cda74129c2cc51a1f808695e163f05d4a9fc6ca2244e5d2c7f03d9f19d42d7da

Resubmissions

15/03/2024, 23:47

240315-3tb77sed8v 3

15/03/2024, 23:40

240315-3pbe4sga28 3

15/03/2024, 23:36

240315-3l17cseb6t 3

Analysis

max time kernel
180s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 23:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

glitchnation9.png
Size

950KB
MD5

f7679f38c3be7a9871f3b4da455d888c
SHA1

b0ef376ebe96e3a784fef2c2302bcae51cb4b923
SHA256

cda74129c2cc51a1f808695e163f05d4a9fc6ca2244e5d2c7f03d9f19d42d7da
SHA512

43e6f93f20ab2c7970deb2e31169e708ae7ec616c17e08fbdd7de82fb4bb89c512f51c09e3841109650f27d582f0ac678da47b88bd4a0a7408a6c580eba7eb66
SSDEEP

24576:J+H/c1UXLNk8YH2Mb/C17ZQW9m0fc8zsOS0AsxyQ49SV:ULNk8dSWI92cpYn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{CAA8C24C-9FF7-4EF0-AF6F-BB45877ACF94}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4052	msedge.exe
4052	msedge.exe
3456	identity_helper.exe
3456	identity_helper.exe
2216	msedge.exe
2216	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe
4052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4052 wrote to memory of 1584	4052	msedge.exe	88
PID 4052 wrote to memory of 1584	4052	msedge.exe	88
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 2412	4052	msedge.exe	89
PID 4052 wrote to memory of 4844	4052	msedge.exe	90
PID 4052 wrote to memory of 4844	4052	msedge.exe	90
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91
PID 4052 wrote to memory of 1880	4052	msedge.exe	91

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\glitchnation9.png
1⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc6fd46f8,0x7ffcc6fd4708,0x7ffcc6fd4718
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15112133535938848946,2262242430769570830,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2440 /prefetch:1
  2⤵
  PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x508 0x48c
1⤵
PID:2320

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\29cf8737-254b-464f-a29b-9e48cc42c502.tmp

Filesize
5KB

MD5
067014b69f5e59740156084f74c7f590

SHA1
2c4861fad4df1796207ca49b124741698be18217

SHA256
74357e9917a62c3a5ef41c3d90ce55429041b0e100cee4f92036f645bf61e091

SHA512
01eedd0a7656e9e6550d267abb9790bc87b79f6d0ac9fb0207b1c5b6a0f120a7dd496eb4a571a0b30d77f9078c7d61952dae0c156a9a4ee7d9274629b9cc1fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
32KB

MD5
73cc95363c4ac77aaf958cf241d93b9a

SHA1
5bbca293d97ccf461e98d8002a04912c50eff329

SHA256
adbb4f54e6d9073a052fd328bd7356828ce8c007ab3521c35181fbf0f9913f3a

SHA512
c41662928ddf018019e99108ae580367a834e1b9db2f9290df841dee263cadfd763724cfc48c035a867278c8d243d1c9f6725b90f6184dfe03631401c4677362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
24a16440d5b663d0d87263e812e3fd90

SHA1
0ffec5a540218892b440703dfbf04bf1252def68

SHA256
c3af8b6de514fe12fef4987e8a1a9c6294ea0ebf46d0537bf02d18595abbe799

SHA512
9845ca0adcbdf6e77a021073f5f01c6b0ecc0593d2c7e13d58b7717368d466d69f74c51934c77f21aaaf0704815fdefdf285748aa3e17441b700ba092a6df9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
137KB

MD5
3d1266d8ad482c9a84c35e0ac951488b

SHA1
59639f696eaaf4d135ec0e26912852607be0926e

SHA256
9524167b3c9fb36cc495e0a02320651082bb631e726191380694bc7ad40170e1

SHA512
cf221d5ddf5d77765452d54214ad2ac6096be26f26b3dad12a8755e023a757a9a47c0cd3809da244a79b944b9d460244397dd7545a7e8f4ccbea76adddcda2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
77d74f2808461231cf29589903baf6c9

SHA1
7015ea66c7dfdb20ac9d32e655319fecffac5483

SHA256
1de482bed587e60318cca79d62ad3651bf16e275d7b2e179bac5ca5b5075b597

SHA512
0fed5460dafc02836bebeed8c9c3f11f642d523cfbe15ad845c0fa4fb0480914f1f9d884ad90fb80fcb0a4fe53bea6875df7e76800b7d5006ee8e8c644fb4e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
995B

MD5
904aba3cd2e6a306a5cfb190b7363a11

SHA1
0b0315aa03e37cb23c6fd1a4a857011aea86a013

SHA256
bed9fe28c8e19329a9adc15a2a04f5b8e759f9fabfe7b373e8c8f728c46c4d58

SHA512
18b32df3df8616fdff575965d1440b49db221832d97d22dc1a862f76b595556105142d50b1080bb0f16aafb1ea06ae43ee526ebdda09d34fab68cdb2ea6cc475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
628B

MD5
1b067d7ef8560e91e7eb1e98da673e4f

SHA1
1df2ce924ad51c0b4bb0adce26a72e969c527876

SHA256
0a55c9874c76ffe1e50576f362106656c3b0af52a1008976fdf2f083df3a3f1e

SHA512
f7b134c9fab3b0b666c9d4dc0eabe819be7aacddc7d166b8aa5cc1fe9bc178d2ea48d4a939fd604b7dd899937ee8283d8dd83fbf9e4888d5e7a693fc934706ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f744c83b70969054219b0d2f71ecadcc

SHA1
42ca359c7f71dc8fa52079ea71b5ac8bd469b0a8

SHA256
4cee787015e95483395416d26207e14dc3b9d08bcbe939164ec3d4ff6ea946c1

SHA512
d16346fc5386a0a730a9f7aee8cac7499921af4bec76878809b55950732d4d279bc41c6dfa655969f2d5e0ba6d6ae994e881ed4e1d4b615dc61eb707e4acd381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3ab13837ad2f102677fadb5bbf9f5e96

SHA1
cfc68bb7a48123aaecf204aa25ec31496f5dbd9d

SHA256
e6e3e04c578ad5e241db4ca985997016063715c42b10a40642cb0d8115a998a3

SHA512
c3b16315574d4dde9f237acc0aae5a56950a3ffa1725f125738af001f035c68b2e429851f8e0b5cc88de133b82c2d785b34cce816b024fdcf38a1f98e0a217c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
591f6c789681297262826049e3572d17

SHA1
069e658449f601358c476ab41c43a79820693b1f

SHA256
4d49e6acf6911d359cd5a41e7f2a4eea366daddd433ea34fa8a4c65a59263610

SHA512
95e03498694398083b0498577bd28336daf72958a7490f54c19722b127c11345bb6f0bf4ee061209be51500e9d32ac106f73aa6d17a7526ce28af5259aa18be4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
287c53582fa65aff2f241f2f2c511bc6

SHA1
0ce52bc4d24464320bc1459e4d5596d582daa4a4

SHA256
776e3f38a1c59a9716f6bc54a3c433644883550c9ab4fdb8305c586dfde35b94

SHA512
024bbad63de71dc988a47f49ad60baaf434d32165bd2df036ce6d5716d507db1dee073769956f91ab31c4efd996b1279b0006f34ef5b19f3b6f1ea2e3354dd69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
c710e8e5e6962562fc12c15ffeb71669

SHA1
662a2b7f814da57d53f4bee255452808cc9bc650

SHA256
6abfc2e4e331e1f836d09020dc021823934a450ab7fc896316a8222a77e9b48f

SHA512
0b36e5db3d2b999f04900be15e5bff8021ec77280eb3c740545681a2c6fdfc54e4995c9cb94768631ed239fda893c2755bf0935b3407a70aae3be723bd3a8ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
100a926153a084af5c64e056c323b955

SHA1
aa91d045055562703dc6649791140f56ab423778

SHA256
aab1a5944eb044e486204b0bffe9970cdb57935b5d899f68ef5f7fd13fbb30b9

SHA512
1577dceca340f5ec518cbc44c8c5fdb613ab9567fb9b170aa181b45dab20f125064149d410d9a48cdb118f0c980b1a276f51fedd013813c55f289c1435fdb6f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
4bbecc809d5c5924a4e728b025efce7b

SHA1
d5bd89817ff5fc4255435bd77e982028bb6d22eb

SHA256
9db3a23ef41051925716f7f4a76630d57f8450689c7e5562d1d05b9c10ba55de

SHA512
45c5b9b2db6f36d544a8f8b188656917a498f6f779fd18aa45ba3836ae96f2c5f518e7343184cf0f203bc0af414113740c0229faffa2221703f044e638133c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
e250c036ea255b90251647b674a3b3d3

SHA1
024898797e8babe39ffd0c0267d90c6d660e8c2e

SHA256
9d473f9b5998c5d5f364094f6837a843ada39b05e767a135554077b097a44acd

SHA512
d93b2a7aaf81bbfe1ed2fdad74c5449a043a44184290201fb152718f38a70f2840809a52dc5eafd7a7b3efaa2f77be03bc82d86d96ed7b123212dde9b388be97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e1f4.TMP

Filesize
704B

MD5
f2124322d7306f05d87d4bc24dfd3d21

SHA1
14e3db09f2c2fcc4c4dd689cb0f454dffa835d83

SHA256
4ac5ca28168463a1612973b9f18671b3a458b8aae067aff1146a9e8686399aa7

SHA512
281bd60b296b03621fa0ca493eb912020ea87c9bb1c74030a20bcefb92c5da71639f83b562fd7c0b90bcdd42d49ae0e65158e17b70a397524da37f9301bc06a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
33d1095f9e5b6473e882e9b47b58e668

SHA1
c58b002741f22cf4645717cbce21d48b2419185d

SHA256
d7b91e0dd1674479fc0db785760a84eb5b92759fadb303495c714855c06e86f3

SHA512
9707c5d268c2b64e83dd35904c7f4abe5191119f66daeb1e42959e1b3230ada4db087dfbc60439334d5b55b7607d4dc6a174382e54cc79224643f804f934a8d0

Download Submit