9eae42727e59c9b22768575e32d4726dd9e58f5a6fc21b53a2b74fdad675767c

Analysis

max time kernel
58s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2022, 15:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LauncherSU 1.3.0/LauncherSU.exe
Size

3.7MB
MD5

17874f3e2faf2b0123fe7b5068aebe62
SHA1

b3a2f03edd47dcb02de62eb26fb8b7f58c42e9fc
SHA256

b19a054ad29a30c11a39d84633812827b83fab8a3bae37fc6c4c87d965fb108d
SHA512

7e38f620bf7647d5ffeab5d7171afb98604b50c356dea34ffd7dd2fb8e0a5690e4b023822c02c4b1b97348d8c9c5c10c82ed64059560293dd23dfbd46774cb4c
SSDEEP

98304:sVVWb33Otm3TzOErxnRtP9t1YfNUQpSSqV:0Wr3NTSa//O3pSSqV

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	msedge.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 62 IoCs

pid	Process
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe
2240	LauncherSU.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1884	msedge.exe
1884	msedge.exe
3332	msedge.exe
3332	msedge.exe
3908	msedge.exe
3908	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
2240	LauncherSU.exe
2240	LauncherSU.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe
4352	msedge.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2240	LauncherSU.exe
2240	LauncherSU.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2240	LauncherSU.exe
2240	LauncherSU.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 4352	2240	LauncherSU.exe	98
PID 2240 wrote to memory of 4352	2240	LauncherSU.exe	98
PID 4352 wrote to memory of 4308	4352	msedge.exe	99
PID 4352 wrote to memory of 4308	4352	msedge.exe	99
PID 2240 wrote to memory of 3040	2240	LauncherSU.exe	100
PID 2240 wrote to memory of 3040	2240	LauncherSU.exe	100
PID 3040 wrote to memory of 444	3040	msedge.exe	101
PID 3040 wrote to memory of 444	3040	msedge.exe	101
PID 2240 wrote to memory of 5112	2240	LauncherSU.exe	103
PID 2240 wrote to memory of 5112	2240	LauncherSU.exe	103
PID 5112 wrote to memory of 3136	5112	msedge.exe	104
PID 5112 wrote to memory of 3136	5112	msedge.exe	104
PID 2240 wrote to memory of 1988	2240	LauncherSU.exe	105
PID 2240 wrote to memory of 1988	2240	LauncherSU.exe	105
PID 1988 wrote to memory of 4664	1988	msedge.exe	106
PID 1988 wrote to memory of 4664	1988	msedge.exe	106
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112
PID 1988 wrote to memory of 1592	1988	msedge.exe	113
PID 5112 wrote to memory of 3924	5112	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\LauncherSU 1.3.0\LauncherSU.exe
"C:\Users\Admin\AppData\Local\Temp\LauncherSU 1.3.0\LauncherSU.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.997faka.com///links/5D15EBB3
  2⤵
  - Adds Run key to start application
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff964d446f8,0x7ff964d44708,0x7ff964d44718
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:4044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
    3⤵
    PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:5444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:5460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
    3⤵
    PID:5652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:1
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
    3⤵
    PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5676 /prefetch:8
    3⤵
    PID:5884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2176,8755087043486639371,12531527535481616248,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4148 /prefetch:8
    3⤵
    PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.997faka.com///links/5D15EBB3
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff964d446f8,0x7ff964d44708,0x7ff964d44718
    3⤵
    PID:444
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,16011823533129503825,14354432642059901567,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:3820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,16011823533129503825,14354432642059901567,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.997faka.com///links/5D15EBB3
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0x44,0x104,0x7ff964d446f8,0x7ff964d44708,0x7ff964d44718
    3⤵
    PID:3136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,18337635244233083658,7500195256396201907,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18337635244233083658,7500195256396201907,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.997faka.com///links/5D15EBB3
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff964d446f8,0x7ff964d44708,0x7ff964d44718
    3⤵
    PID:4664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,748344033135454709,12492597625480786247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,748344033135454709,12492597625480786247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
    3⤵
    PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
9343ceb2891b0fdd49676ddff9b7dd83

SHA1
f7b79e6c3e0937a22289a2b458c2e123a6fdb85d

SHA256
bb425232a7830d4d02903d95df4745695129210f5450526724faa12bc35fab02

SHA512
089736565554fc77c62819e561380d6e76ad910cfcca38b97d55d693888079b72d9c5012bfdb04ed8dbbf3166dfef807673f9aad9a72a18c13522e9e833acd48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
9343ceb2891b0fdd49676ddff9b7dd83

SHA1
f7b79e6c3e0937a22289a2b458c2e123a6fdb85d

SHA256
bb425232a7830d4d02903d95df4745695129210f5450526724faa12bc35fab02

SHA512
089736565554fc77c62819e561380d6e76ad910cfcca38b97d55d693888079b72d9c5012bfdb04ed8dbbf3166dfef807673f9aad9a72a18c13522e9e833acd48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
471B

MD5
9343ceb2891b0fdd49676ddff9b7dd83

SHA1
f7b79e6c3e0937a22289a2b458c2e123a6fdb85d

SHA256
bb425232a7830d4d02903d95df4745695129210f5450526724faa12bc35fab02

SHA512
089736565554fc77c62819e561380d6e76ad910cfcca38b97d55d693888079b72d9c5012bfdb04ed8dbbf3166dfef807673f9aad9a72a18c13522e9e833acd48

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
fbb1fd96dfc7a86feccc4838e458ec57

SHA1
c09a8509c7598effeddf943256974f75920ed8ba

SHA256
abbfdaff372eedcf1f1e566315ca6b2a5cf993946d92570a7860f83ebccf306d

SHA512
063756233a504fe03b8c7af2a9e56a7131a58e233d165df6b02b477fc61a37929378e40525d8aeaa420ac369105f82c66f2e8607146a854fd54e6b9ee3e43412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
fbb1fd96dfc7a86feccc4838e458ec57

SHA1
c09a8509c7598effeddf943256974f75920ed8ba

SHA256
abbfdaff372eedcf1f1e566315ca6b2a5cf993946d92570a7860f83ebccf306d

SHA512
063756233a504fe03b8c7af2a9e56a7131a58e233d165df6b02b477fc61a37929378e40525d8aeaa420ac369105f82c66f2e8607146a854fd54e6b9ee3e43412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
fbb1fd96dfc7a86feccc4838e458ec57

SHA1
c09a8509c7598effeddf943256974f75920ed8ba

SHA256
abbfdaff372eedcf1f1e566315ca6b2a5cf993946d92570a7860f83ebccf306d

SHA512
063756233a504fe03b8c7af2a9e56a7131a58e233d165df6b02b477fc61a37929378e40525d8aeaa420ac369105f82c66f2e8607146a854fd54e6b9ee3e43412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
fbb1fd96dfc7a86feccc4838e458ec57

SHA1
c09a8509c7598effeddf943256974f75920ed8ba

SHA256
abbfdaff372eedcf1f1e566315ca6b2a5cf993946d92570a7860f83ebccf306d

SHA512
063756233a504fe03b8c7af2a9e56a7131a58e233d165df6b02b477fc61a37929378e40525d8aeaa420ac369105f82c66f2e8607146a854fd54e6b9ee3e43412

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_E503B048B745DFA14B81FCFC68D6DECE

Filesize
416B

MD5
fbb1fd96dfc7a86feccc4838e458ec57

SHA1
c09a8509c7598effeddf943256974f75920ed8ba

SHA256
abbfdaff372eedcf1f1e566315ca6b2a5cf993946d92570a7860f83ebccf306d

SHA512
063756233a504fe03b8c7af2a9e56a7131a58e233d165df6b02b477fc61a37929378e40525d8aeaa420ac369105f82c66f2e8607146a854fd54e6b9ee3e43412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af05481b81fdeb6c34b41fa28542b8e1

SHA1
30982103d4ad165cda1b492f96da553b0d5a8663

SHA256
61fabb6e11c5fe6ed58cbe1d1651395b973b7f460ebc78183b02484fad2ef7a2

SHA512
6671efa37f6ed5c9faa5b0a063bc6741d2dd217a6bfd578da3d3c8a54b16395916fa2173851bcd597b7489da05fe33095aedc655d0a7df773bd96f814b3b900f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71b657795f1d63721f304fcf46915016

SHA1
d2cabf753a2b8888642a3a26878e7f47784153b2

SHA256
f6d95ff8ef0a6098a3c31bedf0f623555cf3855bab0142f2350f07eb85832c28

SHA512
dd1d8e6e56463cba11da14b604c4dcedf13e1914c4afab93121f6535a30120e0d907c0129c6eebfc8a0a70a557d2f6d467a24fe0bac960c79519049e1931ea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
109b11655d704e690b468089fb56cd7f

SHA1
bf483d43907b7ea85a64ded7c882a08ce7b4dda3

SHA256
b3e9af930f7347251537904b4b1ccd98f02239a16d9fd0c86df3f1a10d1c3e81

SHA512
93c927cebba7a29567148d5ba5f302997b90c5759d703bdc7f0b01acdc42a210cde28707f752ba27b644830b9dfcdac013c14356d9187abae0afe77638b0e5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
a724d9b246993dd6862c636f17e52fc3

SHA1
5c87e6bd5b1d64e569f9a8950636af6d60a00df8

SHA256
cdf70a8a3c11ca136743075ad309bbeea84f5a6ae948c414a28d7037575d9e5b

SHA512
978722a884711dd227ae0d61177e7f6b1df365472b6e286e202cb28efa4f2222fc6a39d38fb335ca71dd66a7ba5aba119f23d6006dd7ab98eab92861e4ba561d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
230d8c1abb122f93afe48e29147a439f

SHA1
097021770299966135251969d32e1534a861dfb5

SHA256
dd61eb1f6d01956f9a0844c90e97eb4525156730a4197266f4391e93e8d5ff96

SHA512
722d0738a35ef750d28d28532e2ff95d4f1e5c75f4f31666a8daeb626397952f91a07e1432e07c6cc1af7df9b5826cdd9eb5296068484ecc4f36dd2b281bc0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
109b11655d704e690b468089fb56cd7f

SHA1
bf483d43907b7ea85a64ded7c882a08ce7b4dda3

SHA256
b3e9af930f7347251537904b4b1ccd98f02239a16d9fd0c86df3f1a10d1c3e81

SHA512
93c927cebba7a29567148d5ba5f302997b90c5759d703bdc7f0b01acdc42a210cde28707f752ba27b644830b9dfcdac013c14356d9187abae0afe77638b0e5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
230d8c1abb122f93afe48e29147a439f

SHA1
097021770299966135251969d32e1534a861dfb5

SHA256
dd61eb1f6d01956f9a0844c90e97eb4525156730a4197266f4391e93e8d5ff96

SHA512
722d0738a35ef750d28d28532e2ff95d4f1e5c75f4f31666a8daeb626397952f91a07e1432e07c6cc1af7df9b5826cdd9eb5296068484ecc4f36dd2b281bc0b0

Download Submit
memory/2240-133-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-132-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-136-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-135-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-140-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-134-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download
memory/2240-137-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/2240-141-0x0000000000400000-0x0000000000AE3000-memory.dmp

Filesize
6.9MB

Download