dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c

Analysis

max time kernel
147s
max time network
154s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
01/06/2024, 06:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
Size

894KB
MD5

36dee2205e405d97287e8f0d13d9f4e0
SHA1

76513e265cc8f630548853b5852911b340616c18
SHA256

dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c
SHA512

33b43092354b3e09165f1111701b95678a8c9e1245d0b52566867fcb8eafe81cec26240628e7af3bc9d9f50d17376118596135c33e0a8b48c7aba65cf3e27a2e
SSDEEP

12288:vqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4T7:vqDEvCTbMWu7rQYlBQcBiT6rprG8aA7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
1468	msedge.exe
1468	msedge.exe
2636	msedge.exe
2636	msedge.exe
2988	msedge.exe
2988	msedge.exe
4004	msedge.exe
4004	msedge.exe
2368	identity_helper.exe
2368	identity_helper.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe
228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 1468	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	78
PID 1052 wrote to memory of 1468	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	78
PID 1468 wrote to memory of 4380	1468	msedge.exe	81
PID 1468 wrote to memory of 4380	1468	msedge.exe	81
PID 1052 wrote to memory of 4548	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	82
PID 1052 wrote to memory of 4548	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	82
PID 4548 wrote to memory of 4704	4548	msedge.exe	83
PID 4548 wrote to memory of 4704	4548	msedge.exe	83
PID 1052 wrote to memory of 636	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	84
PID 1052 wrote to memory of 636	1052	dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe	84
PID 636 wrote to memory of 1380	636	msedge.exe	85
PID 636 wrote to memory of 1380	636	msedge.exe	85
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 1288	1468	msedge.exe	86
PID 1468 wrote to memory of 2248	1468	msedge.exe	87
PID 1468 wrote to memory of 2248	1468	msedge.exe	87
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88
PID 1468 wrote to memory of 3468	1468	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe
"C:\Users\Admin\AppData\Local\Temp\dc763de0c256166e9fb83aed3fdf28935c14b1b04f7798ab513b940596851d4c.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcf4d3cb8,0x7ffdcf4d3cc8,0x7ffdcf4d3cd8
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
    3⤵
    PID:1288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
    3⤵
    PID:2368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
    3⤵
    PID:328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
    3⤵
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:1432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
    3⤵
    PID:416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
    3⤵
    PID:1692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
    3⤵
    PID:4232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,941642760427028616,12002829995496410721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5956 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcf4d3cb8,0x7ffdcf4d3cc8,0x7ffdcf4d3cd8
    3⤵
    PID:4704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,1880666923652368734,6598113918372778674,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2000 /prefetch:2
    3⤵
    PID:2380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,1880666923652368734,6598113918372778674,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdcf4d3cb8,0x7ffdcf4d3cc8,0x7ffdcf4d3cd8
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,8417212356768921413,18158202465314834518,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1804 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8ff8bdd04a2da5ef5d4b6a687da23156

SHA1
247873c114f3cc780c3adb0f844fc0bb2b440b6d

SHA256
09b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae

SHA512
5633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e4ed4a50489e7fc6c3ce17686a7cd94

SHA1
eac4e98e46efc880605a23a632e68e2c778613e7

SHA256
fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a

SHA512
5c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
26376cafac122e72717c1c05b11ef573

SHA1
decd9fa231e4fa2d24d496f8cb5897ebf68e0767

SHA256
69d915c5ecf6726c22ce78bf338875c9d4c06ca3aa6c72b74f15ad08aed89647

SHA512
8fa1563b218b6cfb57d0c0e8cb5136dc62c052f5c274bdfa989f3b459b257d91c4fa30d0f7e0d8638083cbf4199662d58c276500f2bfe4e389154954670e599c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
eaaebe2e8f36598a0a12664a57e3dcaa

SHA1
aedcb597d43407c0bcb242ff3a6fb751a4528072

SHA256
a8fc247a63870fe476cd1be226ac4c9d95b256867948718c197dbdfca2703259

SHA512
e83e0c3e0677fc17eb602e281b867a82a9892ad06580a06f823baeb43118cbc5df78d3551bd1e05867c1a0e22af144a11e81bdad7f8048023972d474a0c82337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
31ea8bcdad494a964d55a3a6a840be80

SHA1
aa42914ab1580b85ea789124f70d78cb81054663

SHA256
b7eb16be9517dc5e139dedab1b06bf1254d5f064c68d28d9d1d34aa19a0affd2

SHA512
27009db54b9f5ae6f3b80d4c46d88378ee16b0d41dbd0b6487f559d3dc9d3737b3ee584fd834f08a59c99ffc7ad098b0847e0c36ff2644fc910ad8bebb200e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f6c7cbd51973453c2cdafc833355dc46

SHA1
40c68c0a074a45d89f5bd2e004e89c6be328caeb

SHA256
46858fe1ed4740342d30ea84fe2e75db8cca3de56092c9ef669a40ec931c950c

SHA512
3aa62cd5f2f118529e6d664de8c0ec61169271c91d94ca820fdc7ce5332990dedeecd04b4381b0c3a05972ec06a172a585deac0885d82a98126b077b43c2f0c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19bbd0504fd982384f29c74a3c21882c

SHA1
2ac058995d7bcc1f5dcef3cfccef576b9929b4e0

SHA256
f44691f17860f2b3da4121398e3fdbc2112a043f81be6cbf69cf74f404ec758a

SHA512
caa5e7e4133815690cd3fb485e961d52eab8053cba9cbcc2ca22bc7272f1dd39961d7256a4bd2432f32e74e68405150ca9b6cd9e7697bebe7b54e5ef0f4e1e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
286658c237b1899cddbad015da1b3995

SHA1
23d11eb2ca895067dd944c1e6e6b764147bb4e6e

SHA256
98f98d1787056971638e10fba33ffbee1ff85327c1345ee965749b47e2394b42

SHA512
e30243e7d72d7b4199e660e5f422deb41de7e0f051f3db2c34b23fc8b0d097f93c9640f30cdf0b09cecf9dedbe80b6d7572ea241c0e04354f2c3a3c56cdf9584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
34239828307cd014171a7692063c98ca

SHA1
e0eb1b6108c897d7d1a233d3e9878d12cdf975c8

SHA256
7929cd8098d72c805baf23491724f9a6b0586326ff179692b37480f7517975ed

SHA512
94efaa97383fd6984b2746537fcb22ec063451bd5a71f145f1ebc14492976a960acaa82e517bda5a722a02ed32bb139e4cac14afe323d0aa4a76824ee6274824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
7bddbf39be571cafc3dfa72bd65aff45

SHA1
3fefcfda59ac03d084a3c117fe47590232bb2ced

SHA256
e9b65aafc7698bf9fa27b1e61bb5d8e408de9fcd86c7dfa9910e720d556e8339

SHA512
6870031e9673c914269317b0c4255cdfc368d62b61e9bbdc8e9cac022068e77d11a151f4b4b818c2f35f647a8455e879a16b156d724b3c68cafa17fd90213f43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
35785663092dbc93045ed28cf4f35588

SHA1
a3f6f30d5bd23f027ea0c247450da40a118f63ae

SHA256
04171621528c900832a7b80ecd4b8283406527a7f39c315d1550abca2a8263b7

SHA512
a265d809553662ab59da4015132acf24fa2099e1378754ec21a3124e1b5e864c86fbdcb2d37b5a5a04ab02156f7e7e777f8e4a629e2336f237cb372a7cac8bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a99e.TMP

Filesize
537B

MD5
83379b1ac35d2a567a59222646ba5811

SHA1
c846fe7840b2b64b0b42a95e56b20d68cbc70e24

SHA256
3e89ccb9f0da0f2e5cc8268be91cc784cfe0ee1285944323f9af8d32315c12d2

SHA512
5101805747159bd2144730c2c10f7552f046d64b1489be0851ade207107ed6ca8091a7c3bb414833d83eba4731106fb3cb0d31bab7626dff6d18dbe10032faa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ee4414a7762645196f30aa93a371e1db

SHA1
344cfeb14fedc96248be472fcac025df2e5a7b15

SHA256
1ffebfdb2889deac2959bf20b3609f2a79c55f1ac96aa05396377d6bb966ae46

SHA512
be4d925bba2425ba116f38fa7dbbd8c054c303360a573d834f8d211ee6067c251f447858c646c16e9f835538b2c99aae1deeffaade907b65bd8d7156c677b90f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68eab130abf2fa060b5b2561afbda1f9

SHA1
fdc75065a80256b058ee3eedee08537e0ded7cdc

SHA256
b96f426636b53fcb510f704eb3108f317168265435b3119787473f431f81df89

SHA512
8f7a3891f8ef1f6819f4fda0e671c9d02428e980f69c1a7c462060b6f4a3a2f07a1dd6b3a1ad9277f925dde2eab17634c1d08266a82748d3e6ef3b5099bfa782

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4dbb2df11807e503756c364be3eb4497

SHA1
3c9d6fd5de4ac06f9d0afaf4dca0390d2eab11b0

SHA256
9f3ec60a86ad6c948d1f63aa98f77274bb41906aaeb34dd9b4aa5b263cae79ff

SHA512
f39fad32a83d1892fa126735e05e9459f52e6d8faadd8873f4f9fc46a5872ed92e2443cde2f32bbf18840bb595e0808483ea60707de31fe2bb267ae2fb381eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
177a043b89f6294cb6786cb3d9dc2f19

SHA1
88ae1d4c83c8d547a89d71919955b20eeb2f47be

SHA256
f2eeed1faf83026c40d3a317b5182717216836d2840d85ff8034dede3d9c2d59

SHA512
094d45907249632be95617f01fe0892950d273daa3e9f1bf991ab80d82bebcc5208eed46b5e4bd9881659d8a89f9f65da576774c42244e6e50885f2934db5ca3

Download Submit