Analysis
-
max time kernel
145s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26-06-2024 16:00
Static task
static1
URLScan task
urlscan1
General
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4204450073-1267028356-951339405-1000\{6681027F-FA6B-4B62-A617-F6115F2FC914} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 4356 msedge.exe 4356 msedge.exe 4668 msedge.exe 4668 msedge.exe 2380 identity_helper.exe 2380 identity_helper.exe 3500 msedge.exe 3500 msedge.exe 5820 msedge.exe 5820 msedge.exe 5820 msedge.exe 5820 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
Processes:
msedge.exepid process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe 4668 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4668 wrote to memory of 2124 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 2124 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 1036 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 4356 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 4356 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe PID 4668 wrote to memory of 3216 4668 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/presentation/d/e/2PACX-1vQ_2SU-K3VHDyQZQrsuF5w-vsb7tg8B5x6CFSzjfxSy7vxBB7GOElHRtU19TRpgmx5k2BC-gFKUfAvz/pub?start=false&loop=false&delayms=30001⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ec6f46f8,0x7ff8ec6f4708,0x7ff8ec6f47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6068 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3368 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1972 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6840 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4187827138600181550,17738466998414679363,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5768 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5dabfafd78687947a9de64dd5b776d25f
SHA116084c74980dbad713f9d332091985808b436dea
SHA256c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201
SHA512dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c39b3aa574c0c938c80eb263bb450311
SHA1f4d11275b63f4f906be7a55ec6ca050c62c18c88
SHA25666f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c
SHA512eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003bFilesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
336B
MD5bd91cda7bfc814d8fc3b62803dc14fb0
SHA176e8a0251b1462a0ffe4e5d7b749cd192f72a584
SHA256b69c053917f2e3432a2c28b8f1730bd46d352b85d1e184a26aee8f0fc854238b
SHA512f6d7eb87ed7c1223cdca3ab1d4a387d83533ee97c4ab53976b24b0d28aa23bd8ffcb530dd6630a1af80d28e67441f7fb1f735196a866a72c8962eb5aa3d4b1e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
4KB
MD5c8f5ad0245bf4897c69960f0ad3016c7
SHA12c8b663720095420c40d1d098f8fb570a3c1173d
SHA256c9e6396b4e6a998ffecc06c33c684d0486083d9f919549daccccac83f8fe936e
SHA5128566083da3093e6867b8559472940db8cf5f1c64bc31300c2c32988fad5f0af27d0bf8d0e3dbce0451b9717458c552b85964daff455d87e0a5ceccab2681dd65
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD55a2b33b1a9602f4add53f27281600a61
SHA12d04d9679f1b1288271024306a018a63931d90d3
SHA256f10a63a0b4f72fd8e44ab277a6476f1682ce8c527d3fe5d36291261fcbb496a8
SHA51211518232bd7f87b626f61fa0a2e539ce3e6e5d0ce86ce72c6ac2085da7c8e280ab51e2e590bb5ec7b4f4877c1e4d80e415bcb2db42311b0dee04779439a0f18f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
5KB
MD5ee739eadd1eba69b3c03f3892d708ded
SHA13c0ca5b27e43ec599f3bbd83b6bb675f550175f1
SHA256788dd368316935aea991910e0754adea5b5d29da991ac2914a0b2442770c3ba5
SHA51207a6a17db12cbd5251814f74ddfe3433d124313638c40bfe97414cd2c2e0e9c7f6e82521a817d1be86b76471926bea02d42ec3aab178fe8fffb770bfdce8c2cc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5af8cd0685da0bd241b4265d27d66943b
SHA1290bd770181ae61d1ee071950eff7cdf887ee803
SHA256e11eaf9dbf44f13f8ea36027e01580c2ed36127b045d27578c558d11b9c0bf78
SHA5120e844c3f3032fc6a880d9c60dbe04896bf51fb15896a391e535d5d4dce5f86acb0b925fa1843afc329db0ce8d8744219313e74da54a4289268913c959cb19445
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50ae7e68fca58c465b472b4e14632671e
SHA1f2ec0bdd061e6de307d58673788d9204c76f4635
SHA256d9339e8a41ff98f543c355b720e2f825e65855cd0c1be112c937072ca227a0c9
SHA51291ff9deb9f2a890c30e942097957f9d6a268e1e01381945d2cb852adf279dacbf25cb5e85ac161f969598e6dfbe3441211c5657b02d8c30aba4b419215510748
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5fa3b090fff147a6784993a2b44d501c6
SHA123bb19f592107a24fa83ed8ad1e2897906f16a96
SHA256a7f377f4df6932c8b056427c7e6eaa9412a03dc3a4bec04fa0122519c2e43c0c
SHA51202c52e70bb9e74dd9669897293977a23b15402bb953ed89686cf4df3525c52805d2cf93dde2927c5f6f92769307cecb6251e82c39f761bacccfbf9e634d19d57
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ae08be89db8fc425881d2c5ad92b0765
SHA1af278c2085818e29b7ba9f062dc332be7d7fbc67
SHA256a546af1afa83bd85d17fd1283ac66f108a616c614fa03312978a85553bb5190c
SHA5120680c3ea0c7365cf680aefdcd3b422d680a295d8c47e8939de18088119db891a645609eead7b72a56538c285ff981cbdfd6d6b4d480052260dc57a2f8cafca71
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5cf7ae1ef8514117b1cacb7b718662ffc
SHA155475e1e7aa96835809b1910b7c8076c105c4d9d
SHA256d07890f741e32f021da0613db9d9a772784e41a55467e3c1f26607e9d810715d
SHA512dbfc5a2074058f07657b1cc9382adeff62071066e04691ab0676a4f3200d1dcf633add819740f947f1cd8f863da280b0ea6e933f4b9e18f3b52f1efaef53b3d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5592f1f5b859f04889f02126b5b47ddff
SHA1b55a6a1327b3a9d22f3c1d8f96988f0d7c145b76
SHA25647ba662f44838f7feb12beb3402b27f9fbc7248fe22337aea6bd8ce3483888fd
SHA5127b2b0fcafa9868cda0bc5f000aa8df70faf7b4d7a7eebb9bc616681f98c58295cdcdeca27583ca76570ece1bbf5efea965b40fa06e75db6dc7bfc95c089f95a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5d788a7e112b398e4ba2509a487f86d32
SHA1bf3c8b00ca6048d205d018d4b4c6c6d8a3dc5cad
SHA256c1e4d8490c7d0c8fb523fb7e4eaf598f8ea18ea07b118d0d20773238da7733aa
SHA5121baaac47acce04b5685dcf405fba9dbbe64dd1a134006bf6c8762c7e340770ddb17918cc63571f2915bbd007469e09869fcc4ad05e3a561f4dae9e02d40398cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58755a.TMPFilesize
48B
MD5670912052cdb9ec778375e6db070d54d
SHA1aa61d90c000dadb4c2400aa623d05107e9ed5623
SHA256bcfb5ec718d7a50ba441ba6259e8dcf1d17de756fd636b57294ef03a0015e46f
SHA512ddec5d07873354a4a207a641134d6d88e4490d79b2b53ae2434e2bea393e05ba16c24b80f3b7fbce573bf61ad31865f2d63c4ca7af6102f0e4360126ba2e4fce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
874B
MD58bc455d41121c8a8461f14efb036b3f3
SHA1971435eb984ccb2b51ab14c04eb3940ea33fdbd8
SHA2562faa3812bb3f1f77ae2da9323cedba965ca222c3e5c7a12c5e465748d96047ca
SHA512e9c30efe5ed050344c21363b23445c08c55f2bf905fefb714187b6bee3d000732ae468acd48b4f72acb130e61b353b006e629fe4d26febfd51185c21acf7f899
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD552e9a4b58eab8a68989512ccd8a7441d
SHA15d893badf4961a1f616820bc85e7dea45201927b
SHA256b29bd8510b564ba47ee0802e04454c9c7600865ac3bb8ddd2acffe44afd53ded
SHA51258a4b5d66c03c5e946c51edc6dbe7daab601a53152c4e72f0e32beb39d308cbc3ddee102d970ee5f9a0a38a0814fca0bed2a7f1382c3dc4b36f0aa7698bd78bc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD572a129b29ad4b167a553f337457165b5
SHA1d46ebc06e72fd9f308085b444502b9758aaf1a2a
SHA256aed78b2d831be145c2b92011498308c0fec6a8900de39ce6e22679392f217630
SHA5123d1d2187e56c1cf89b0d6c08205ea937904d6babad12e16968a9de1748435f3bc781881c4af21e288906fb0afc90005a54018ae6a8803f72b923fc9f09fb3854
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5ab7049bc57c3838bff4a34e6199569a4
SHA113aef4aa3b7646ea7439a1dac5626952c91af5e0
SHA2568605d501745c4677c8aed6ab0cda4097464007e81a29389c097555d54afb0ce6
SHA512748ef53771404a873a4d5e991b8a549e508d9123e64b243b033e9981b6c950b9a5501624c07661d811b4c6de8f3e544c53dd17be5cb9b6bf3408dccf752f9a23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579b75.TMPFilesize
371B
MD5a938b346512a57457d6bea6ad9e1a650
SHA17d1f6e5efa50fd9368a3acaab4133c06d41d0fb1
SHA2564eefe3fff94a1b9946f122b3884616fbabd3445789358b4b68bc3a70713b3919
SHA512d4e42e0ba3e86dfd9237c64d74055d3cc023ad03f8075876d07a8527976181e033d48837f9d413a8d3c6aed9edfefd5a90592fc64df3f5915ca841b4b314cf48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD50846681752f3665fdae086f68db2c594
SHA1d00232e9afb9c98e751c553ae8abe3cea395b8c9
SHA256b082bb7c4a3e8546d0a4bb1ece3c52ac28c1df427720cd9436807e1bf61476ad
SHA512d0c432e93ea3bc10f8668632be77067d8c0a3feeb2e15210d16ef4c30275658ad2aeadc503b453fffe83d19161406928604479b33a00c71c198fe49f6637c1c2
-
\??\pipe\LOCAL\crashpad_4668_EVOGYVRSGOJPWFJMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e