Overview
overview
10Static
static
100d9e5116c1...e1.exe
windows7-x64
100d9e5116c1...e1.exe
windows10-2004-x64
10203dd97848...a7.exe
windows7-x64
1203dd97848...a7.exe
windows10-2004-x64
65d2a9e82b6...8f.exe
windows7-x64
75d2a9e82b6...8f.exe
windows10-2004-x64
7686e84d074...4d.exe
windows7-x64
686e84d074...4d.exe
windows10-2004-x64
ae30d28b17...a3.exe
windows7-x64
1ae30d28b17...a3.exe
windows10-2004-x64
6Analysis
-
max time kernel
153s -
max time network
173s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 05:52
Behavioral task
behavioral1
Sample
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
0d9e5116c1da200fa3a55c84ca2195eb7bbbd1e1.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
203dd97848f29e54a66e575ae670288e8fd4a5a7.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
203dd97848f29e54a66e575ae670288e8fd4a5a7.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
5d2a9e82b6098813fa230152de286f7712b5608f.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
5d2a9e82b6098813fa230152de286f7712b5608f.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
686e84d074c115785122ad304357729b28b4a54d.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
686e84d074c115785122ad304357729b28b4a54d.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe
Resource
win10v2004-20220812-en
General
-
Target
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe
-
Size
14KB
-
MD5
1ac8b9de402661ccd077fd4a8a0ce04e
-
SHA1
ae30d28b17fbce8e55203ad863c40bab8fe802a3
-
SHA256
5b97d70b1c2057207234a32f59e60e341b61204f215b63d9d849d11f6d186e55
-
SHA512
1845745b17c47c7f8e5349a12cd7cd99cf70e558ebec0addc7a298fe9aac4f5528c2c848b5aa63f0fef4d0bef4d7d90600ee1b112e95d8b0b88b6716f468b40c
-
SSDEEP
384:Y+Um+OJbooSE325j7V81cwLCza/0ejFkXha1H94l5Z1V:FkOJbPSw25NGCza/08j1H9qZz
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2629973501-4017243118-3254762364-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\64bc24b8-17c8-473a-957f-a2e5fb754332.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20221129065345.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2612 msedge.exe 2612 msedge.exe 4832 msedge.exe 4832 msedge.exe 4872 identity_helper.exe 4872 identity_helper.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe 3088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe 4832 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
Processes:
msedge.exepid process 4832 msedge.exe 4832 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
ae30d28b17fbce8e55203ad863c40bab8fe802a3.exemsedge.exedescription pid process target process PID 1336 wrote to memory of 4832 1336 ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe msedge.exe PID 1336 wrote to memory of 4832 1336 ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe msedge.exe PID 4832 wrote to memory of 3436 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 3436 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 1912 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 2612 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 2612 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe PID 4832 wrote to memory of 388 4832 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe"C:\Users\Admin\AppData\Local\Temp\ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8aadd46f8,0x7ff8aadd4708,0x7ff8aadd47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff72c785460,0x7ff72c785470,0x7ff72c7854804⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6316 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6184 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,11411936009307327893,3149502630839627336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5920 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=ae30d28b17fbce8e55203ad863c40bab8fe802a3.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ff8aadd46f8,0x7ff8aadd4708,0x7ff8aadd47183⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59cc113cab81df2ff66421c3dd6bf4d31
SHA1c1e1b1e2f007732c8c79eedac889b7312b08990e
SHA25648438eda8d47a465f7aa67c36937ec174be450bea6b501e2fc1cc929c917e2ea
SHA512e069f0cbd04f3fc91824df48f247e1542c6858cc3cf3dd4f16c26258beac2f7aa256bad6cdda3b2cef916afd186b269375a43013138fbc795f22c1367c799a2b
-
\??\pipe\LOCAL\crashpad_4832_LZNQQMNRXGFMUNLMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/368-154-0x0000000000000000-mapping.dmp
-
memory/388-139-0x0000000000000000-mapping.dmp
-
memory/1516-145-0x0000000000000000-mapping.dmp
-
memory/1848-157-0x0000000000000000-mapping.dmp
-
memory/1864-165-0x0000000000000000-mapping.dmp
-
memory/1912-135-0x0000000000000000-mapping.dmp
-
memory/2572-151-0x0000000000000000-mapping.dmp
-
memory/2576-155-0x0000000000000000-mapping.dmp
-
memory/2612-136-0x0000000000000000-mapping.dmp
-
memory/2912-147-0x0000000000000000-mapping.dmp
-
memory/3088-166-0x0000000000000000-mapping.dmp
-
memory/3436-133-0x0000000000000000-mapping.dmp
-
memory/3516-141-0x0000000000000000-mapping.dmp
-
memory/4060-158-0x0000000000000000-mapping.dmp
-
memory/4072-163-0x0000000000000000-mapping.dmp
-
memory/4624-153-0x0000000000000000-mapping.dmp
-
memory/4832-132-0x0000000000000000-mapping.dmp
-
memory/4872-159-0x0000000000000000-mapping.dmp
-
memory/4872-149-0x0000000000000000-mapping.dmp
-
memory/5084-161-0x0000000000000000-mapping.dmp
-
memory/5104-143-0x0000000000000000-mapping.dmp