hxxps://cdn[.]discordapp[.]com/attachments/1359698661684019300/1359730422086373477/ICYYYY[.]zip?ex=67f88b23&is=67f739a3&hm=e5a3921fdcb0b3afa3c4647d614509acfaabd59f5314004c03681265f226da19&

Resubmissions

10/04/2025, 18:08

250410-wq19layzay 4

10/04/2025, 11:40

250410-ns3lfazxf1 10

Analysis

max time kernel
22s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2025, 18:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1359698661684019300/1359730422086373477/ICYYYY.zip?ex=67f88b23&is=67f739a3&hm=e5a3921fdcb0b3afa3c4647d614509acfaabd59f5314004c03681265f226da19&

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5812_953327809\service_worker_bin_prod.js	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133887821275099950"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{090FB90D-B802-4B73-956B-A4DF8EA4D189}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe
5812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5812 wrote to memory of 5596	5812	msedge.exe	85
PID 5812 wrote to memory of 5596	5812	msedge.exe	85
PID 5812 wrote to memory of 3260	5812	msedge.exe	86
PID 5812 wrote to memory of 3260	5812	msedge.exe	86
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 300	5812	msedge.exe	87
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88
PID 5812 wrote to memory of 2856	5812	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1359698661684019300/1359730422086373477/ICYYYY.zip?ex=67f88b23&is=67f739a3&hm=e5a3921fdcb0b3afa3c4647d614509acfaabd59f5314004c03681265f226da19&
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2dc,0x7ffa021cf208,0x7ffa021cf214,0x7ffa021cf220
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2528,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=2552 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3420,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3432,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5024,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=5068 /prefetch:8
  2⤵
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5516,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5764,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6164,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,8682020356649942685,476242609878755400,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:8
  2⤵
  PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2684

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
0aee33de7b9872e8992107baa285dcfc

SHA1
ab35b1ba75b87de0970439e3231230eec8642f86

SHA256
d013333e72b2b4c72fafdb2ff4ac76c6c81be54350c61de41d14f7cf1fcc3902

SHA512
dc57f5a2c3127eebefb7575adc31f5e5d01411532f913505af41175c9df28ba1e18c031ac512f7ef459c055bda4f793701d2a0fb71548dea5d28d05e78e77a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
ac66e46438aa757d0e2f115e3ea031ec

SHA1
53b8e69dc6d7e1dde16af5bf76b8ab37acbf7525

SHA256
5fcc8100ad9a94c8bcfbaaf40e4078ef9d4fa34b28df3cd90b825dba0221ba84

SHA512
544a919d490d8db0758373ea93d1609febfe3dad140257404a14a16daf37c077d643043781a91c06683c988425df5300ac45538e097801b522a31a8de44a923f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
d82117af12181da6c1b88aa3c8e3d567

SHA1
11c1bf84583e1d8fdaf64ece499d8dced7f21c53

SHA256
d83a5fc0d57e7352775105d3876724bf56ba2e11a6b34d7b33735224d835a59a

SHA512
1a45b3ffdaa0b44dae5279840da2120eb5f7d04c840dd88671a0d71cf1cdf28b7dd40317e7fbbc773e93b6a23f16e5b366e5596100b874f45ff424958105c68f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
10a1ca66fa3aa62387851413bf780e75

SHA1
8ce33d47ae08d354512416873c5742c3bfe74287

SHA256
a0f41d7be73fffdb775decf1de54dc8f75d137c47ae9915f05f260b12aae5cd4

SHA512
661ce9b07baf2bc9dd0327dbf4c5b6cde8bc87e2ab1275076684ff3a7cd0efc3535ca0991f0b75c6c7e404bd54917d07c680b4d8db2977dc0538df21daac96f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
ba59c979a4c49a22b63729aecbb0b30e

SHA1
0dbf7d367cad7f459d570d708810fd827aa0d0ac

SHA256
f72dadb8845a08190f1e725970e0dd99c1fe73939f6e7e97d81383d1ad07b568

SHA512
89ee8460ec0a1f5627a9d28c19e02df14d62d1c228e9b7cff3d8908272e1b756bc6f8b35a783086aa0a63da779636b2e859f693acdd7b544b1bfed5ee5f928e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads