hxxps://communitychartcreate[.]com/sharedfiles/filedetails/id=22958644/

Resubmissions

14/04/2025, 16:08

250414-tlkpya1my7 10

14/04/2025, 16:07

250414-tkszxs1mt6 10

Analysis

max time kernel
34s
max time network
35s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 16:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://communitychartcreate.com/sharedfiles/filedetails/id=22958644/

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5932_66093219\_locales\gl\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891204516866768"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-308834014-1004923324-1191300197-1000\{9B3844CB-107A-4946-B8F0-9AFB7159E9BB}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5932	msedge.exe
5932	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
5932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5932 wrote to memory of 1588	5932	msedge.exe	87
PID 5932 wrote to memory of 1588	5932	msedge.exe	87
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 436	5932	msedge.exe	89
PID 5932 wrote to memory of 436	5932	msedge.exe	89
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 4400	5932	msedge.exe	88
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90
PID 5932 wrote to memory of 5508	5932	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://communitychartcreate.com/sharedfiles/filedetails/id=22958644/
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2cc,0x2d0,0x2d4,0x2c8,0x340,0x7ffbd705f208,0x7ffbd705f214,0x7ffbd705f220
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2024,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2500,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3344,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3376,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4368,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4788,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4308,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:5944
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5552,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=6096 /prefetch:8
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=708,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4324,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5972,i,13919042209522777611,11109335564459396238,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2880

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:612

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
01cc3a42395638ce669dd0d7aba1f929

SHA1
89aa0871fa8e25b55823dd0db9a028ef46dfbdd8

SHA256
d0c6ee43e769188d8a32f782b44cb00052099222be21cbe8bf119469c6612dee

SHA512
d3b88e797333416a4bc6c7f7e224ba68362706747e191a1cd8846a080329473b8f1bfebee5e3fe21faa4d24c8a7683041705e995777714330316e9b563d38e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8285b014154cb9e3b13e9cde19cc49b9

SHA1
2abae107d81575388860f38c264fb5e57541f5c5

SHA256
252898994ba2ee3b77228b290abd8642e55d9fa995fa0e97fb4f1d980737010c

SHA512
45af8529094703b7b88fe59857c945457a788235b25d093f42bf068c1edaab950ef5f03e411e3aabf31f9800453aee381f25b3a358e89b31f77bd23b951d609a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e9c4.TMP

Filesize
3KB

MD5
f9af10c6a8b5da0e7e3b3753bf52f8af

SHA1
f9f9dd3419cdc05a23733bb95b132f3d2bd59a61

SHA256
089a3963b34187cc45bc9f18dd579e887bea37452eb00b8d6c88440d483ccccd

SHA512
146c19a12f818683dec117ff0d371bc98ab0cd348b0604bc7675559bc65b2e07dd7c835d54a0b87c9bc53073e4b066276139954d256278ce20d1d02b97ae6eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
35895ff5a7f536b87c9ee967d5046418

SHA1
5de723cc15b40b8cc74b8af4c69342eb28fa81f5

SHA256
d613a0b5d0bb718eeec129eac204d476599696174cbe0ab7a650dd7e555d6b50

SHA512
34d0ec6d4fc822af446a028e19d153361204b3afdd292134bedb9e50ae170e5b4c27e21761deb325efe385f8131d1e3a56a80ae8880a6230ab58bc915347b7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
b7cad618c88cce8c7a3dd7ee200967b4

SHA1
89861a1091697bca397dd03548410d1bc4ab0228

SHA256
caff7fbded4749caf1a60c67505aee7c14a5578ba606858f082f2741a8b49af2

SHA512
c0173b8302446e8feda25ba981fce2b82dc234aab945af41b83d6aff1ff245589ed506ec0e841d71dc914e7e13aa8b314366d3be1ae9fa4d3ae046eac144bf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
87e24f7e6746ebdba222880d6cc3b0f1

SHA1
1f878db8d9951917448ddb0bc8d06d35e4081ee3

SHA256
8bcd4532b19d325ee575498ccbfcb0f8c97481f4d9254084aa0e80f44ca35887

SHA512
4a00c29537dc5817ee4f3256eba197988d575886f9bdda737815983aa7f693c1187e773b5bd5a34d857c60c7be1c92fa2240c4fa2696940f236ff66e201ed484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b5fb0e1f755e5fcd5b53e6d38381828c

SHA1
80be5bb981c0ceb34a01b5b53a9c64c0d8c33379

SHA256
b42bbdcc08e33248a3a8cfdf4382cceb853f374ee2e6f7aff1b9ed39a14f2a60

SHA512
9b218f5c10141112dab3b171a0756b5340fc09b2c4bacb5085cf54a8664f535ef5cb5c05f939d432107657b1236e3ccb155e0142f4f8cde6bf7aff3aabf13190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
12e912a8087a043d7546adb2e64e33b5

SHA1
9baa1ad7a5b8ed734b444943d1ca0dcc6cbfd631

SHA256
31d8d7c0ca216524ff20f6fd3d473ef7b98aa0bc1a5727751a1f57d3db4a040a

SHA512
547964ffe0ead14a17f03b24d19f6f19a8ec8843f44d58c3f24d7b7964ec622572df5edaf0971c288b65070b48be04ff3737179062d26e29177bb9b38ca5cd88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
39KB

MD5
1a547c7395696037f8557ff658586811

SHA1
ee6626129976290dfc4d39fade454137cf16befc

SHA256
0fecce15e9a7722a4c1ed867d6f65b1f6e00c3b9a712abb178cc34eb2e8cb5d8

SHA512
96b3960f43035f84ebfcbc3ea4b189622cfcc01c21d0c63cdfbfd4499e4594471addc74b420c42fb64d1df8bcd4f6d0cece02a070c8247d7b989b9a7193c153b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
f602dd5e2342d1c90029257812481b8c

SHA1
d2df39bb99da402d9be00b57f850f884a3110af1

SHA256
8694ca2790b9464f942ee10e8fc82fa4aff5ea3291c0f394bfff382627d69571

SHA512
25335fc9ffd0d20df7f5e40c781af9a87057eec51d05d96aedcd478f38205f1c4c8d253974c4d89fb781b3e44d4f28637d155d439baf5ac29e0699a8e894b3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
62fbf1053084afb8569cfe88b401bb43

SHA1
7ef2f4ae333243a5de04d7982600e305a1ac199a

SHA256
e81c594bcdad426adfd4a69b1f333cdbea20f2850b45f4a3a4e5ed45816813b1

SHA512
68c68e077ac530a4ea19c4536499013d7a1813f23209f20ab389a9ab323890502522750ae0cea3348732c02c7768a971ae64f3830b22574b2e74a2f0b7b58cd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
5d3eed9af429f3353a66edf1ba64f626

SHA1
553805c26db5ae649ce1b0ed31a923e723be7fec

SHA256
b999dc4d1f8348163149fae3361afce0591c57b26c47e2c5d503f934a8e9bfe8

SHA512
25eca337c8b8f5f046802bd61586a1fa4e7896ad5ebff94431db4cb770b3a3a9651faeca2591814edd77019c12f33abf1bf98649076ab27d15663dc7cb3c6074

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads