Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
31-01-2023 21:23
Static task
static1
Behavioral task
behavioral1
Sample
GxMBK.exe
Resource
win7-20221111-en
General
-
Target
GxMBK.exe
-
Size
1.6MB
-
MD5
049b7a8f84d8c8e7932bfc6e97362c30
-
SHA1
f3d85b5214062a92ecacd0a65e02593e44ab188a
-
SHA256
2716cfd0d3479d42e903bd0c835b91fd5918a02fb63bdc1b52f73921bf4b307a
-
SHA512
eb0c58f723a9c6a2d3d29b10f89538845cfbdaa2d4579de4238a0753050154dacc7832cc20f858b757fd6a2e491b5f775262f670309b7691437910c59a106924
-
SSDEEP
24576:bYO8wJFOtz7uuqEP+1MoIpgpgi2esTTPfQHSvMYdihbjct3sP8ZS3pdWMhLaw:koqAI4sTTP4smZ58wl
Malware Config
Extracted
xworm
127.0.0.1:7000
TU53fgvTBLouBDSy
-
install_file
USB.exe
Signatures
-
Drops startup file 1 IoCs
Processes:
GxMBK.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\%startupname%.lnk GxMBK.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2386679933-1492765628-3466841596-1000\Software\Microsoft\Windows\CurrentVersion\Run msedge.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
GxMBK.exedescription pid process target process PID 4492 set thread context of 2176 4492 GxMBK.exe schtasks.exe -
Drops file in Program Files directory 2 IoCs
Processes:
setup.exedescription ioc process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\8d92a3ad-d37f-41a3-99cc-69ef876afb8d.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230131222327.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4188 msedge.exe 4188 msedge.exe 2084 msedge.exe 2084 msedge.exe 4772 identity_helper.exe 4772 identity_helper.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe 64 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe -
Suspicious use of FindShellTrayWindow 3 IoCs
Processes:
msedge.exepid process 2084 msedge.exe 2084 msedge.exe 2084 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
GxMBK.exeschtasks.exemsedge.exedescription pid process target process PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 4492 wrote to memory of 2176 4492 GxMBK.exe schtasks.exe PID 2176 wrote to memory of 2084 2176 schtasks.exe msedge.exe PID 2176 wrote to memory of 2084 2176 schtasks.exe msedge.exe PID 2084 wrote to memory of 2744 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 2744 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1204 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 4188 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 4188 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe PID 2084 wrote to memory of 1368 2084 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\GxMBK.exe"C:\Users\Admin\AppData\Local\Temp\GxMBK.exe"1⤵
- Drops startup file
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.03⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x9c,0x7ffa974746f8,0x7ffa97474708,0x7ffa974747184⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:24⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:34⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings4⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff735ae5460,0x7ff735ae5470,0x7ff735ae54805⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5376 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:14⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1268 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4356 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1836 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5840 /prefetch:24⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2100,5681541189671699033,12873982525511144424,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6076 /prefetch:84⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=schtasks.exe&platform=0009&osver=7&isServer=0&shimver=4.0.30319.03⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa974746f8,0x7ffa97474708,0x7ffa974747184⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c71cb7463c49e125cbae14ac265cf18f
SHA14430c030546d725e7f6e5584f139e012e9214f06
SHA2561eb6d93849a5c52e9b381fc0abd82b401e2d1e5dfbedd48a3cff50e91e758018
SHA5122f1317d23dfe8c39760e51900cfaed49a2ba4675f0904ec033252e037e0eb935e59b4cc0b8c11c4acd7cfbddf0d9d461f5a66504494863c2bb7781aa3c000eed
-
\??\pipe\LOCAL\crashpad_2084_CJWHVGLRPKPMVBZXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/64-179-0x0000000000000000-mapping.dmp
-
memory/1204-140-0x0000000000000000-mapping.dmp
-
memory/1328-163-0x0000000000000000-mapping.dmp
-
memory/1368-144-0x0000000000000000-mapping.dmp
-
memory/1560-160-0x0000000000000000-mapping.dmp
-
memory/1636-168-0x0000000000000000-mapping.dmp
-
memory/1776-178-0x0000000000000000-mapping.dmp
-
memory/1876-150-0x0000000000000000-mapping.dmp
-
memory/2084-137-0x0000000000000000-mapping.dmp
-
memory/2092-162-0x0000000000000000-mapping.dmp
-
memory/2132-159-0x0000000000000000-mapping.dmp
-
memory/2176-136-0x0000000000400000-0x0000000000410000-memory.dmpFilesize
64KB
-
memory/2176-135-0x0000000000000000-mapping.dmp
-
memory/2692-166-0x0000000000000000-mapping.dmp
-
memory/2744-138-0x0000000000000000-mapping.dmp
-
memory/3080-174-0x0000000000000000-mapping.dmp
-
memory/3440-181-0x0000000000000000-mapping.dmp
-
memory/3584-154-0x0000000000000000-mapping.dmp
-
memory/3748-176-0x0000000000000000-mapping.dmp
-
memory/3752-146-0x0000000000000000-mapping.dmp
-
memory/4044-148-0x0000000000000000-mapping.dmp
-
memory/4188-141-0x0000000000000000-mapping.dmp
-
memory/4244-170-0x0000000000000000-mapping.dmp
-
memory/4288-158-0x0000000000000000-mapping.dmp
-
memory/4412-156-0x0000000000000000-mapping.dmp
-
memory/4492-132-0x0000000000A00000-0x0000000000B98000-memory.dmpFilesize
1.6MB
-
memory/4492-134-0x0000000005C60000-0x0000000006204000-memory.dmpFilesize
5.6MB
-
memory/4492-133-0x0000000005610000-0x00000000056AC000-memory.dmpFilesize
624KB
-
memory/4636-152-0x0000000000000000-mapping.dmp
-
memory/4756-172-0x0000000000000000-mapping.dmp
-
memory/4772-164-0x0000000000000000-mapping.dmp