Analysis
-
max time kernel
146s -
max time network
155s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
02/06/2024, 04:50
Static task
static1
Behavioral task
behavioral1
Sample
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
Resource
win11-20240426-en
General
-
Target
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe
-
Size
894KB
-
MD5
1f75c62e86ca8b74f7fe88597ecffe75
-
SHA1
4ec7859a9fb69306a8bfcb66b67d0d9ac807d137
-
SHA256
bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53
-
SHA512
22773aa37f3a78c0e9c83e4f1baed286d64cdf01cb2731b5b8ae6c0e8f043842831a62c26a54ea1020fd000f126c81e883d8e42d6fb5ff6f0589f65163e63497
-
SSDEEP
12288:WqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TN:WqDEvCTbMWu7rQYlBQcBiT6rprG8aAN
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1112 msedge.exe 1112 msedge.exe 2424 msedge.exe 2424 msedge.exe 908 msedge.exe 908 msedge.exe 2968 msedge.exe 2968 msedge.exe 540 msedge.exe 540 msedge.exe 1256 identity_helper.exe 1256 identity_helper.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe 1584 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe -
Suspicious use of SendNotifyMessage 15 IoCs
pid Process 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe 2424 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 224 wrote to memory of 2424 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 77 PID 224 wrote to memory of 2424 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 77 PID 2424 wrote to memory of 4580 2424 msedge.exe 80 PID 2424 wrote to memory of 4580 2424 msedge.exe 80 PID 224 wrote to memory of 1976 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 81 PID 224 wrote to memory of 1976 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 81 PID 1976 wrote to memory of 2072 1976 msedge.exe 82 PID 1976 wrote to memory of 2072 1976 msedge.exe 82 PID 224 wrote to memory of 4400 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 83 PID 224 wrote to memory of 4400 224 bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe 83 PID 4400 wrote to memory of 3024 4400 msedge.exe 84 PID 4400 wrote to memory of 3024 4400 msedge.exe 84 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 2872 2424 msedge.exe 85 PID 2424 wrote to memory of 1112 2424 msedge.exe 86 PID 2424 wrote to memory of 1112 2424 msedge.exe 86 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87 PID 2424 wrote to memory of 244 2424 msedge.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"C:\Users\Admin\AppData\Local\Temp\bd1f6019ffa68922aa3f77b3585cf904de18b5ffa650bdc794bd8cda20a15b53.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd83⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:23⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:83⤵PID:244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:13⤵PID:4480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:13⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:13⤵PID:1036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:13⤵PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:13⤵PID:2644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:13⤵PID:1320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6256 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:1256
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:13⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:13⤵PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:13⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:13⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17300655544087224024,1375886953188444479,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5828 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:1584
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
PID:1976 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd83⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1704,8231810911251357103,3230122687743806804,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1824 /prefetch:23⤵PID:3352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1704,8231810911251357103,3230122687743806804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:908
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
PID:4400 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff874e13cb8,0x7ff874e13cc8,0x7ff874e13cd83⤵PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1452,2073908602875690781,17273584648787605715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2968
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3304
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1412
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4404
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD55e027def9b55f3d49cde9fb82beba238
SHA164baabd8454c210162cbc3a90d6a2daaf87d856a
SHA2569816e980b04f1fe7efaa4b9c83ff6a0fdd485ee65a884c001b43a0cad7c39d83
SHA512a315e1336c5ec70cbb002969e539068ba92f3ec681b6d863db95227fd1808a778fd994e2fb03f28f0e401677aa5f7c66813e315b6b99a5065384c49586f9782e
-
Filesize
152B
MD50c5042350ee7871ccbfdc856bde96f3f
SHA190222f176bc96ec17d1bdad2d31bc994c000900c
SHA256b8b1cb139d4d19a85adce0152fa3c4f6adfb73a322d7253820e848c6f82afc1b
SHA5122efdb535fa6a06c4f9702b2129f2dd07c330e37fd10b492f2236007c660c1707773c22005d1e1fa580dbf633dc1a700ada3b7b611ef9accd9555a17a244f61ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD57f0ee674410c475b5d9c4273abeadc1a
SHA1598c77cb041f849e35df2240c94baf88684f5ef0
SHA2567fefcd2baa277c88310d6265b179daabda2a6c09a6bb2afb9b856a6ddaf6f70f
SHA51231daaafed6659c1e50b825babe5df4fcf19204dfc2678c3edd4f37ec0ee01c5b9c1f5f899a65b797c238f90db539e4fd8924a9ef1601c36f6d81cd0b031b16b1
-
Filesize
1KB
MD52bc1c536739e3cc7e832a33c71fbce7b
SHA1fca50f59e25e23fe89a76570a595bbf44c82f39d
SHA2563ac22de7bc9d0d267cb49e5e97920628598578c2491fdf715d0f495e561185f1
SHA5124666ec7b6c3f7e54bf4f5da5995e50caa0deb20e217fa08132d2c0c7cb01fe215db1aafcbb8846032cfafc453b38d6abb54aff0759e81290fdb5eebe727e5317
-
Filesize
1KB
MD5edcf10b445a7783512917fef64e3689f
SHA1ee42640ff2acab0ba455ccf25d09bf454f8aca93
SHA256c8c1b92e1bb24341851b674da16690b970df5833329f0146960f0a45a75ceff4
SHA512a6673ad4df9c85885a5c4d3b5b82f14dba2102662257c870267abe1915abcbc9448558aa3b718afdfc213685ac76070088d0110564d4500012ed3f1bf06cc73e
-
Filesize
5KB
MD54f2e5f63f73af664e64741a83b96d34b
SHA15246203657c5f1011df7c827035a7dbb72f65704
SHA256f69ca45b32dbe572c82594d99dd8421b37625eac56443a050724da1047bfc1b8
SHA5126f3704ae3d5281c8a62a6c6ea771886ab283084d2f85d7116706847127cc7a717c7555d069778008b25a932e84615ec713d2560f100cdb5e21be6e3e94c50cba
-
Filesize
6KB
MD5f8366db076d52bcfd7c54e1e35286664
SHA1819e344e3a3df93cfd40fc36134fb8928b3c8c5b
SHA25686a5590a079f12daef1a3b53c7e61e495e9e08b030d0662776147cb55fb1a5e8
SHA512409ec2258636f3ba7c8097874b3453708465a825d89030a2f088275a5e59e54991dd78dcbc51a2ca289a04cfe67a01f5faf5fa6654835f5a4ca0ea7ce04b9e08
-
Filesize
531B
MD536da9b0dcbc6b22c7437c6a7a5e976b6
SHA1eb73144c9c5edf3cb5cded23c8bdcc7198c05ff6
SHA25671a6a8ccb57f74bfe497f87493d48875ce3c464d7f2ca989c942337683cc73c9
SHA51238c42532483551dc0bc45d2fa830d3dc031f1e8e183f3940b01cac0de13e219ed4233be1cf5d01827b65f41a781cd2c133b748db3bd1a8e1a67b2fa2d8d82097
-
Filesize
535B
MD51333d502037c7d1a6c69b26c79a7c3cb
SHA16c955e3874a14217f9853c4696333e03b58d9ab7
SHA25636244419299fdfae43dbec6cd677ecfc3a64c9094fb579892688a980e7baec49
SHA5120100a8fc1956c87cf42fa7e2b889b1b316d001dfe6d89219a0cd35a30e9f99bff4381819651ae0e0b3733082e3f193393204565e99124e5004d9a67f361165b3
-
Filesize
533B
MD564bb26a1f16dddfd99f3425959384268
SHA180191910c16b1308880df5a55557e5d30ecb9ccd
SHA256793e388692bcbb96d77f84bf556f2d82f08e188328225c2adc6142716b1d3c36
SHA512d8ebc5f5093c62a9b55001eeffeeb803a10710d58d50782ff0b48b963e33618a5b4df2e55ae3fb2f54cbfdad3c9f773cf81f9e526d691d249e43a45dcbe09093
-
Filesize
531B
MD5a8b529d194cd3083ac6b8a3977e1255a
SHA185f7effa0f3fb14961f8ae04376747d9a9142ca2
SHA25666565451be4c4fc4498c7bafbbfcd8b6f77548435d92e58846cd1b7deed578c9
SHA51284e6bdfcebb68f371446820f97185fd78370523ea14cfdb37ceb657159e9599e9b505dbdec3841c16f998f39dd59a7dddeb198610011e06a8b26cd2d2c7352a7
-
Filesize
535B
MD588aa320380676585d78703997ed83b66
SHA147f4aa16420a08c4731d508b809289846c73cd38
SHA256a112ac9e2028e3733e7c13ac1242ef346625dfaa09dbfeab67d0ffd8f054aaf1
SHA512cd06595844be69094138236e3f6b0146e5609cac99f8493ab5fb4784031f90004b4fd43407bd4a7c57ae370e393b9d17b1d5b07232302c7d3dc2c8b98c209b01
-
Filesize
531B
MD520ef3e09ac4b1cc5ac6b8a194212b118
SHA132b0abfb22ff6fcccb731f59b958e355a7d2d8a0
SHA2569836a545df10aae1779356d4cb24d41b51ca382bb977bc0610e2ff7ab6b058d9
SHA512be6308fe94df8847c0aede210492a5851ed01d5afe22bfdf1ff69fd6641af370027484c0af767dd1cb363cf357207b1492eb3f118a7c91117cbfd1ecfe419797
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5e99fea84ac416acf1aae5d5683f61e3a
SHA1b9fc2e36f5dc453dcf3ba52b68e9075d5065861d
SHA256dff25122c047bb4a4cdfc977406da8b93dbbafa8a29e72e812382ef3f3371822
SHA512b5f820eb12f2a5f9e7226449bc376182316840ecf0371ccfd49b692580cda1d4255a7e0c118d93f17d6cf2c3b9c100a1264939462f7aca0072747e16dad2004e
-
Filesize
8KB
MD5416270b9f867893ce85f0bfce6aa41f4
SHA1f2f4c12ab74283ccbaf90ea9dfeb6029be9cb404
SHA256b1fda6e3521ba4bc62c0d78d59f691920d4238d5e57c2935635cac23d6953100
SHA512147b40aa7d4a95f4e6d54fbf69ad203560f62d5c32f88ffa1d11132d605253f9814a45a1206399d8925cbba1c17de4fe413b7c15e1c29df0d41b970289cd4d97
-
Filesize
11KB
MD5e035689ba833d9efe42e77eddad31e6e
SHA12623494b1ce4bf8bcff009607e04a49668b0edde
SHA2561eca50f467926f5c59c7652c474f14279fc56ec86b664732834e02ce38be2c8e
SHA512405519fe9bf3cbc3012e3823d47200b7a930912aef0b3f6f8493e98812060e5e6541c4a2bd6d2f3c7bdc9f9b78b941abff36473b415417d0376711bae8df21eb
-
Filesize
8KB
MD5aa896862a4d0e105a4b7af867bf2129a
SHA1d38c00a40e3ba2cafbab42692656f85abbd2f29a
SHA256d22f3adee38556853c3d8310121bdf9ffdd6658a1fe2b03e8d40fe2e206c08c5
SHA512aac07259156412a623e8157109eb9671ee04b9b58ac769f391243889b7a6aacdba80bb0ecc655b4ad8dd9e67ae42c1865f4d521e22b103852757a47d624cd778