Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
03-06-2024 12:53
Static task
static1
Behavioral task
behavioral1
Sample
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral2
Sample
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
Resource
win11-20240426-en
General
-
Target
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe
-
Size
894KB
-
MD5
54d3230e866340ec2ac92abae8c15ca9
-
SHA1
547645ecf9b454221828a6d66a17a43422e8f6fb
-
SHA256
71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21
-
SHA512
d25bc5020c8b29065d420a6cdae53a0413de988cadc24106391eef0609553bdcde0b4dd83ab54b84c4685732d010377c6e720bef34ab68f8bc03b5f5d1e1aa84
-
SSDEEP
12288:FqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4TV:FqDEvCTbMWu7rQYlBQcBiT6rprG8aAV
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 2176 msedge.exe 2176 msedge.exe 4756 msedge.exe 4756 msedge.exe 3020 msedge.exe 3020 msedge.exe 2244 msedge.exe 2244 msedge.exe 808 msedge.exe 808 msedge.exe 2648 identity_helper.exe 2648 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe -
Suspicious use of FindShellTrayWindow 28 IoCs
pid Process 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe -
Suspicious use of SendNotifyMessage 15 IoCs
pid Process 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe 3020 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4864 wrote to memory of 3020 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 77 PID 4864 wrote to memory of 3020 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 77 PID 3020 wrote to memory of 3572 3020 msedge.exe 80 PID 3020 wrote to memory of 3572 3020 msedge.exe 80 PID 4864 wrote to memory of 1140 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 81 PID 4864 wrote to memory of 1140 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 81 PID 1140 wrote to memory of 4408 1140 msedge.exe 82 PID 1140 wrote to memory of 4408 1140 msedge.exe 82 PID 4864 wrote to memory of 4636 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 83 PID 4864 wrote to memory of 4636 4864 71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe 83 PID 4636 wrote to memory of 3300 4636 msedge.exe 84 PID 4636 wrote to memory of 3300 4636 msedge.exe 84 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 4736 3020 msedge.exe 85 PID 3020 wrote to memory of 2176 3020 msedge.exe 86 PID 3020 wrote to memory of 2176 3020 msedge.exe 86 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87 PID 1140 wrote to memory of 3500 1140 msedge.exe 87
Processes
-
C:\Users\Admin\AppData\Local\Temp\71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe"C:\Users\Admin\AppData\Local\Temp\71b906f172753c1b5b7f4a0f42127bd9b308718550893114f2911a856c30be21.exe"1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff57e63cb8,0x7fff57e63cc8,0x7fff57e63cd83⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:23⤵PID:4736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:83⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:13⤵PID:1448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:13⤵PID:3036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:13⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:13⤵PID:4336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:13⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6180 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:13⤵PID:1960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:13⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:13⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:13⤵PID:620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,14635857464701107568,1089050656603768650,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3076 /prefetch:23⤵PID:4120
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video2⤵
- Suspicious use of WriteProcessMemory
PID:1140 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7fff57e63cb8,0x7fff57e63cc8,0x7fff57e63cd83⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1716,15447039336745783335,16976176273332905975,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1812 /prefetch:23⤵PID:3500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1716,15447039336745783335,16976176273332905975,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:4756
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Suspicious use of WriteProcessMemory
PID:4636 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7fff57e63cb8,0x7fff57e63cc8,0x7fff57e63cd83⤵PID:3300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,5966871300242918031,9628359249956450384,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:23⤵PID:5108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,5966871300242918031,9628359249956450384,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:2244
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2848
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3476
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3408
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD58ff8bdd04a2da5ef5d4b6a687da23156
SHA1247873c114f3cc780c3adb0f844fc0bb2b440b6d
SHA25609b7b20bfec9608a6d737ef3fa03f95dcbeaca0f25953503a321acac82a5e5ae
SHA5125633ad84b5a003cd151c4c24b67c1e5de965fdb206b433ca759d9c62a4785383507cbd5aca92089f6e0a50a518c6014bf09a0972b4311464aa6a26f76648345e
-
Filesize
152B
MD51e4ed4a50489e7fc6c3ce17686a7cd94
SHA1eac4e98e46efc880605a23a632e68e2c778613e7
SHA256fc9e8224722cb738d8b32420c05006de87161e1d28bc729b451759096f436c1a
SHA5125c4e637ac4da37ba133cb1fba8fa2ff3e24fc4ca15433a94868f2b6e0259705634072e5563da5f7cf1fd783fa8fa0c584c00f319f486565315e87cdea8ed1c28
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52a48a36089df5465cdfaac7f7fdd8103
SHA14e1776e607c05e5ef1570fc8763d0667434364ef
SHA2563ce1ce75deea8c85cfcda7fce84abe7a74c4336ae92bd12cc876b22d17a0641a
SHA5124f8164d127a2ed5e8730187c25b21a791ffe02fd7ea7b8ba096181e0156f1c83d79d274b9f63b2c666763f7c5d9d69c867e2d20722b00d3052595700bf0447a1
-
Filesize
2KB
MD59ed5301645a6dbcb6e14291696429947
SHA1cb709912580a10a3a95e5aad240f6c1fb5c39721
SHA2563fedf57835785877bee6e8455d438141b0f76f67ec16bc63eac78d421b99ac59
SHA512b381ed2466c7a3b13c2eca800c9302db04e384c6ed69138d30afe552acf970d1182f4eacb2a07bcc3770dcc7813bcc83fe51b4d1c96523642474e2d02620d987
-
Filesize
2KB
MD568cf24088958e8fd377887bf09d0e2a2
SHA1156bba5473a03361192e2d57bdd991550a2e0750
SHA2567e7b3083de3bf3d7b6ed482a15ed2bc138a1519f6d3b110184eb031999d2c749
SHA5129bbaba20f56b21942e8a98a37cd316211ad79931a8ef01954a62fd3b05e43c69747aed2b745f3f40d13b7b00a0ba4308debb9fa1f7e6b8cfb602889f667dd6a1
-
Filesize
5KB
MD59d3f64746ccbab5cd564b3eeb931ccb1
SHA1359b4bc181661d94ff16d3d02445ae323f149fde
SHA256ba852bb0f83d5dbe8e7d80e1c3e70993ef5b61538895179587a0320b08327e91
SHA51272eb3f2ea12439467ba7bb9efe7446d2cd06b1402021cf47eedb06f3e0499dee6807ac40600a72d33d1062cff75c6fe561128f7b0b57a3198a386de1b4ce78b8
-
Filesize
6KB
MD56c9b0a34522be9316d89896ef69e0935
SHA17fb44f91a7bb604302e3246b61eed06da07f08df
SHA256178385847a5543f047b0b1458bf8447c6f5ecfd6d1b19df7a96156ae76029332
SHA512c6ae696467131fb2f25f3e6e4f55dfd161fa07d18af65820aa40715d4a2e5e6b37cc9c6834ab1e017495566c0a4fa7e8c189e8997e94da3dfa314f206b2d6d26
-
Filesize
535B
MD59f7b0656f9e8992a97c57eee907216dd
SHA11db7711ce08402f947e938062ff5fd10fc2e44dc
SHA2568b905afada978736feb5c08e48ca5538e826098b309ca7bae99d734336b22fb0
SHA5124ffa96c05498b5b82ef06df1a7bd4882451ba676c2a2f6e45c35a669b839bc918fe7aa492c5cf66b95a96605b9b2fb9f5bfcf5cb9331851b2fa63d9f8083ad32
-
Filesize
535B
MD5d33b8389122df47de4900c7f0a844788
SHA1157e6cda7cd37764051cb7fc4c198890e4983b69
SHA2568f287ce2b5da39e057a0b470271067c5ce9581483b0ef3b7f069151daa9c802c
SHA51288cc996be3fc397f9b6ca778355a8021de63d33f904df714978c59c427453f92a534d4d61aa6e147cb79bd005a8bc2c00ceda53c280e21306719f818f3971f3b
-
Filesize
535B
MD51a975ef0a13d85b2c93eeccbb575b350
SHA1b4418f3c71412b9b6a430959c3a99b2c42507277
SHA25688b3de26942b53c3d7d88febbfc0face04487d728d1e01485c359c288c32fb1e
SHA512d9c44e5b043a7e5197f42b2bc761d49c96d69259240007fdbaf6a8ea2d01f24de4d2d612f974e7126b65d3c69adfecbde068ca2c2b891843b283aa5132cc464e
-
Filesize
535B
MD5410a6001e7ebd76271c5cde1c0d0b29f
SHA1a5cd2a161dabb65ba3bee3bf0be037cfc7dfc245
SHA256df5c9aa1648bb7ffdc191efe914138f4554c19d237f5d8354eeb7a90f9f3f2f5
SHA5128b11b0d99e92a57b4f1564f6401ab45ea2ab61afdde8b57e93e51a40432b93e091e1956ff80eb681f4e75fecf6b0205ab2fa92732a7b08383d62ff1c9fe46c1c
-
Filesize
535B
MD547677fadf8b6dbc145f039e28be82388
SHA1549e8e73d8b9462b60cb723af58f4ef37ca5404d
SHA2567f780fa90f0eaf4a5e27ae75cf3e01b661488d634085d8018fcde843a3df2487
SHA512056dddba6286088045a713b455385cc14d3ddf6b5cb525c40fa58dcffef512c04b69c91a0149a2735ee06c5ac0ec656972e025e9910796119c3be0fda31dd109
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD59a587dda3663fbdb177b28fabbf62fb0
SHA117f7acc2dca309133a1581cfc4c1a7354a17e9b6
SHA256e64c202dfeec3048095bbf67a311644c5a5ba4285295f11ac669e8b3f8889c90
SHA5128afe115d6e2f49bd94490f50d5888e02fd285c319d17c8f0dee2c06daf372729b3890f480c0185187c44f279f32b0b43267b6605def1c9cfb482ac8606fa646c
-
Filesize
8KB
MD57888621c2035bb3bb02fd8d358449760
SHA1d552ac6000ad2384c7c5b5507c06ad4fbbd2c633
SHA256a100e2516ade700a6b44669f855ed4e7162e25a1a6dcf7d9bf307b73acbc26ad
SHA51266d137ceca26a09fc4fe210f43ab5f1b8ed51802310a95451faaa19b40f464493d3bffab03189784dc3dd2e90ef8ea4f6b2447c07b11b675130a26638c7e7d2c
-
Filesize
11KB
MD52f813959b78f463fd340b7a9343dd456
SHA16fd42517363351e04c1098ca72bb3017114e299f
SHA25664006028f509f6d75d73680284fb3d21716718e40d6f231a519a868c41a1cf82
SHA512407cf7517d8177181a7c4e0deae8b8022a34fa8a4bcc098439ee8a6cfff512528406fa23a8013d155afa517e2fc9e9cfbaf4c23db23a4bb3b759e7d37a76304d
-
Filesize
8KB
MD51e6a1d9ffeb341db2b81978e9ff1c79d
SHA153c60e682dae623fce7cd798115f59b060b5709c
SHA256c99367d99fecb819a9e0ae460dc6229eeffa3424ef53c25779bafb8353772d34
SHA51239b81fe7e93e0a346c184580caa69772cb6ab92d3bac67d2e793fca5e49b46946485ff0476dee89e0de6cdf63b31b81e9da8bb7073a2da09a8173242147a0298