Overview

overview

8

Static

static

1

Capture.png

windows11-21h2-x64

8

Analysis

  • max time kernel
    146s
  • max time network
    148s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240214-en
  • resource tags

    arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    20/02/2024, 13:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Capture.png

  • Size

    363KB

  • MD5

    48ce19370b7d2ee304e7be79c1a71ff7

  • SHA1

    fa395399766fe70c1eebbdb380812723a03c5663

  • SHA256

    155b99a9d2248bcc45626467602a5f17989983f83f8425db98fdbfffb424f566

  • SHA512

    0c5cf592380bac9cc80c52abacc191490a9907f5da6a2287d19f9191d874ae4b3a64e7a9e22ceab22b3b60a82f938036b59255f35763de041e94da9846e3702d

  • SSDEEP

    6144:zKVVQgLDvefOunrH/Wdrld0+JAU8yw2YlSb9skfbZmgven0H17WDNoz0kponAG0s:zYVQgLD2ffnrfMpdfNbCkfbZDveU17cd

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\Capture.png
    1⤵
      PID:2636
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2248
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef3153cb8,0x7ffef3153cc8,0x7ffef3153cd8
        2⤵
          PID:3552
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:2
          2⤵
            PID:3472
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:1404
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
            2⤵
              PID:1028
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
              2⤵
                PID:1580
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                2⤵
                  PID:976
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3620 /prefetch:1
                  2⤵
                    PID:2896
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
                    2⤵
                      PID:1880
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2704
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
                      2⤵
                        PID:2356
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
                        2⤵
                          PID:4184
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3988 /prefetch:1
                          2⤵
                            PID:1892
                          • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:2372
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
                            2⤵
                              PID:4392
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
                              2⤵
                                PID:3328
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3248 /prefetch:8
                                2⤵
                                • Modifies registry class
                                • Suspicious behavior: EnumeratesProcesses
                                PID:672
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3364 /prefetch:8
                                2⤵
                                  PID:1544
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
                                  2⤵
                                    PID:4184
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2496 /prefetch:1
                                    2⤵
                                      PID:3228
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                                      2⤵
                                        PID:3016
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
                                        2⤵
                                          PID:1468
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
                                          2⤵
                                            PID:2860
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
                                            2⤵
                                              PID:2824
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
                                              2⤵
                                                PID:3200
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
                                                2⤵
                                                  PID:672
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
                                                  2⤵
                                                    PID:2920
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                                    2⤵
                                                      PID:436
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
                                                      2⤵
                                                        PID:2044
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
                                                        2⤵
                                                          PID:4984
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
                                                          2⤵
                                                            PID:3804
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
                                                            2⤵
                                                              PID:4152
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3764 /prefetch:8
                                                              2⤵
                                                                PID:2280
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
                                                                2⤵
                                                                  PID:4116
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                                                  2⤵
                                                                    PID:900
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
                                                                    2⤵
                                                                      PID:2392
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
                                                                      2⤵
                                                                        PID:4900
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
                                                                        2⤵
                                                                          PID:5104
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
                                                                          2⤵
                                                                            PID:4572
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7588 /prefetch:1
                                                                            2⤵
                                                                              PID:3876
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7136 /prefetch:2
                                                                              2⤵
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              PID:3308
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8494715346808438027,2694556102316130766,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
                                                                              2⤵
                                                                                PID:4876
                                                                            • C:\Windows\System32\CompPkgSrv.exe
                                                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                              1⤵
                                                                                PID:3836
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:3124

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v15

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                  Filesize

                                                                                  152B

                                                                                  MD5

                                                                                  3ac94e49addbb0b2b78b1cc0c4fdc41a

                                                                                  SHA1

                                                                                  41dda9076097a81d24a814805f80979eb5736a72

                                                                                  SHA256

                                                                                  259e79a3a5696dd704f943a3146b6622715c38d269751ea5b90c4858aeecaec5

                                                                                  SHA512

                                                                                  9890dd31736bf96b3669a9ba135e029d02a0245e31795f71f15bdb79066e95f8d43233643a78e1a36780b6983d88a5a82f71a07eb91133d9319c014e935fc9fa

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  a468feaf4e3f0eb51cc42c18d66c2c76

                                                                                  SHA1

                                                                                  4715c97f054afa5c3f8402872970e9a2541fa283

                                                                                  SHA256

                                                                                  1abe8c0b1aa1bfae04a89ce1cfe7da938d49552c2f3aa646eb5e737b86b76fc1

                                                                                  SHA512

                                                                                  a1f1d6a8dd0cbc717d7900ad8146043d29a17e5679b9ee088ab60ef6a8cf059c018987955ac121105721281a56cafd6ba5ad67d06139a804c9e11dd3b5808226

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                  Filesize

                                                                                  640B

                                                                                  MD5

                                                                                  3d6832800c0c4c0c014e610277992ef7

                                                                                  SHA1

                                                                                  58e183a7e4e87be7bf8e591f0fda1ffa5948151b

                                                                                  SHA256

                                                                                  ec19e5dc2538b7d18efa373600a4834bab9ecb2c2d6100f2bac56ab3577b5d07

                                                                                  SHA512

                                                                                  5214b15376128e8f5c0610e62b9103bc3f684e6a7a2895b1f706ba4f3ba6fe0a9b9e5a829337958675734c64af3c75eda66d5552331f1ae9cbb13dca12320fc7

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  980cff563cf729a7c2d7785497cdae13

                                                                                  SHA1

                                                                                  136815524ee9167f6bbd94cb443147a897cbcb82

                                                                                  SHA256

                                                                                  251b5f69a4d4e8fcacdb00d4d5c5082f34123bed381bd0bcc6b22e3564a1b685

                                                                                  SHA512

                                                                                  cd4a35689f11a30d0673484a17141f4b259a7aa6ca2d60fa57be30b2485d42d0f361e4a53298e03254c57a87b7a11a0c5d6b02e15c593292794360507302c18f

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  e5f908742211ee5ab3fa973265393a3b

                                                                                  SHA1

                                                                                  94c1aed3a3b7765026eb5dac42872b49c7ca4e19

                                                                                  SHA256

                                                                                  848b33ed0ef45ae086c1893303448e75d8af5ba443ec6b7e089e36d8fbaa9c2f

                                                                                  SHA512

                                                                                  e6e68859783d39039e1d6cd8330185f3686f273d6873f291b77d0c9309c9698a634f0eaee77fa7ebd1fb7a60f3fb82935cd7e6dc5b3b4bee1c7e9eda0e9712f4

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  5KB

                                                                                  MD5

                                                                                  36de1bd1fa569c19028036ef73499113

                                                                                  SHA1

                                                                                  26ed90f37b57775ed6b005d09c147f0654989ca9

                                                                                  SHA256

                                                                                  d0bb632b1d69dc2196f36834584eb368d6c5c76a83287ef4a2ad83cb3eb9f17f

                                                                                  SHA512

                                                                                  d681caddb694fe8afce2d8463f4fe710048d03c90b141443b589c3291001a4c047dd57582dcecf78701a1b6a60fdc9df33c24105aee8ff6fc9f89e4292064aa8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  08e86714cc3b407efeb772a35a0f84bb

                                                                                  SHA1

                                                                                  f77b96d53b2dcf3810fd2ae7f99588992b41769a

                                                                                  SHA256

                                                                                  597a4d11029a56af4ab988b81144fb4c88b46880aa066033aecf62826ff3eecf

                                                                                  SHA512

                                                                                  06fb58568d6274a32429416e523e564fb68b6c07b732c95561b05c2c68f1fc8eb60c5d4600533513db6bdfdd75dfbf9446727337bc180a7ff212fa394aae922d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                  Filesize

                                                                                  6KB

                                                                                  MD5

                                                                                  b07b30b9ce9c662e16b33530205bb382

                                                                                  SHA1

                                                                                  ca0d5916d664f6937a69b999973b5b57c1a059b2

                                                                                  SHA256

                                                                                  30e7c70e77d6cab1a8c03465ae1bf266ef566c5e45fab9ef0c63b9ed6c2ad8a6

                                                                                  SHA512

                                                                                  b4ec6b14322b81303f02048b7e149956adae934dc9d496ce08bf5eeb753b15c1689d2acadeb42ee4f8ff2c5a327692149f764d81aac870b07d24afe6e473387f

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                                  Filesize

                                                                                  25KB

                                                                                  MD5

                                                                                  0ee370fd0b36aa248467fe639b6efd62

                                                                                  SHA1

                                                                                  8d05ed1594e797f3b884c0640b394305cca30521

                                                                                  SHA256

                                                                                  7546533b63e8d119b7d4d58459a88b1bfeb060128844de5ffa9a2800a07505ba

                                                                                  SHA512

                                                                                  9f36083d5068d2b293bd459c8a03e7d79b1f005f7386dccd2df7599b8f94875bfb7bec715e8141d02dbcd92043c8dc621493939cae7bdfa96763927487bc261c

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  b1c69458248e13750c7c9a2b6bc77579

                                                                                  SHA1

                                                                                  5f29e7c744242c86ec28d6af943c948a28765120

                                                                                  SHA256

                                                                                  b0e2e5c7533583c11e151c72e03c276f58084e9396d1f3c86b2f10a45b6a435b

                                                                                  SHA512

                                                                                  76ffd1c2612d7e7de8c3c97b1f842d3c060eee171ae480dd19df175ecc69a7032a500845cf08823f715ca72e886f3f0f0a3bcc9bc97f426a570e0e2613f1b135

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58bc75.TMP
                                                                                  Filesize

                                                                                  874B

                                                                                  MD5

                                                                                  fc0f11845969559a65c59982075ac26b

                                                                                  SHA1

                                                                                  62eb0fa88f1c943b86e2a84830340e0bfc9572f6

                                                                                  SHA256

                                                                                  89d016fefefdd0857fac573d02d0818bfb479ac0f761897fec6e62aa069345ac

                                                                                  SHA512

                                                                                  eb96ab4cbdb82da516cf3adb4b83e26fd95d28527cf176ce2b39c65a9bb3aae1fbee7f87b0a2c67ea15242487255aa1b4d68a31b9986d026b1ac404127e25d76

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                  Filesize

                                                                                  16B

                                                                                  MD5

                                                                                  6752a1d65b201c13b62ea44016eb221f

                                                                                  SHA1

                                                                                  58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                  SHA256

                                                                                  0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                  SHA512

                                                                                  9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  6a6a5e33fe54119ee4a43ea46d408c4c

                                                                                  SHA1

                                                                                  f7ea904013b0d3e46f0e734edd07862eb9787699

                                                                                  SHA256

                                                                                  ee626fee685160837f49b071928f5645b476800bb7f98fe3b41488ea1948987b

                                                                                  SHA512

                                                                                  b34b105439921ca4f6f40cac207ba4d122d9fda85f10ddd18ee5514d3da53888a5c15273776a1eba6f84da2d3a91af50a5b4716552f69e478ed8abb43ce48c9b

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eb3c1cb3-9047-40b6-9591-15b281e60e3f.tmp
                                                                                  Filesize

                                                                                  10KB

                                                                                  MD5

                                                                                  ba21a31adc00b92d3a81c0c6a32e15dd

                                                                                  SHA1

                                                                                  bfc9d3c36e07bd82c8bad4957b50564273f0a24d

                                                                                  SHA256

                                                                                  668475307f5ca063fc8bfa9ad0373b08708bff57027e6dfe4cc6d63a4ba1dd93

                                                                                  SHA512

                                                                                  8581a35cac87f90db925e88e110b06ac50cba94ec755caa22e77fb75940f05880ab74eb0e38308a52c9bf7815fc0fd030d5cd2b2f35956087bea404911e2b748

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Downloads\Unconfirmed 885073.crdownload
                                                                                  Filesize

                                                                                  2.2MB

                                                                                  MD5

                                                                                  70f3bc193dfa56b78f3e6e4f800f701f

                                                                                  SHA1

                                                                                  1e5598f2de49fed2e81f3dd8630c7346a2b89487

                                                                                  SHA256

                                                                                  3b616cb0beaacffb53884b5ba0453312d2577db598d2a877a3b251125fb281a1

                                                                                  SHA512

                                                                                  3ffa815fea2fe37c4fde71f70695697d2b21d6d86a53eea31a1bc1256b5777b44ff400954a0cd0653f1179e4b2e63e24e50b70204d2e9a4b8bf3abf8ede040d1

                                                                                  Download Submit