2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f

Resubmissions

09/04/2024, 01:44

240409-b5wx7sae77 3

09/04/2024, 01:35

240409-bztwnaac56 6

09/04/2024, 01:32

240409-bxy3laab66 3

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wave.exe
Size

7.0MB
MD5

a8bd4a6b2f1d00928e61870a5688c13d
SHA1

e17646d5279534f2e3eb0e0cfc8b6c536bc0c095
SHA256

2c51f67e236cf95e2d51df4178699da09869ab077924cff0b3df1c512878ef2f
SHA512

6b5175beea4071668c87b16af3177bbb2cbaff6b28909dc1e09ad5b16b449c62d6adc372a0094de627fe9835f0c474d16708c3f698355ba1664bf321fa19f5fb
SSDEEP

98304:37//YITF8r2n8TevxbFKVlXk34tZ+t4+aNG5Lhd+2G4Op0cN+hmdYkvsFLL:37//1xBVqvG5dQ2m0cN+hmdYkvsFLL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{66B5064F-DEA1-4369-ABF0-1AD6967C36E9}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
3360	msedge.exe
3360	msedge.exe
1692	identity_helper.exe
1692	identity_helper.exe
4864	msedge.exe
4864	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe
5040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe
3360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 3712	3360	msedge.exe	101
PID 3360 wrote to memory of 3712	3360	msedge.exe	101
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 4060	3360	msedge.exe	102
PID 3360 wrote to memory of 2012	3360	msedge.exe	103
PID 3360 wrote to memory of 2012	3360	msedge.exe	103
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104
PID 3360 wrote to memory of 396	3360	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\Wave.exe
"C:\Users\Admin\AppData\Local\Temp\Wave.exe"
1⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffde78346f8,0x7ffde7834708,0x7ffde7834718
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3700 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3396 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8596170213715634668,5171751383051470960,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
e121064892c625fc705091652713eef7

SHA1
244258d146eb167e4eee2b443f80248eac1d7f72

SHA256
3d89538ba00ff93f6099d3d896698403eff6d920061eb377b7c88e4e49b9bbe2

SHA512
9092236c62017d6f715d936ab66ad40ecf44f9ab95e50c9e65b9766b5c0a9a3ff022b71c701a3fa3d2375c4e6520b1cdc905b81541ddfe0a1f1543d483e0bdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
814f3b15c61b1406fdb28bf9f61ee676

SHA1
f88d20af09358bd16302bd9eccb74e08db6e4d9d

SHA256
b012d1760ddab61521e8ba6d68dab8bd5f0df7b9aa4ad9c2e2e2cdebb4df210e

SHA512
ff222f65c82e5354e427b970c52b1e0b0b712095669395638bddedb7f4d39cbd0bd1abd5370f35175226e44780f06e3cbb1fb53a34fda3042b70e7635e513568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
10fff036018c3bdd514bf992e1d2d6ae

SHA1
501f72e805e018707d5f8c923c98c90c241be9a8

SHA256
ae2141e7937c7dae1bc5b4e8c8589e4558663d8e7fc45024f836e168c5012919

SHA512
2d9b73c1bb2b39896ea28bb099de8fa1a05a4a71b19e6ef20daa09d6381c6fb22ee6ea798b2b01ff98e0daf6365f70c52e4008254ff49e60c1cdca3c76013c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
467B

MD5
6a58d46c3169bec1e014ff0012aaa05c

SHA1
32ad39402f57a857694514ed0be15b7a586f108b

SHA256
b7cfea7e27f25a32d41b95160ca1b4c15dc4e383728722607d7fab49f3e78ede

SHA512
ba2a3d788f918a8b514b81594452e4c6fdf1211b93691a2dd479a3f422e20839f91f979a457009e8ce20da0050ee4cd2e04a0e9e055dcb22a41ecff747a412d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26a2c5693f5504dc87acdf71dd52ce77

SHA1
5493ffdc082f14d3884e577e80e1bb3b1e5e5667

SHA256
49356d4a1a5cdf6789ffaea5bbfc35bb2d4e9528209f0b5f0c307cec2f71260d

SHA512
b0314b5de3cab80562166e5af2ff441afbb62f3cd8d4506cbd875992b88660ac0b64cd8657ef0f00d23f896906acc46004df763279403a2b0e1cb6062bcb5c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d9199e8db6b5f38061d2a6a3d886836

SHA1
0f4bac3448390dec7cf41ffec2e62517fa17b0f6

SHA256
a73f5692dcd494bff75de0f0636c83f6f1450b9833ffb465f22c8efdaf0004f4

SHA512
c6744fc3f9f792615277ab347df64634e69d480cc838889eb01973c4f042a246e1ab57686442e6a0be7cc991cccba71cb382dae7110608d633bf741bebbb8c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4461e195101f92ee6baa5ea0a34f01d0

SHA1
b5188b561636bf069d2d5af4adb40fb074a102eb

SHA256
6909d8e4009f4a01e322d5f96f9c10714232e66cb234ddc25309a4fc8187a8c2

SHA512
0f0dcd3d5894cd3d3df1ae455889132956f6c452c73098c05c4e507799f19d71b105fd89220cab65f74a36ed21c9017e163e99e2e69c472d91752f15bca998ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2734ecdde948048ba1461656ea8edf8

SHA1
62b089a5e32ad29965fa3e10233b3be24058697f

SHA256
1a64b4d52961dba7fc567455e5270edd332c22d9a988149fc4be34032175331e

SHA512
c22194c2ccef6ca9e77ce9f5b4d53466968c1ef6eb89a6c5d84f2810c8f8f4b53b3f120f0256feb628a739da68df22bc8fc499b5b303d5aecf327c3d677ec36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
db0464870d8663a67443a0445dc9f62e

SHA1
bfa5022a2d63cfa8214375e1d93daf736f9a27b4

SHA256
d33e53454ce96d6d8541cbdb674adbe0099d6f1901e5b92592bd77c03515114f

SHA512
a2ba4c243c587166d3c1672c4ddfc8a7a828953b6c83a2c15b3ea2d477eed5288f681c752a0565cd1b08fbe4a9adfcef1589fa94bea646c3a2c8efb2f40a02ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4041a60d639c876091e48c6b605664a0

SHA1
d2288411163b711c5ceae8bab46a1bd9c15e2837

SHA256
c065912f1a6490723c679225390c714493818d0d5204f26ef209db9b54c6f892

SHA512
d9a544f490d69cc5526544db30a0a60eaede59016bf4f8e07798929ce027320b45769845d1c85f2a0f0e3124c4468a8d843dc1c24189bbdeff5973604e474664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3aeb5de43a49810c4ddc85ac2f6bd414

SHA1
aef0b60f6547c71359c9435ed03a4ba3fbae869f

SHA256
f6f8106b6e5e1d31bd5233d235ba71a76694530553843dbcde8684f73ecd7600

SHA512
8f0c73c6c0c7af5d3f84346a835a1671e9ef9638dfb428d011328726e16afae6751d3bb1234e05c5f47bdaa63229a940a650273bfc0bdae8d2cc25bedd797be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a4e.TMP

Filesize
538B

MD5
a28da2a94ace9ff7fc737d5b45603907

SHA1
f17d4f6206bc385d1555b078be74059fa9df8bfe

SHA256
b5cedf02710504f9daf3ddddf825e8fcdf99de81c169f99b92e5e4828e69b05c

SHA512
032ebbf222e4e63c76e7530a7cae5cf3b7c8086461ee79e48cb8435ac3e64e4807e6cc7d67bd3ce58c0ee7753ab808fe0e41469a3de4eace9ac6b0563ce2fb34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1985cd512703e02d451e5a7d1e88f464

SHA1
c348bff8090a05005f1362e88efc2775e1af6205

SHA256
1c5c2bc860c44f311f46952a17ee50af77777ab878260325db1d401ee1deab9c

SHA512
44282d9d07c709150cb544bc69857922c87b9c32d6eaca5ad4a2644bacc723d2ae662cf2f55c164a19a4d954dc1cc78f00ff46f3592b96e59387e94512169104

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8283ca927b1a179ddfa5172caeb2c3b1

SHA1
13ae8887f4bc834ff6b04765b7a609c0aaac4ced

SHA256
efc9b2ae69646971d48297fe79cc99c1fa9b8b8e414498b88f04395da6fcc0df

SHA512
a57b14865d8f9412c19ddb257f8fa985d73075257ace5ff8203f581bf303259e6efcf605e87c61512d8145fde2f903afa928755e00cf2134dda4933da36bd7ab

Download Submit
memory/2780-1-0x00007FFDE7830000-0x00007FFDE82F1000-memory.dmp

Filesize
10.8MB

Download
memory/2780-2-0x00000167B37C0000-0x00000167B37D0000-memory.dmp

Filesize
64KB

Download
memory/2780-3-0x00007FFDE7830000-0x00007FFDE82F1000-memory.dmp

Filesize
10.8MB

Download
memory/2780-0-0x00000167B2CB0000-0x00000167B33B8000-memory.dmp

Filesize
7.0MB

Download