862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
Size

896KB
MD5

0dfe5e8b9874cc037c07cc41c3a15d3c
SHA1

ba7c2455a00dcaa8c4c639aa0edcb1db26fbebf0
SHA256

862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72
SHA512

0ec8d2a9cf89d31f2f4bcd1a4bd6829a6bbfda959080226e50e65f35dd507bb76ee39b2b49b07aa896871cbeb65c07d9083ffb53ddc4d181e2e06229e4cf7a03
SSDEEP

12288:DqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaZTW:DqDEvCTbMWu7rQYlBQcBiT6rprG8adW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4556	msedge.exe
4556	msedge.exe
532	msedge.exe
532	msedge.exe
4612	msedge.exe
4612	msedge.exe
2932	msedge.exe
2932	msedge.exe
5532	identity_helper.exe
5532	identity_helper.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe
4612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 936 wrote to memory of 3296	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	85
PID 936 wrote to memory of 3296	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	85
PID 3296 wrote to memory of 3540	3296	msedge.exe	88
PID 3296 wrote to memory of 3540	3296	msedge.exe	88
PID 936 wrote to memory of 4612	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	89
PID 936 wrote to memory of 4612	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	89
PID 4612 wrote to memory of 4356	4612	msedge.exe	90
PID 4612 wrote to memory of 4356	4612	msedge.exe	90
PID 936 wrote to memory of 3208	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	91
PID 936 wrote to memory of 3208	936	862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe	91
PID 3208 wrote to memory of 5112	3208	msedge.exe	92
PID 3208 wrote to memory of 5112	3208	msedge.exe	92
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 3364	4612	msedge.exe	93
PID 4612 wrote to memory of 4556	4612	msedge.exe	94
PID 4612 wrote to memory of 4556	4612	msedge.exe	94
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95
PID 3296 wrote to memory of 3440	3296	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe
"C:\Users\Admin\AppData\Local\Temp\862468570b69d3455c55bdcebefebc609ddc2d108564fcc544758a378ceecd72.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd34f46f8,0x7fffd34f4708,0x7fffd34f4718
    3⤵
    PID:3540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6708628423094434749,8055259792531008853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:3440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6708628423094434749,8055259792531008853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7fffd34f46f8,0x7fffd34f4708,0x7fffd34f4718
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
    3⤵
    PID:3364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
    3⤵
    PID:5088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
    3⤵
    PID:3100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:1248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
    3⤵
    PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    PID:5300
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
    3⤵
    PID:5544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
    3⤵
    PID:5792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,11333045258144432126,4445804077619981565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd34f46f8,0x7fffd34f4708,0x7fffd34f4718
    3⤵
    PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,17896461963010893518,4245555755069416950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
f6c514cc95c551149f0b96e415883a75

SHA1
01a629a41e6510fe99a6d63a4aa1e9dcf634d62a

SHA256
77f4693a1fbcf6b1dc93e9d9f85f05e9584fdd642e09347c19a420cb98a9285e

SHA512
cbfdd658f55d511ee843951bbf9705276a77672e992dd1ed0fbf263f48c641ca2a578c4b9e2a7dbe112a8eb53ec33bdc48c552affd6baeb7d5f87ce280032892

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4c0bd3889ea8c6ba34daf45589aa83cc

SHA1
137538ddd34d2b392a865f43324ea80e1a22bfec

SHA256
b55d91487c7bcd269e33aa7e51fabfa94add898c7f39b7838b9c0d96fe998a29

SHA512
2e294b335660f8472e103d2c88995b9a44417ed84b978e87403a90200a981f2e746457f010f64acaf535dc7d96aafd7a864f2bc68424e69b5e99cea28f189324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
163c30d700be5aa558012c10ea68e9b9

SHA1
5cef63a8a3bd9cd0b93b81d767ea692d2daf2bc1

SHA256
21346676ad6d9668a4eec6c4606cc98cedca699346bd02611648dbfe89deb0d1

SHA512
6b14b3602864a9cb8566b4e07d4e157f2a99e91bab58daaa0d220697302306eca49b592cd2223324421c9d7ea5317b6b4e67cca2230a3864e511636a13521967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f5f6245dcd0e843301ee128176b56d3

SHA1
7f1cc5fab78c9bf3a6a1163cfa7e33a2c441937b

SHA256
bc5096cd109741e7bf1b034ae475205a3bf4d57001762c9d40359718b7e2b619

SHA512
231b4324708eff1f5095f02e7aa5be09f6be28616781eef0c5b5d3737fb5a2fe746dd6a84fdd5a449db5de28f2851cd0f3689bd1237eeb77c2c661d99b56ce3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5300f9d35148b5bbaaf19a307c8fc79

SHA1
e76406b98c10fc56e10287e20e4b4c8f991de058

SHA256
fce2a4d7bcb47d84a40ea5171a835f48ef643c8fe2647e315c1683bdb96184e5

SHA512
bc42fecbdb21a0c298afe5c7692a6e861dbfb5fca6cc94613d6b9aa0f419b54f78a1ec3b870ef03efb71a6e3aae07dcb5a9e08d32ce0f62198803b0b9a3659e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
c3a0fe489dd7a8985734231d46425c80

SHA1
5cbc4d220cab786016d41cbf0acb3ead2e4e8eb4

SHA256
70117a5edc6090fde5b333f5bba5ca8c1d5a90e688a3f31a80c482fed58011a1

SHA512
e11e77b73098325d71abf95ec837110274d59c11cb9514739bcc44c60a545d1473e3499f238bd1d6fe45fd4b03731efc8dbce903b153677a1f9f97f3ec6ada63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
6e25f0201cb9c78a1361ca805140ccee

SHA1
157b494e0eb1f4b286af49df9df6214034e37a05

SHA256
184f792c1046e10ed3eb8ef3a63c611343bf0887c2b522c4f0a24fa2e21dade8

SHA512
c489c2b007fcf380c4dfd68d2a4d38fb8b1de46917008cb03bc67acabd211276fd1adcc7f3c8794589ed7e8dfdbcefede4e84ab02b36dfec36feff9d1fd7a4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1275f2c9b7a2ff6e54cfb503903ec657

SHA1
47e02b7d9f8dc809da8784557da3dd829496ba19

SHA256
a209ea389f5f2e615178dd5dd427be20b6d37d68b3050c2048e8130cac7b324e

SHA512
5e1b30c095024abe186eef255455c627d8dd142a25591656411ad867ed872c642f10690423a2924181cd3e0824a69f4d953f81878b4ff4e23fe9f4612bdeda71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
d1f5c83c397cdbef79f0613a5db67103

SHA1
1d217bdbf5ff616b4dcb8161cde4638584e6d902

SHA256
e9e472ed49799305b875213736a42d4d4d28565205fc72abb5089217dd443656

SHA512
ccccb9437cb84b271d01bd8a0af59c6ea1322bf00fc2fd8fc4dc621c1e92356f5ad4e3f70738e2b7889121934458418ac94cc22f44da768f742fe056d7324fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dc46.TMP

Filesize
707B

MD5
2d1abb2fb3f1bb684f9411b5b24cd122

SHA1
8362f387b060ac362222cc7a82992c7c83b1905a

SHA256
0e743efa8906d0298f942b326d3b5cd69895cb44d4a159507214636c950fb490

SHA512
7c2be7a7be1646507091382b25dec427a729e8f2204c6979c1147fbb4adf6fdbdb12539cc0a0cf44ffffd8cce6bb490a9820e9190891df35bde37cc3fe982500

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
182128c8ad94226facfefc91a92e1668

SHA1
a67ff611719ce520e608ee1454f100bba3cc3baa

SHA256
b00252ba879677e86d3e3f2233e750a5936749eb29b0def0ddd6442a58c25e55

SHA512
3c21bba7dfdef651ab0449b1474b6bb8a63cb920ee8d0c79615f2e3b196a5ce066fc19c6467e70ac1e4a3b92c679353b04268fd19c3a27b78e0670f3b3b2494f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8f850f61fa24837a0d97f735a24127d2

SHA1
6c6cc1bc91669f09ce90bc42e642b70fd84dd884

SHA256
c14a7a7e78be430c34d827b689aa4ed8f5fb5a1dfa3057ffaa504921d20be789

SHA512
2f8158734ee84f86774325ddb69380ea6daa327d9612f0edc9a0946ca03b54068fc61cb6266795ae89d14984e35aada785f308410e953ba80a821d2469d8f70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4c120c425afb48ea87ab6ebb74cccfa9

SHA1
89fcc8d0c164f6d0c8efa7a872652a3fa2489b89

SHA256
d4236ab07f543728ed7b6200559c24542cb24d2656c8a42e79efd041cd844d6f

SHA512
ec763137bdc21c9ef835de1ff555ce8028d5ebcdfb94eaa3cd60952bd562fb47b3848cc97c606c5f95c21cd02e023e76b200a8272dc725f81f2050397ef9560c

Download Submit