hxxps://content[.]app-us1[.]com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,width=650,dpr=2/1OObX7/2025/03/11/d2a8dc8f-ef2c-43e0-99b7-4a44f2d04adc[.]png

Analysis

max time kernel
14s
max time network
16s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
28/03/2025, 11:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://content.app-us1.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,width=650,dpr=2/1OObX7/2025/03/11/d2a8dc8f-ef2c-43e0-99b7-4a44f2d04adc.png

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\da\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\hy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ja\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ml\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\lo\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\en\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\msedge_url_fetcher_2768_1758453664\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\offscreendocument_main.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\iw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\en_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\page_embed_script.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\kk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\be\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\zu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\es\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\sk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\service_worker_bin_prod.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\lv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\sr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\az\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\128.png	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\bn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\pa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\no\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\te\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\uk\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\hu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\eu\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\kn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\sv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ca\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\es_419\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\et\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ro\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ko\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\tr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ar\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\mr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\si\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\hi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\en_GB\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\fi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\af\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\it\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\fr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\gl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\cy\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\vi\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping2768_1559914758\_locales\ur\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876332906396012"	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1702774510-645589634-1201277210-1000\{71F1E6F9-DD0F-4517-AF76-5DD2FCA895F7}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe
2768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2768 wrote to memory of 1392	2768	msedge.exe	82
PID 2768 wrote to memory of 1392	2768	msedge.exe	82
PID 2768 wrote to memory of 1844	2768	msedge.exe	83
PID 2768 wrote to memory of 1844	2768	msedge.exe	83
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 2476	2768	msedge.exe	84
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85
PID 2768 wrote to memory of 6000	2768	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://content.app-us1.com/cdn-cgi/image/fit=scale-down,format=auto,onerror=redirect,width=650,dpr=2/1OObX7/2025/03/11/d2a8dc8f-ef2c-43e0-99b7-4a44f2d04adc.png
1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x288,0x7ffe7930f208,0x7ffe7930f214,0x7ffe7930f220
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1812,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2308,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=2304 /prefetch:2
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2640,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=3492 /prefetch:1
  2⤵
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4808,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4800,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5560,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5592,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5700 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5996,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=6084 /prefetch:8
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6180,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5880,i,5965357839504576656,11844919507257413442,262144 --variations-seed-version --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4952

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
004b10499ccdef678495d126747817d4

SHA1
f2613e109771ee8f435d219c0f1d09dc400ec8f5

SHA256
de04bf151a1ded657ac3df0f0b30f214dfc53231f87e45a16004482cddb0bd4e

SHA512
25758072a30783f0664b1ca3cafd6d35613133ab06ac69df8f482aa61a2ad2c3cd850c28334613c274bf42d99a5aa84d89a3e98e234f3a1d22abec325c5cc3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\907f0a12-00c9-4a97-8e74-a483d58618e6.tmp

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
d7117e9a7dbbed2b27d3a040f4851db8

SHA1
a38b99994f0430a6d21e36ad9a7b2f07fa890df2

SHA256
82641f91dc44ca3da972ee34f3d613dcfe7ab8bce11a89541fb16f02ef9e9c9c

SHA512
e31cc674c818b05098fa06030039ebf714906affee5b0e6832d171931cadf6a1928601dbda43c86fba6dbb79be6327786a124ac329fbf0e07598dd67cc1d5d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
176c5be54b01274864ecd0a148d42dd3

SHA1
3733f3042585d7574cf560b932acfdde42ecf098

SHA256
caa94d91e72780b251062e945cfd08869b5385688bdb932b8932cd247264554c

SHA512
2421dee5d323a048b8ddf9ac5b691d0e8e51f198fa073ef0ae7ac8b2edbd4791fefeaea92a0e2252d76d2589c8187eb44f76f15a66b74ea3fb8dc9a2ae4e85b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
24fdc48c1968aa094b7fc9a46658c182

SHA1
8ae7485366147c87ba0eef3fa1603071e207a1a5

SHA256
89039f7525af966ee9486e6e444c3c3adae846566fbe54ad29312e2241b163d3

SHA512
9c24ed7be9129270ce0c23db584b836a8338c2d4c11d7f39386bbffb66e60f2b64a2057e90a4191b72d50e3791c1fdcc4b078612c9a931ec06faebd01f552699

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
18671fd60d01cd9d2f9bb575205a940b

SHA1
9bf5fd80d670a2bf3ccce86a057402fee0794a5c

SHA256
4857b9eaeaed1d1ae7b80ceae0ce22a4bb030581522fde745435e2e331f8e7a5

SHA512
7a4fe26f3a20863c8b2e2fbc31ae0c66cac1cc667d4ea0ccde03d251332fa98a6fe799766c0137ab27ea8ccd3648521ef87d913767a808a56a922df8e07db61c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
7ad0b9384fea957e07aa594c39fa9559

SHA1
9b5dbcadbb63bf01a965a97076fbc2addc9904da

SHA256
341ba883d89e341e71fcddb131fe87c73e333c71dd88d559cf76b1fbafc1905a

SHA512
1df7f42abcdb203b4daeb504b27cd9b5ac5afea42d6c75ab235e2fd06e44ce621250dbd0070580f039f39e1e1d619fbc88b9836f5ccc63b55b605248eafe7ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
ad6f1eb7129b99b52c9322935067fc7f

SHA1
4214988fae3f0964c90e56a3cbbd03e4328515ff

SHA256
fbdff78bbc444bff44d80d24bd08fa7decd013dce74827a531feb08e740456c2

SHA512
4f187e889e4f3f95244d5995b47f3cf70432a5b5f67047bd441f7bbe2b5cbacbf0eed08c84fc46e8ce2bdaf9eb5ed386dab386ba6c1ed68c41cda6e50c29fb3c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads