807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
Size

896KB
MD5

74532e9255dcc6602b589bab11d23cc0
SHA1

b1a7d5960d15c3802326f89325bd53760f6c3a68
SHA256

807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116
SHA512

fc4d6f24e8a7c26453f66536830e457a15b04df59763a222fbc4964a5974813c9d4861ca0492cb7776502b6dbff69015081d26543049e843c8f03ce048ad7f5f
SSDEEP

12288:BqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgadTE:BqDEvCTbMWu7rQYlBQcBiT6rprG8aZE

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1568	msedge.exe
1568	msedge.exe
3460	msedge.exe
3460	msedge.exe
3908	msedge.exe
3908	msedge.exe
4788	msedge.exe
4788	msedge.exe
4652	identity_helper.exe
4652	identity_helper.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe
1044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3908	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	87
PID 4512 wrote to memory of 3908	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	87
PID 3908 wrote to memory of 1628	3908	msedge.exe	89
PID 3908 wrote to memory of 1628	3908	msedge.exe	89
PID 4512 wrote to memory of 4368	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	90
PID 4512 wrote to memory of 4368	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	90
PID 4368 wrote to memory of 4200	4368	msedge.exe	91
PID 4368 wrote to memory of 4200	4368	msedge.exe	91
PID 4512 wrote to memory of 1804	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	92
PID 4512 wrote to memory of 1804	4512	807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe	92
PID 1804 wrote to memory of 2420	1804	msedge.exe	93
PID 1804 wrote to memory of 2420	1804	msedge.exe	93
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 3164	3908	msedge.exe	94
PID 3908 wrote to memory of 1568	3908	msedge.exe	95
PID 3908 wrote to memory of 1568	3908	msedge.exe	95
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96
PID 3908 wrote to memory of 4624	3908	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe
"C:\Users\Admin\AppData\Local\Temp\807a0fb23a39b85115cc70158658a08908228bfaed47419df246d3ec53128116.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc74e246f8,0x7ffc74e24708,0x7ffc74e24718
    3⤵
    PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
    3⤵
    PID:2876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:1784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
    3⤵
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
    3⤵
    PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4156 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
    3⤵
    PID:1512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
    3⤵
    PID:6012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6036 /prefetch:1
    3⤵
    PID:6016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,1482209025082494192,5764893352558133953,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc74e246f8,0x7ffc74e24708,0x7ffc74e24718
    3⤵
    PID:4200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1444,11888278815357251083,7926287313642741984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
    3⤵
    PID:2408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1444,11888278815357251083,7926287313642741984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc74e246f8,0x7ffc74e24708,0x7ffc74e24718
    3⤵
    PID:2420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,15631517994662440286,15949845843523587974,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
    3⤵
    PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,15631517994662440286,15949845843523587974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2088 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc629a750e345390344524fe0ea7dcd7

SHA1
5f9f00a358caaef0321707c4f6f38d52bd7e0399

SHA256
38b634f3fedcf2a9dc3280aa76bd1ea93e192200b8a48904664fac5c9944636a

SHA512
2a941fe90b748d0326e011258fa9b494dc2f47ac047767455ed16a41d523f04370f818316503a5bad0ff5c5699e92a0aaf3952748b09287c5328354bfa6cc902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cff358b013d6f9f633bc1587f6f54ffa

SHA1
6cb7852e096be24695ff1bc213abde42d35bb376

SHA256
39205cdf989e3a86822b3f473c5fc223d7290b98c2a3fb7f75e366fc8e3ecbe9

SHA512
8831c223a1f0cf5f71fa851cdd82f4a9f03e5f267513e05b936756c116997f749ffa563623b4724de921d049de34a8f277cc539f58997cda4d178ea205be2259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e682d03e26f98f3696c59f97331ce5b7

SHA1
4f92d9168a5a0e178917f5bbf28ba9cab4f66419

SHA256
e204abba5e4e763bb37755b379a4a69bae44c32115b3dcbd55ee900076ede284

SHA512
4ba2b3472dd7c2d4b38f1dab6bd2a99c8893b8d3e28122df0bd99217d7ba69f940bbc7c091c07dec0dd7f198403f152d97f9c622c0d736ec9c75f9a05fcf815b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8f9f20799cdb560ea7ed7d5917b6ba41

SHA1
fd7ac2e430cef2d5323b2cdff72a43340a181ed4

SHA256
8f20ebdea8878f7ecc32199a221ee905567948391d50c3e87eaf0e35b3f05205

SHA512
fab551e659855bbeaacaa636081d081d6a8f131f74253ea2fcfaa79a9b69ba18df383c95e5f1b3f969ef94af8fd8ef7e4b651eb1eff71e2729414ac4407b5818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
681add26713b855a82d79012366165a8

SHA1
83fbd051fe9a0c90878b87a5874803357c0543bd

SHA256
f2b0887178b57ea0c1576813214b1dbd0a15027f6281ee5ff51872a63b04939e

SHA512
2e657ca471e9ad26af779af119439e620332fe69b2b0bd98ce70b7339e4a7cd06b9ac965fd9ef9566746a74c2cd6402e0a85d1d92a3f5081ab69aff53a86d526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db8ad80177c4b4813dd3a9c1a9b111ae

SHA1
965f36560cb3510478a06549ab926e5c0391281f

SHA256
70102c401dc76a727e18820124ca51a30b1ade09b02e0372e4c05843222c1c7f

SHA512
788da19ddc95d757fed458fdd9643921b756a7dc6105fa524d56bb7b673740ef9ffda8b7e650857ca68b6539dfed0572fb1b48581345074be17a0c4a5652fc5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f250134b3ec5907dde4674a72241572

SHA1
3fbfd37bc9f3640dc749e9e71f1bc2e959b55686

SHA256
a66a906ca3446d95c7c3443e0e4639ed2636802ffca0ba36092ab54f7c73a176

SHA512
121bbd9797307d09b38abe65e9aa9831e76539c932e64e8d6ad646a8dbd4acdb53aa10808d358776c5315a09ec178a1f940abb09de8a4717ea9d9462169f1e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
010e034f6b4e652fa92b3058f79c2428

SHA1
c8240870d8cb2045d59f82c181f5b10ffda4ff20

SHA256
2c597d2aaebcf6729593d628f49615cac8335a34243f02171153d2d65f689955

SHA512
37110b58880b1dadcdf958242be7808ab2d88f953f77a279f9ea0e24d3342e9166282c60ad1dde9da4c09a110aaba28fbf4e5d764333e9772a9e0837fe3eb088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
c38cf0ef5b76234026fc31b03eb98e6e

SHA1
b3864745557bbae7352f624788566df872b0af6b

SHA256
c6ac918045c707743990b9cd2fe2bb1a5dd5b902a813aee7673c8b7c66d206bd

SHA512
0ad78036ca56995bb3267327390ef2bbf993247ce49aa2fef9b491a395b0e642be069c37b3b996cf73da4e41c2bea02c631ea4d63e30092eb098425715685dd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
4fb89e8344ea990d201ac6256b48b0a0

SHA1
5860be7c37527baedd94a4bbbb672b243e620efe

SHA256
d11026fde62e9b9f35d9c755f68749b7dae52eb0ceda087576201fb9808e53c7

SHA512
7551a98d1614e635f65bde98633053f4e446933a649fa757b84a542838d89701562f1753e48f0b152f9e54cccb2a25fc18894ff363f0757dcf65acbd8981e551

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
82b22ac3ad660a4fabd6541d6284b5ff

SHA1
f602bf581c3f51c413b81faca9ee8bf104652d13

SHA256
213bd4c2206f38e19eee864531f5cb5cd4087a89dfb55b55b73787c79a14679e

SHA512
2268f6f8ca7344a7396c73f96441dfea5d353bdf2f18d7135520ec63b0c1aa9d5e3dde32eaa5f19c1820f5e757ad1e8e39d9b3cacd19bff098cbb6219e23fada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57922e.TMP

Filesize
539B

MD5
c5ca04ba67a8f5e4d76e3ca0e53128dc

SHA1
fe8ae63f63c9451df971a9b5f1c82a02bba18739

SHA256
e38e3d0fd9cfcd23701fddcfd3a0c86a2ecc62242b90aab731d66abcd200fbda

SHA512
dd65c26f7a07ad624bb223da1c3193e514e5c2db89266f4a2db5db2aed385b7e8111e25dd5b878783ddfb2a4d82369bf84e3acfca0ebbdb650997b4d9aaa370c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a49c9d7592d27cf07a2bd92eba9298a9

SHA1
c9bb38c2a6b0f6f70963d2c373caca6f2e1d2ff1

SHA256
e010ad025f1b371738de1582c60c4d7c2055fe711f8cffd53f90f9adc06ea4e6

SHA512
804b12aecb9a91a63e0149a9d97dd24a61966d05651c6b0c6d20ceda5a443b95514eb2e115a505135f0685d3e09bbc6f44b8e25b31444a6bac7abedf8db4fbf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
98b3bd40c3376f6a984f98355ca2e8e0

SHA1
507f1f5ee2bf1450f474751a9b3a21f2769fb11d

SHA256
ca20061e50b6930c0379371adfa0b87379d93f5b9e2f23724ac55adb20c5b8f8

SHA512
9b4115c8c221e81e06497da0ae266cae1c359bf542383acd908009b38a1e000d026d4c803a0edc6f72488c7f931d8f0e4bad0f13f1280706589aeb15762f852b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1c8e16e5792b22be64340cc88383ba62

SHA1
12f897bf02e24b5883dd11c2a9ac5c1b1fb3097f

SHA256
d26447eb42e3762b08daa400b396dba2668bef41b0817f8869488e6608ee442f

SHA512
5c619e8996403fdb9f8a20bf3ac2f5c1b9af98ba56f08461a32f5287b59757b4fbc54989fdf61841525edd91d8d916a2db00e1b67ee6684dd0aab741be84f458

Download Submit