6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 00:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
Size

897KB
MD5

c62d6a1e937563a6f7cbb13855b079e9
SHA1

ce11f8a68e41004b5c1289d38352f6f0379ffcff
SHA256

6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e
SHA512

c0034aa3ff15c51d87d06a0b1000a8a4d8e4c465b03afd6641ebb0eac444051e272b7b8efae2c3a62dfd44b7310814733464174ebe5c2e7f03fb8ffccc32076e
SSDEEP

12288:sqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDganTQ:sqDEvCTbMWu7rQYlBQcBiT6rprG8aTQ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1272	msedge.exe
1272	msedge.exe
4752	msedge.exe
4752	msedge.exe
3092	msedge.exe
3092	msedge.exe
768	msedge.exe
768	msedge.exe
5852	identity_helper.exe
5852	identity_helper.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe
5176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe
768	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1464 wrote to memory of 768	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	83
PID 1464 wrote to memory of 768	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	83
PID 768 wrote to memory of 952	768	msedge.exe	85
PID 768 wrote to memory of 952	768	msedge.exe	85
PID 1464 wrote to memory of 1952	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	86
PID 1464 wrote to memory of 1952	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	86
PID 1952 wrote to memory of 4604	1952	msedge.exe	87
PID 1952 wrote to memory of 4604	1952	msedge.exe	87
PID 1464 wrote to memory of 3588	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	88
PID 1464 wrote to memory of 3588	1464	6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe	88
PID 3588 wrote to memory of 2216	3588	msedge.exe	89
PID 3588 wrote to memory of 2216	3588	msedge.exe	89
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 1952 wrote to memory of 4624	1952	msedge.exe	91
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90
PID 768 wrote to memory of 2936	768	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe
"C:\Users\Admin\AppData\Local\Temp\6d2a6c1ddb0db05da4f4a97162c1aef266881a8539da7362f7d72eb43120651e.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa34718
    3⤵
    PID:952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
    3⤵
    PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
    3⤵
    PID:4888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:4656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:4716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3808 /prefetch:1
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
    3⤵
    PID:1848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
    3⤵
    PID:2120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
    3⤵
    PID:5488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
    3⤵
    PID:5468
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    PID:1384
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
    3⤵
    PID:3208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
    3⤵
    PID:2124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,9515581249115814509,7065126922601140048,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2696 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa34718
    3⤵
    PID:4604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,14674398234889516205,10474637562519879906,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,14674398234889516205,10474637562519879906,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd0fa346f8,0x7ffd0fa34708,0x7ffd0fa34718
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15958398066407589517,16973759452055966054,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15958398066407589517,16973759452055966054,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
ad8e4dbcade2f594b4db2416a07704b0

SHA1
146b26b37e57755a099256695e22a0c40bc0198b

SHA256
5c185057cff81f5c1af4385fe9836aac8fc1fd08e629a9635d56785768d5a305

SHA512
8bbfc049226abd92a042138d6db5c843ddba69ea86158249265487c2ea52c13e8b15c582f27a40d0bb247ba975d5fc6ec1d73785405ce748780c5128dddb2857

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c119a92dcfc7d46b354139f75849f1e6

SHA1
baf46acca26ac2faac7048dc7c64d2379e956aca

SHA256
8d79e61bab40d9b56f81b9323042d66898e1d6bc6c4a95527b3589b2292d54b8

SHA512
fc2f9979630f3cd5e43905be31593ee35e0563c5efab652edb9ad1a653abfc6e9c4b7f86e8ddaaeeb2095e73d9de715fb54f580af657bdb5e69c6dc567fbb2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
605b3d08da8a8e61320bcc95afdb581e

SHA1
c108204404eed48790702fcdd7967fed7b5c6270

SHA256
9cbf03d1c1b993d4324f23817c7bbb80f8cb6b09a6353a0fa0c529756963c8d9

SHA512
ba7661b02bf6491bdce9e9942352b08bf39a760ef89e987c4c4c1e9c1dcc9ea1b02ae18bf9842801baa601d31c61eb60f1369c529c4cde649d39c520fefbaba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ec66a70ded91b29d2f5dc81f90870629

SHA1
4cdd6ce7a6c731a99a0d22209199a5d491a7f645

SHA256
2a81bb3f3ff238fc9afe9d0782bf091d5da961e01b9e8d3fd23498df3df70c89

SHA512
ec88e6afca07331c783474fe59a568e34d21f21a9ba6e119255899b0d311b80cb5830d7f051f8e00ff43f42b42248c7fee8e95d157a240e9e1653d4cc3a76b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
adeeb6ec221d45745bdd5a1c54be6899

SHA1
29fbbb50e6a4401b9377e6eeb7d1a6a61ce43bce

SHA256
56adad842caad12439b2a45f21f621356195f7ab2847c3182aba149bc92f55a9

SHA512
545724a884b5c9d1e967a345ec39bb5466e537025e665b32829c5767d41811ec0d559f0129ef44d5925c36afc6dc01b7a337e425ba6d0c7b73f0b301bcb4e74d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
dd7634a7e8f702ebfba1a71d5efc3900

SHA1
8a4828c79f7fe757296cdcd116f5fd7bb42215df

SHA256
da1e4ccb211c5db2ad5d0c2968ca15eced3644755f73a131359e33aa6bf6b734

SHA512
c4916f0e6fe4f4cb3cbadae53788892f4c906d1823808a83eca581986a8cc2084ef21064448851e15d9e69c40c87a62b8cdec71b534fbf343bf463e87c967929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
6ea455c9c3617b76c928d015e9998479

SHA1
b8a1a9f557dc79f532f8395cf51bcf7ace28ce86

SHA256
f47f5073b43c6c40b009a782a1b2c53693c903e3f6bf9e711b476b19370f18e2

SHA512
9bdcdf7e4a4fefe2ae604789f81c6238fe2d19474b6eb982bb4b5852970e1ed67dca3820edabcf0ad18797621de7d2173bb7907007658ea2194d4608c757e343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3c6bd7e6b5030a1dc08848a764d19b32

SHA1
cf6a4455078b6f5bbd9dd54be1b111689f44cecf

SHA256
575c81fdfa6bdfd22ac5977c77da03b7e66682b8c53d132c129f1c3fcd9a7767

SHA512
80c06d106ae8172ecb532dbc504c4e8e0be403d67881f2c90d1b9dc46a6470dc97e1d055b790dc9fa5aa122e7c5a78b6dae21ef07b118bd3f2bb6d158f7d0072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
49e1fb842a890a584d5fff6984eeac96

SHA1
77c4143f14f77685e1a4df9ce5af979c7aa9d7f1

SHA256
1b5c36f01df5bb356bf6f31ffad2f091453985017a89a4df225fabe1cbf8d9ed

SHA512
36ae307b86de24e1f4ab5668483cf6e46f5bfa46b0c24d1c06b05caa1ee5549e9eab7568bceac1e9adb66d80184185e750335876e22f7883dbcbe77d944181e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57881c.TMP

Filesize
707B

MD5
cd4a3b5dcfb5aaa18a6695634b338c1f

SHA1
9211bedaa0828e00bdb250576b6ca57712741f73

SHA256
18801ef9b848ccf75af3284558babe3151f23e5992ff54bc843029a9f5ce09b1

SHA512
9f9448b9ea5d7ebf1d66c981ff1973c051bd1d3e0465a94a68f90b2235b539d5972d01c0434d3e913935f1fb3cc9effc952b809fd8f027048284f2a9dd075bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
45469bdc64a493bee9b21ea7f521b2bd

SHA1
26b3beb0ac4266e3d9b80977f80c5a16a4260206

SHA256
824971fa252bfff3b5698f7ed579d3be213582fda691eedc0a20ae609aa65126

SHA512
bef5dc31b3b2ab850d11d049811027a544c4c2aacd837e7044155341c77385b54d0796418e799b9d1694989be6e8a55f8cce12833feb79be04a5ed66f160af60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
59f26097386429fc357cf15c7f725f26

SHA1
ca19f1336f43b857abeac710366ac6073fe8762f

SHA256
15774d3a7eb4bb16bb67bf9d1b6dc925b631b89ce52907535d9bcd216ed85967

SHA512
302c43eed77a8ba489efa00b4ac60e22c47df1e1c887cffd6c94e46e6af20048e89a63db8b72b6619bc70a3bfa72f072d2147b9b465f3e2bad1d828828d90236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
970864542b95791be958209040974fd1

SHA1
c106260c98d1d06172e1b1eaac88394b5abc4eb3

SHA256
f8c2b79dd1e823f7e8a68ae551c817c6876af33edcbbaa6d256bde9917b7dd53

SHA512
95b8bd11c1389dc3b80c74426a8ae88c1b545501b6c8372588b695dc95241d7c19d9a50806e4ee1da3e63019245d90b9cf77584b7359bedd36acd06f6f67f91c

Download Submit