b7dd3bce3ebfbc2d5e3a9f00d47f27cb6a5895c4618c878e314e573a7c216df1

Resubmissions

11/04/2025, 21:31

250411-1cz7lazpx8 10

Analysis

max time kernel
29s
max time network
38s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2025, 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo-master/Email-Worm/BubbleBoy.html
Size

12KB
MD5

bb7b91d1685db89b58ac01a72921e632
SHA1

4a1dd457983a7f1bbc7943eb5fca3da6d93d4176
SHA256

940a563df059604ac0dc6a92a845da2f04236b86887208b89969b70c6781c3f8
SHA512

09e26d197b22a4553e2e87a9ee0957700766c2dcd11157b5b71744d67abfa30d71d45c7bf1081bf9337527e3b8aabde99b09bd2bd30aa302329ebf480078307e
SSDEEP

192:W1VoVk8X2TrWAXaR06qVoVk8X2TrWAXaR06LV:Giui2TSw6qiui2TSw6LV

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1540_721391823\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1540_218725083\_locales\pa\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133888809153794760"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{4395E2E8-DA1E-4A17-800A-0E3D77D95567}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1540	msedge.exe
1540	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1540	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 1888	1540	msedge.exe	86
PID 1540 wrote to memory of 1888	1540	msedge.exe	86
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 4980	1540	msedge.exe	88
PID 1540 wrote to memory of 4980	1540	msedge.exe	88
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2148	1540	msedge.exe	89
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90
PID 1540 wrote to memory of 2328	1540	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Email-Worm\BubbleBoy.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffae85df208,0x7ffae85df214,0x7ffae85df220
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:3
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3060,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2336,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=3236 /prefetch:8
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3300,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3324,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4948,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3328,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=5448 /prefetch:8
  2⤵
  PID:504
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5964,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:8
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6052,i,4401600203634534601,11082542929562848495,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4532

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3900

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
25b05ffc7dd623762397b1f1235ccbac

SHA1
fdce810417d23158a62446a82a7e1485d5555593

SHA256
4839d405da2cea9b9d85ce8a67ed2b865457bfcfb19cd71d1eab8a21fe11f9db

SHA512
8ef6eb3e714c5f46dd1cc8338a16d279249653532d0986643d9bf993469a4cdd61bab838a8376f0db9f35e7657a42db17846b7fc966b5bc124a5be163e4135a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
e1a4b9e8947229f3e696b25dc96d4459

SHA1
19b6c3d4dd9b70cda34e38207b4fa1d212468288

SHA256
53eaeeb642ed4cfac42e845efaa68eb07452ddcc752470c0c6469ec55dca00da

SHA512
7c0f1d21cc443edfd6eb7616f6ebae077eaaa5c89e550abcf1e7362a5328d30e9efac0db97cd62228c53c59f9d87e4e925faf96c6cf9fa46823e92fdff319b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
2d31ba027981a12849a12e06893aec7d

SHA1
5d7a9767785fa461dca50cdebaa9df489c093974

SHA256
50ec0850e101258ea55a608097f07c54072e7811b13b9f5449365dc1fba4b37b

SHA512
6a15b8c82ff621777fc754de707c30a74651a9c902eac04f1b54e09a115569c6b57750140e551fb5e4eca9dafdfa51a7da1bd8ac2ce38ac70dd61341a9d1ab25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
7859a77c764e2b2cfffde0e5417e6c64

SHA1
dc874358d7a8f4117ede38ae1a888b54f034838c

SHA256
055960e68089f0bb8f16c040f0e962755ea1c224b455b6a8d01ac141845ccd01

SHA512
f209f6eeca4b7a8ad7c819094b02a0e2678a336f0d63cbdeec721c0cbb02b14daf377e905a1e0fa510b3673f1f03c89073fe99f29dc199cea001ec5bff8124f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
2918fdc32020f10e9ce04d2e9b1529ed

SHA1
6e1a2fcee2b2a86d64412a2195f726946ff2ac71

SHA256
1b934dd4ca19c07ea4e4dd1dcfa96f4c32b8d8cde4f16dc54726c48e63b3d746

SHA512
a5205ec25285606123df7a83bf838a4136e99e7aff99cd10af2bbf5c8741cfb2b095f411cc25f55fb235b03d7b4e863eace3dc18b4da9329e528baaf7b744d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
bbb5522f1333d8a07afba66fcf9505da

SHA1
5d363a10a833af55f2e3c137a179c4fc871f1d85

SHA256
7eb2165e9c6aa3b6528e0a18ca7012b50010a66f3ee23c90ae1317254179c2f2

SHA512
67e9548b12f67ed8741c852fec110f8667d562cca3fe18d80cff5511b225e125f8da78d0e1bbca31acc69ea061c6600413bf03255948e515c3b44aa275dc81e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
f2a206388da5b0623adc9f99f51d9419

SHA1
d6d5be15e8e37b978fc182022838f7eb1591b0ed

SHA256
40826a6da08a8442bbe4e9af08433995f2ad1ef82b9d27e5641dc38b390b27b2

SHA512
3ee254e53ec571b17a4800a35d648cc723a32a79ba27bf5e4c3abe9837633e7aea258ce37b9a0e9a74579a54d6c162a1d934ba3707c841c382a667f39520e458

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads