf33d1a27ddb1b80

SHA256
69613fb8dd5c960720829215beb23031640d7f77579b7bc1144c0e133d5f680e

SHA512
cb72b4d5c957b537df68066c060fb4a8aca6adc1426f454df680a84054bc3b694f81c02bda8bc72f234c5361c64345671e3ac4b5a8dee95716f5f02a2c739354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
2893e5d38ded0479d1db50f3b6d211fd

SHA1
e61c8c102b7b98c71cb6b5d64463af9cc8445304

SHA256
6f44b4fef587d47a1c06224a7453724b98f016afadc89f58f5c309eb45470f08

SHA512
00c527f07116b16e9fc06c683e1a081c6a691819945eb88a67aa0e9df0c64aa25027b8cfb221ab1068918030d91181127b6a55c26a2d1629d91000fa9b2e2d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
4757907b384eb87093a7d92750e221b2

SHA1
8e987ef144b894658300ff23aa407a63a1491ca5

SHA256
428fc2bca72d6410e0bb8d0969dcdb88336235e0368bbcb5671d95ec4cd3774d

SHA512
0bc92855f1277693868df4edf92b18eef13228b0a319ef7bff9197a04ff0a3d759643d133180f3f5991d844b08773b50a5e356e17d2dc2c01760ac7b53c9fcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
6bade03f99767555f17ad232ee29a17f

SHA1
8b4046aac49d27b60fc730609603da6bd8ce2f34

SHA256
cbd951b7361cdd0a6963020ebbf28abcbfc9875330c0a9734153614884448c75

SHA512
77a24416b4db1b825d7efa4cc288c3a4f0f1aa254e02a1360533cd25f18f0309abe16f0e31f6a524c5f53c01b17934b7cc0ebc912f0f8b7ef4be8b60e46f8539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
88ffc5528f30fd1ee37169a5c6618728

SHA1
dad2b0083099d060afd92c8a540bb538d836e256

SHA256
d182e88881f774f7eaa74fa1387fb0cc29cf0c9d672ec7b7a6a0336027486abb

SHA512
194c9ecf7b3a34a4600ecb9389a36203c9c888a0bb44ec29e4507cbea4824c09bcefeffcd11b30f54cc85586913aa635b51f32c77131aa064e3cba0b18d37f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
3a0bdca52b696d3e7b1ce0f3051ab219

SHA1
cd94672a1dfbc686449f6782125103866e897a5f

SHA256
730bfe630abdd20dc429537aeff54adf4e34a10914435b9e04ca0d68af2ef4ba

SHA512
17b8a82a3db1c07612634c2f3e52f481d2618fa913777852b40f87868b62aa3dca25786b4bf315cbe2590923d02b87ef105e193fd7681e7f6c28b24c327c0647

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
335d8824f8b9a12affd5383abe4535d6

SHA1
0652816ac814024824d0df03f302fdc1b6de6348

SHA256
b14a65c402a0e303a20e5b45488767edc4a65de1780e1d0a3b239b8ece7dc0ee

SHA512
656765658e97c60853ee6618a4523c68a38462d70ebd9abbdcbbe4615ddb29ced783661d621ca4057efd03b3d02a03967f289394aeb44d602cd9301df2cdd4cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
be230f984cf86bec81b6fe3f78cfe16d

SHA1
2aa880726135d654fe936bd86951a6eac70f2520

SHA256
78cf0d9354bac43c2692d35a48c5ccff71cc2559036e905afcc050a1613e1861

SHA512
cefe3ee038b8290fe6fab456c9d68608043ff59eedef37bc2b600da8427437df617562af90fd5bfc50a4b47e57252fd7feb0dee28940a541df92e69d77e0d128

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
3324b4e9a16146755867a9ede311a830

SHA1
8d998a61bb44abdb22dcaa0ae3ddf2aa9c9a4f18

SHA256
07cec0addd4e3f80ddbbc0c126548f35aebfd8de31bb5eb483681fc96e11e32d

SHA512
a6daf2256f994a15b59d53e03901df6df27e72b56d370a0f90b955c3b50c326f8b74de9805e903295bce8e0ed17b5bf74f4f27d0aeb9c0f326f9199824bafd5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
e01f6396e4a1676d24a248dd41950c3a

SHA1
d0622f427963d419bef1564fecfb56fe0f19957f

SHA256
add3c12379bed654912300eaa264958c51327278f33c923039aa2af52d3e78b4

SHA512
842d589b0ab1015626bcc736e4793c6d48dc267c914bf728d339288822e4ef7d27d71af2238c2d25969461a5cead1a0160911208ee41fcc1c113df46195ffae7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
b63bdc69ec540b52fc9bcd375a1bd19c

SHA1
9bd92b10aa11f9faea540ccd6fbb824309fa76e2

SHA256
4baa47ea0be3136a90713c8b57339a8e22967cbb1e2bb28c1fe7da679cfd7420

SHA512
c8f48b431b56b9a971755a8fbd5347a9f890150297d0557fce852c4b1d3be8bea8b71bcbe6e4ab90a0418ac2c61e71600792138489d47704858668b01f60b90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
efb6c1cc0df29ebd0c485af3fd812961

SHA1
db818e1bd804c8cc1a6862dfc4e5e9cebdb8a821

SHA256
5fcadca72dfed9e0a3e5d67abe957c4cd04ed20541c69db508b8593b40303269

SHA512
bfed11aaff709d4c0291a4a4666acff65aa819e4109d0c2b3036ed2f073d11787ca4c034e6a90f626a94dd858d525d1c9de4a3b315770f1a3c7d8700f7367cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
5842475e91f996e4a4ad975b3b195b68

SHA1
6cc5df437039954b073b70207a60e65e275f9ad9

SHA256
fc5af44136685d558077ea7a89a3af12cc49a2545aa6b7de46c673ca9b8921a5

SHA512
d3ff2b09cc2beeb09ccde672badd837d9f43b9017f07f13ff80da00bdc3f19a803732725581536419bc14a92418ad37b0d15ae2f4cdde9cbd0ff504e5046e876

Download Submit