cba3b9e3ef90b4aee346711db40de213312d0af8158f20911c9994d885630306

Analysis

max time kernel
146s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240419-en
resource tags

arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 06:16 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x64__x32___setup.zip
Size

8.4MB
MD5

e475d6eecd2aa71b8eac62719e4d7880
SHA1

6d2f78f2628ae3fc1a8569633dddb3ad576d8bba
SHA256

cba3b9e3ef90b4aee346711db40de213312d0af8158f20911c9994d885630306
SHA512

ae7243ae664275c9105877e13ae4f294ad7bef6d2873556273ba50d3dfbce383f598de0e1c6034518891a29d8400c5f12e299845d015a83910ca39650fdf3262
SSDEEP

196608:sIBkao+qY1V7JO/ANiGpSqWzYydIqnhGsymLotsWXw9aMIZE7Hx2C:sd9+qwtJAAMGpduYIIqnd9ktsQw9DIZ0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
2260	msedge.exe
2260	msedge.exe
2784	msedge.exe
2784	msedge.exe
5516	msedge.exe
5516	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2260 wrote to memory of 4928	2260	msedge.exe	86
PID 2260 wrote to memory of 4928	2260	msedge.exe	86
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 1724	2260	msedge.exe	87
PID 2260 wrote to memory of 4668	2260	msedge.exe	88
PID 2260 wrote to memory of 4668	2260	msedge.exe	88
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89
PID 2260 wrote to memory of 4692	2260	msedge.exe	89

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\x64__x32___setup.zip
1⤵
PID:4984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2004 /prefetch:2
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,458725375569335645,2549628131019607150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:4200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,2468587314043566212,9360850437405208902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,3972332872565077645,14208163398408779844,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:6100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,12503287004833013881,8876989001262112048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1964 /prefetch:3
  2⤵
  PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,15930285945322609797,16738459067709506395,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,15930285945322609797,16738459067709506395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:6188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,16760236312232672572,8185465688906425416,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1876,9974775586772103379,11331108102112682753,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1876,9974775586772103379,11331108102112682753,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:5564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1956,5317533888892138600,1588797183323964768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:3
  2⤵
  PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:6708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:6804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:6816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:6532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1976,7266304670384864543,8678420189961264661,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4336 /prefetch:8
  2⤵
  PID:6472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,15035920525349412513,8720336937168087812,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2004 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.bing.com/search?q=Quick+access&FORM=IE8SRC
1⤵
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdddb23cb8,0x7ffdddb23cc8,0x7ffdddb23cd8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,15698226295766598839,13513129201633754064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6596

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A
DNS

google.com

Remote address:

8.8.8.8:53

Request

google.com

IN A
DNS

google.com

Remote address:

8.8.4.4:53

Request

google.com

IN A
DNS

4.4.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.4.8.8.in-addr.arpa

IN PTR
DNS

4.4.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.4.8.8.in-addr.arpa

IN PTR

No results found

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

330 B
5

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

google.com

dns

56 B
1

DNS Request

google.com
8.8.8.8:53

google.com

dns

56 B
1

DNS Request

google.com
8.8.4.4:53

google.com

dns

56 B
1

DNS Request

google.com
8.8.8.8:53

4.4.8.8.in-addr.arpa

dns

132 B
2

DNS Request

4.4.8.8.in-addr.arpa

DNS Request

4.4.8.8.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c16971be0e6f1e01725260be0e299cd

SHA1
e7dc1882a0fc68087a2d146b3a639ee7392ac5ed

SHA256
b1fa098c668cdf8092aa096c83328b93e4014df102614aaaf6ab8dc12844bdc0

SHA512
dc76816e756d27eedc2fe7035101f35d90d54ec7d7c724ad6a330b5dd2b1e6d108f3ae44cedb14a02110157be8ddac7d454efae1becebf0efc9931fdc06e953c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bdf3e009c72d4fe1aa9a062e409d68f6

SHA1
7c7cc29a19adb5aa0a44782bb644575340914474

SHA256
8728752ef08d5b17d7eb77ed69cfdd1fc73b9d6e27200844b0953aeece7a7fdc

SHA512
75b85a025733914163d90846af462124db41a40f1ce97e1e0736a05e4f09fe9e78d72316753317dabea28d50906631f634431a39384a332d66fa87352ff497f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d118c3081b30e727be1bee5df66cfa1d

SHA1
4a2ce5d551ca70a9a221dc511daef8049b85aef1

SHA256
7cb980001394b5b755363d866b5a1341422cb8b345f24dc2ecabb64892ec7290

SHA512
d484c4523dc48c5f08f6c68fe0fdf063e67e42ee73600927ea4311c71f6b9f6312d9c7fc28a56d5a22000986702175ba5e25f3238ed19601ba7e31526cd6407d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0d365fe56e2c5360d10db4071d82cc5b

SHA1
266f9578f135fb8e8b095a6da00a096d506b3092

SHA256
c27f4988d3c05ba1d2545dbee25f65dc7f3e2fc3869671fd15801b7d807c6835

SHA512
384b36827fd6e8c3a3541477a50c2cd01a9d9857f72d6d0daaf89aa8be91c2f3140cebc0a37e3c498e3aabd8c3cd65088564f425ee496a01bcc72fe0fe4a8c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
300c31b8982873c1bb27eebd40370adc

SHA1
6b1354a9bd52d7c5180921af9b4d2a3c2b528f71

SHA256
8b6fc046c32b946ddb0040fc4f28b8f38c93fb03f1e406b736644cacf2534dcf

SHA512
71747e7b83cf6f4597fd58baf232c8c9ffb86f3e5fd04e7ad4f9693674e95506325b3e7606ef8d85d865d5a54092a22656a39e57e36e072e8d5cf3813f848f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358758799029085

Filesize
576B

MD5
f114b5892bb74e79ed6d123b4ecb0a33

SHA1
9da78df7da72f2c28b4e9d2bdd0f1b316f661a49

SHA256
cc0cfedbf7f2b70fabd54a7b81da07ef27d786e228ebbd7a4ee98a3dbe237fa1

SHA512
dc218fba61492eee1aa77cb3b3b94d93d8103e3196715f647612983c86ce6ef8b439440d231ce678252725ab4158b41887aa193acbc6c0470a6f762750729e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358758799280085

Filesize
717B

MD5
912d2bce3951678865ba91fe3b8bfd90

SHA1
d68153f17bed4b6069e056b02f886391e9b91b57

SHA256
944ff37844d00f5fdcc4f14d9b80c076e549f1207ca9a4fa94905c47992399ca

SHA512
8eb825f62b973c2b386ccd3fcc331c827a213fa7130b02826ff4d49d0f017dbbf4535a8160d6688c23a1f28482b29b295a24d64c23468d3a5d283dd6bc0e6fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
66921f155dc1b0eb4ac3872f450333b3

SHA1
93e1ef5f3202fa0307eeb19889b1b7b896c308c3

SHA256
be1cf84d9daa28f1966825648f35eb6dbcf74cb8b97908a23809e02ae4cbe532

SHA512
afc10948d699ebaac32000b6359c683f547b78c48c2ed791beb82106188b9f41d5b2f5c03862a2b0473e0932111f4ba9a1496bc367db9924e4d264b359e77bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
933632502ec02b4b6b29f1d7554e8e2c

SHA1
98342013b020b77e263688b3cdcb880c5af9c537

SHA256
8a856b9dd7bd911f6cb348fa687f97a4c4971c7ca51f0e6fab35220b9944bdda

SHA512
699ea6209c611d00ae53661f3af625a18a015201e3720431681ce508b1b9e0228a9aa6649be67c599205a8cfaeb06535fd0c08a29f5be61c6ab7cfdab80e74c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
23f3db2ace1e5f35b620b8d3e7b59273

SHA1
eb9778f651c334d14d8a8648540a07d5e6d4ceaa

SHA256
7aeb6c1a03b49c0134cfa0f04ae43c443b9c6fa5fc4457878323cd4c7b10064e

SHA512
ef4f396373e14ba144512b75eb27213a30680a9294ef422ad568288ac29e94fdd82dec1dcd3836cd1f031e824bbd59a6b632fdceca1c5d2a58f1312e71d7a0d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
908d27c9c4991d05c5633a87bfae853c

SHA1
2b37c7ffc9f43629a3fafc5bd9b026f808522bf3

SHA256
b5a8f980266c9ac1e6a6eea49e13f76f8170b3f319aeed56388b56e459f6233b

SHA512
d325a70a498d74769f1cd8f1bbea70b237204c913ced03d31426a9934b32eb0e744344496d5e654fa866f98277f4fd1a285bc7edfbfcc7d1622397c88d98ae10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
2c86c45bf54fac43870b9ef46f690ca2

SHA1
e7fe641815dd21057160bb3c35bbe72af292f542

SHA256
e0980d5f12fa77cf7a023b4bbeb7b04d55bc9bea0f7ab3a5ad7687b81364fc88

SHA512
4fee696abdfe9fd427a97234c6d0880bb63e51be39a0b016254b201c811617b7c26eaf5ae8ab43f2e6b5e5d267c7850962a74eea26922466937dc9bee219fe2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
56cdb8fb4c28ebc72259414afbfe92fa

SHA1
e02f2ba7c2d8e22fbce02ec0ca6fc19dbe9e34a8

SHA256
a3d6ced42fdc5b7c1b5357c80ea19899d7cf26657edfcb44c4f00f74bb413db7

SHA512
b346588d44bd7f199cf799de0956decf7966dfbcf26e3793e5ffbbca5e59e3528e4884c4aabe93c423e1bce74ad8832923d0980b48f82284d146f41ffe7245d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9a3a7dceb64dbda4c1a2c2aab223b056

SHA1
ef3bf0d5f57118627613afdb30407df290b80dfb

SHA256
5a4770d1c7fe3f0a35f2703de13b43612cbb0229ca40f6c2f860405b02d25c46

SHA512
a74e3ae434c86ae6787eb63c53c42033bafd9c0344f336a5f0cbc82435f966d2c81e3f0af253809537cba67bb9578713b0a97bd68fb826ef53599d261b08ad5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e0ab04e71d8f2331ee3b9ce92e43cf7b

SHA1
d5d7309cdcf4e57758bcee98060a4128de230863

SHA256
632b1005e28dd12136025ea691343a8a8e03de5512e6681cb4ac57b24d44ccf0

SHA512
3df7bafc478799abbd79f6408cfa625f123cc6b6bcd6220abdd53e56c0c7640ab28972bd904b0b4aa79b5d47188220af49ce58461a44d21b67514cd09bdb46da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e78f02c6bb0c5c211d4f8bb90b2b4dab

SHA1
980eca08bfeda826fe8a7d9177484fa9f5a0341e

SHA256
79aec77a95af7cdcf982ee7a8e5750a8c24d7f66973afa17730cc9c48b3a006a

SHA512
b464e3269a26617f0724af0caa4b69570e5c3719782d20dff4016b3304c66704ad47374a4742954089ba3280d040f3434b1d593d7a61a6a830ee25d1b5856475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
e63c8ea9f3776c61eb1ecdf5130a61dd

SHA1
780907377cd98598eee9791f9a42da8d28a760ab

SHA256
74755bf245d967272b11f655d91332d12611f2013dd6c804860ff29ce805860c

SHA512
31783504778c4140e20cab9594ea707a7570389fff21d3e430f1be4bffd9e83544f9918ddad48ca0393e3c307ae2a967f01dbb213f9cab282659b59d46523501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
096889d2be13b106574ec4ffe8d0b776

SHA1
5c6735640f67b81e8d9dbb88c0dbc60812805059

SHA256
4a971f9d3cefda84665299731064cba8053d68ecc037a50c55d330be3f148fa2

SHA512
f68e77c3187a1f6ddc7f7b7965d7f7c4c6a7c97f776d188c6b691040db9fd1c84ecaf629e62ac2f47817220b72405892bc935c2e33e2e52aff36321836fc8e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
f890ecac6f2a7730a7fa699b0356ed3c

SHA1
337ab32e1ea197d25cd7509068b854fcbf40040e

SHA256
6f9f3c193d8dfabe0f1aca0f7e8e8d9976d088b5cc571d518e0b6949a33773a4

SHA512
b27933d5a665bb8807eb59ae3ad7f0b26cafaddf169abeacf79904878d89e04aa196078c4fb5f04e32a60a08c9f070a397ddbeef033862f8ad24b6bb7f60a55d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.