b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2

Analysis

max time kernel
148s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 05:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
Size

896KB
MD5

99acc170a89605aba70a74b5f8fe7b71
SHA1

7d784cb369e3714487613779a93bc89abb46be2a
SHA256

b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2
SHA512

a5a3dedd69730ce8809332438516df799916cd468aa2a69f1382a4074669dbf81acf9566a2d872053e4c8a817215b16e39f90d03378f8c7cfab17d1698075d76
SSDEEP

12288:1qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgauTB:1qDEvCTbMWu7rQYlBQcBiT6rprG8aWB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
5112	msedge.exe
5112	msedge.exe
4140	msedge.exe
4140	msedge.exe
4192	msedge.exe
4192	msedge.exe
764	msedge.exe
764	msedge.exe
4228	identity_helper.exe
4228	identity_helper.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe
5112	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 5112	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	78
PID 2620 wrote to memory of 5112	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	78
PID 5112 wrote to memory of 5072	5112	msedge.exe	81
PID 5112 wrote to memory of 5072	5112	msedge.exe	81
PID 2620 wrote to memory of 5096	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	82
PID 2620 wrote to memory of 5096	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	82
PID 5096 wrote to memory of 1228	5096	msedge.exe	83
PID 5096 wrote to memory of 1228	5096	msedge.exe	83
PID 2620 wrote to memory of 2540	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	84
PID 2620 wrote to memory of 2540	2620	b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe	84
PID 2540 wrote to memory of 4060	2540	msedge.exe	85
PID 2540 wrote to memory of 4060	2540	msedge.exe	85
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 3276	5112	msedge.exe	86
PID 5112 wrote to memory of 4640	5112	msedge.exe	87
PID 5112 wrote to memory of 4640	5112	msedge.exe	87
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88
PID 5112 wrote to memory of 4212	5112	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe
"C:\Users\Admin\AppData\Local\Temp\b545f777190550c442ea6285fe20891e7af6b31e40aae7b94a6f1833e88d4dd2.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce0803cb8,0x7ffce0803cc8,0x7ffce0803cd8
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
    3⤵
    PID:4212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
    3⤵
    PID:4672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:3168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:3692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:1920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:2372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:4724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
    3⤵
    PID:1704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
    3⤵
    PID:3904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:1688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:764
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,13914634565901024150,611151805697176764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2956 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce0803cb8,0x7ffce0803cc8,0x7ffce0803cd8
    3⤵
    PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,13534388690416471775,7357505176029899506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce0803cb8,0x7ffce0803cc8,0x7ffce0803cd8
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,3368853229167342900,8252476885100129401,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
    3⤵
    PID:860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,3368853229167342900,8252476885100129401,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ded21ddc295846e2b00e1fd766c807db

SHA1
497eb7c9c09cb2a247b4a3663ce808869872b410

SHA256
26025f86effef56caa2ee50a64e219c762944b1e50e465be3a6b454bc0ed7305

SHA512
ddfaa73032590de904bba398331fdbf188741d96a17116ada50298b42d6eb7b20d6e50b0cfae8b17e2f145997b8ebce6c8196e6f46fbe11f133d3d82ce3656db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0407c5de270b9ae0ceee6cb9b61bbf1

SHA1
fb2bb8184c1b8e680bf873e5537e1260f057751e

SHA256
a56989933628f6a677ad09f634fc9b7dd9cf7d06c72a76ddbb8221bc4a62ffcd

SHA512
65162bf07705dfdd348d4eaf0a3feba08dc2c0942a3a052b4492d0675ab803b104c03c945f5608fac9544681e0fe8b81d1aaca859663e79aa87fcb591ddb8136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
18e95ce83b8d0a192bd990f0ca430e2a

SHA1
5d5247cf2b2dada83e62310b7354040a9b0b66df

SHA256
5c65be19ccea34b815e98f9e096e39666a44ca4ad85aff24de7162585eb1df39

SHA512
c6bf7ce6241452b2ac70c74bed774f507b9c94c2fc0cc21a3665bb5db7955817a0c1b310a6b6fd1720147a9ba5c9fc31972297a61cf5ef661d212ad4a29522c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
736ecbee81385c0723306a2041481033

SHA1
268c655493ac38bcbe745061d3d83e874700b921

SHA256
f4fedcae6d39ddcc3eaefd79966c6a10f4ebe19a09bb80b905c5b83af5aed5e2

SHA512
d4d4c48505143c1371ac28a3eb11780183005df105f178c0db244b5b3fc8d86de0ea8818170d2f928b734c1774af1e8c6e5531c780f02f4591300bd2d59c5612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
408d662e1119314407adf21c7fc47207

SHA1
899663ad358adfa96b8946537254445c2ecd79df

SHA256
f34d0a560f3476c25cfc764b3fa6b101111f8951bababeabad00e559a3c2e0f0

SHA512
2a963bb22c9fd9e9c373ee75116d2411dfc0ae62c73ac7b341f59438679bb0e9f4ebf99dc956bc40d768fb82526f7920bf6ddf2c3fac618aa11cde8aa7fd738e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b21fe8084ad7fc762556a75c8f8ad0b3

SHA1
1c899b468d3e3f5f70736fe3b008d327f4396832

SHA256
cb05e42c01019b84d31f8c7ec7e32c3a4d971a3961c4bfeb3189a3d7a11322fd

SHA512
5b635468527d540c3413387629e241ce5052a5ab1f62a8431c7dfae9b738ca1fbf694dfb23a1df5ac814a7b5eb4268ce699be05bc3a6716b06cfc9adf5dfe0f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e9b88b28ae0f011811dd7e06510fd675

SHA1
d70fc01816f6d6296797d766c6f8251fbf1baf48

SHA256
c1aac053057a97316918d6a9c0d5239712e362f8a7c9711c086d80cf85faac42

SHA512
003ff9826cb88c5a1512626437fcde8b6bcf52e1ad61df44438e7cfa2bb018215185a32774a5bf953e39b7d422a3c7d150c8f31c18bc660574f6e35d90cd8481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
da8c7c870925aca830deec566837d1d9

SHA1
7406a6d60f558da77d5f8b0936d4ac074837e13e

SHA256
64c0ef0157a221cd48f0b0c48f9940bdd4eff0409c1a685090a1b392e788088b

SHA512
995b9f5f1cbeec55b61298b07da987e4a6a4df99c2b0ea212a1d6a38b20eabda1ca0ae89ca609525dddaa722cb75f919b29ae465a5558487facb5fe692d336e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
97e6af68a9b7a2e15edba36faacc1407

SHA1
c1a73ac8ba9af69dbeb661f9e417e6070c0806cb

SHA256
247086360dc39797ea2fa170f08f78d0b2e2fbd18733f462fa785db9d400e295

SHA512
fccca18f759cc0a584e43acff1aae53e5f8041ae12b87a6a35a6618689255bf3aa5f00ae3d93ecf1a8e050419a3f78d02d6753f29364523a222f5ffc76b18504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
083bb1b8cbbb3bf608f478d4d13b87b5

SHA1
8ec21d6bb22ca08c0b2fd647c1e3c47868fe1093

SHA256
e9c6b2f9abcf244eebf6e97e5f05dcbec562e4d9fc7c8bcfbce47f2bbf8ad0d0

SHA512
b1c1a91f440576d8785787de8f3d9db0a912a598d6a2b1a23d96e39197c0988e7136dbfd68df269ae48211df97e1c5ced8c58bd571c811f9f3bbc66badb299f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579a3c.TMP

Filesize
707B

MD5
12769420e89a8c424448762f52104563

SHA1
5b59ccdc6191f584c04c223738a862a32c3b2c2f

SHA256
6ba85a3613e186281fadd8616934e3b043a9be787ee529880ef0c5a025433a29

SHA512
3f4143a079afd88c926aa6188821472675d6e7c41389053aba1a05de418e841e0d4cbe5147ad7df95d79c13e3c6bd9a7a9246202a7552cd93692cb4a6ea0aad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0ff6eb2187e52fc870578536a072713

SHA1
0f278769278dee5b5db5f28136edc7f5645db23f

SHA256
9643caf3234fee7a772338cd8d50d1ce13034e1d81957af573527f90895626c3

SHA512
c445bb67b07937c1f12d39a2876f87c35834bbdef2c08acdda872208e82b746c0a6ccf264d01fd093787fdb328790622425d712901d12488b7112b306875bab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
923c74c4cdbf0ff75b9963f3c14424db

SHA1
021257cc1791f418ed72222300412b7c9efb140e

SHA256
2ccf0f15dc04aedbad8120c1ce3f5e70c501ef91e4d9845bf32c871c61d7457f

SHA512
2e044a65320c70bb4ae6fb907f1f78e91c1a84e44a5d11af5b34943a29c37e26465e841e80bf574cad776c8c6466d23f0418adff5e1bc6868da3b3211de462bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d28cd5821854cbca9f07db8d6d4247b3

SHA1
bfb9245e02d9ac988cdaab363f358c5846914044

SHA256
1b989f449b9d5759f45e230ab1fd28c6c14e9945f687d5b609fed3cef68175e5

SHA512
efd5e548054af1ed92301579bd53ebbe48368a5182796a44a2b5b143a19b2e69b29f6eeb8da4eb264c256e9b67081531b667517d3a3dbd849d131de4d55c12f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
bb5fae775ea4592950e54da57adb85c7

SHA1
22f4031ac472f90851ab5c4708e1780e67b1736f

SHA256
526ea78337cf5de78b46d522c2e333f9d760a22adb64309288eb4f5b59defbdc

SHA512
251b0180b62a13b45a77f4188b2a4044386a32bd00fd53d3af6def16eede1c76fe63b52e6498540779264cebd79476ff17e9c4eb096904f637a038dcd0a79608

Download Submit