Resubmissions
14-06-2024 11:00
240614-m4d7jsxfrc 314-06-2024 10:50
240614-mxppps1ekk 314-06-2024 10:39
240614-mp8gvaxbjc 311-06-2024 10:04
240611-l3yn5atcmn 311-06-2024 09:55
240611-lx1arssfle 611-06-2024 09:53
240611-lw1j5staqm 311-06-2024 09:45
240611-lq65qssdmf 311-06-2024 09:44
240611-lqm2vsshmp 311-06-2024 09:43
240611-lqfb1sshmk 311-06-2024 09:41
240611-ln4a3ashjj 3Analysis
-
max time kernel
28s -
max time network
31s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
08-05-2024 09:27
Static task
static1
Behavioral task
behavioral1
Sample
b28242123ed2cf6000f0aa036844bd29.dll
Resource
win11-20240419-en
General
-
Target
b28242123ed2cf6000f0aa036844bd29.dll
-
Size
87KB
-
MD5
b28242123ed2cf6000f0aa036844bd29
-
SHA1
915f41a6c59ed743803ea0ddde08927ffd623586
-
SHA256
fd563cf7c0c862ab910cf558b5a123354b616e84902d277edf09f378ff6f9786
-
SHA512
08e5966ca90f08c18c582e6c67d71186a6f9c025fc9f78020e1ce202814de094171111b7f3623d81f7371acdf92206446f7c0425e08e8f5f5b6fd969007d9fca
-
SSDEEP
1536:0A1KsVHBnVJ0T1rFTQHUPx+nVP7ZSRILMZoXyqqEbzPCAdt6rFTc:0A1rVIrFTOUsnVP7sRILgAPCvrFTc
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2220 716 WerFault.exe regsvr32.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-293923083-2364846840-4256557006-1000\{7E501784-3BC6-42A4-AFB9-1334D02E8511} msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 2876 msedge.exe 2876 msedge.exe 2996 msedge.exe 2996 msedge.exe 3580 identity_helper.exe 3580 identity_helper.exe 3872 msedge.exe 3872 msedge.exe 3884 msedge.exe 3884 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
Processes:
msedge.exepid process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe 2996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
regsvr32.exemsedge.exedescription pid process target process PID 3516 wrote to memory of 716 3516 regsvr32.exe regsvr32.exe PID 3516 wrote to memory of 716 3516 regsvr32.exe regsvr32.exe PID 3516 wrote to memory of 716 3516 regsvr32.exe regsvr32.exe PID 2996 wrote to memory of 3156 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3156 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 3576 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 2876 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 2876 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe PID 2996 wrote to memory of 380 2996 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\b28242123ed2cf6000f0aa036844bd29.dll2⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 716 -s 4563⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 716 -ip 7161⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaf0ca3cb8,0x7ffaf0ca3cc8,0x7ffaf0ca3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2492 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3500 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4520 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1892,6615209015894201344,7438543830666931065,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7552 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004CC1⤵
-
C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416Filesize
1KB
MD555540a230bdab55187a841cfe1aa1545
SHA1363e4734f757bdeb89868efe94907774a327695e
SHA256d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb
SHA512c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416Filesize
230B
MD53d4bef951b754582ca3d823d2795486e
SHA19bf43b8e56888a13a0f00310d42677da3d517a02
SHA2568f7e0040c68d610ad39c858efb8e3cbcc07c9b5dbbc7fe371e47485e81d539df
SHA512edf37f1a694fb1caa99060ae1cada1dfa3bb0853a0bb8ad85843928cfd9d5e56ef78f02b42d26a692640a067f363d700689a0967b4b51316fd18d6fa021b0f2d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506Filesize
330B
MD54f5d7706c2d56a74fcbeb7422af9a8e5
SHA180dc90b55619e2a764ace30407e20f93efd6a622
SHA256fc648114da7613d3933b7d88cc1b7082a82f2b70c72a6fac2af3f80e1b31918b
SHA512015387689e30378674002eee06c8eb4e2fb52f73121bccd7ac18ce068574d5e19691db1c6898ece8c9160f585d2de02894dd9dead79b5d89966a9114b9600270
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55a85ad170d758e61ae5648c9402be224
SHA1e6dfce354b5e9719bc4b28a24bb8241fc433e16f
SHA256af0da8b5ad8127ae0ef7773bc9c4b145ed3fe7fbef4c48278649e1e3aa5ce617
SHA512641414d91c993f74b6b71654522359d606c7f94ac0fcca6478d1bc33c30f4a9fdb9ce6f8e281c79a2f9b9670fda8a4ccdd80e7d64347c1f66d8c9ef024bcb09b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD522cececc69be16a1c696b62b4e66f90e
SHA1b20b7f87f8bc64c1008b06a6528fc9c9da449c2f
SHA256d940b85bc83f69e8370a801951eb6b8bb97efbb3aa427664105db76e44707258
SHA5122b2e548f2c8f84d321ef2afdf31128065c3593b884ca8111b05800960b5378b99c7efa6165d02fba4c11e6e4b49b14e419d89f76d55ef574f4ac2b7d6ecb3d48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5788e591e4a18c7e3b5478139649a92ac
SHA1524409157b7e7842404c1907193592a97dc3ea3a
SHA2567ee057b770572a36e92b619ef8fae46f06aa604de4edfb8280acf4e93802fea7
SHA5126bb2e176fcdffa96aa6e4e8d326b16a2dbc67497d9d7a4a00239ef5a1158d0f4549db276e9825c35ccdfeddd51896fb8ac188606f3e000c27ddf05cb52a1ee0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5bd46f60701c63f0f6d959edba895b9d1
SHA110fcf4c247db86ef7a00820d4181b2345432f81c
SHA256fa7513ba582090485f28d17b4d0419470469e99f6ab815c8af66030decfc8e4c
SHA5127d009932800c912177be8a903a2b026e1f92b8fd3d63199624ac003db1073b68a98d94a8d79d62d8e7dfab5bc4fac9dfd2dcd703f2f649f2b5c25d0c41a5d7e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52d82af32c2b8331a3ca69ecf91c38235
SHA1b53878d8bec4d4b23526608ae6864dd6036f0ab1
SHA256345fbfb8ada7a65d18f2c347a19ed1b9426c0b9212882751a8c42652af5eac29
SHA512d1fbc41e3b8c3be7ea735e676a1114fa4a23ad546dcefc7a9751963c2459abe863d68ef1f04b242d644902845d04140a84b2baa92751122718d010cb2444bb88
-
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.datFilesize
10KB
MD5188e513ebbdb02e7447e280fcf7c004a
SHA15f355f09d4d47dd56eb1b661dd84acc22538597d
SHA256191198b73d7476d1efb0c6b961de29a5c94f718542252a50677563495bddf82e
SHA512b7a6544550ab316ad8e6aab7028a89fe8fd5fdfae3fed5862adc0a220a48794b00be28365d94fb5d11e914e6a27b14988ffe41411961bb54e9e35878109008e8
-
\??\pipe\LOCAL\crashpad_2996_DEJAHPMGRPXLFMMEMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/716-0-0x0000000000400000-0x0000000000443000-memory.dmpFilesize
268KB