9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
Size

894KB
MD5

984a7dfccfcf530e9898723fe5089e6e
SHA1

cb491dc0402d577c382bbadb2157dfb16495389b
SHA256

9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b
SHA512

95fcf58b75e4dcffde706e737d369a14130f4e951dd228d69b16fe666a5197f92ba8f7dd0ab1194e019c24062d1432cabf8bf0862705bc8fa3eb86d9cf14902c
SSDEEP

12288:JqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4Th:JqDEvCTbMWu7rQYlBQcBiT6rprG8aAh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
4980	msedge.exe
4980	msedge.exe
1696	msedge.exe
1696	msedge.exe
940	identity_helper.exe
940	identity_helper.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe
5744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe
1696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 2560	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	83
PID 60 wrote to memory of 2560	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	83
PID 2560 wrote to memory of 3616	2560	msedge.exe	85
PID 2560 wrote to memory of 3616	2560	msedge.exe	85
PID 60 wrote to memory of 1696	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	86
PID 60 wrote to memory of 1696	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	86
PID 1696 wrote to memory of 4216	1696	msedge.exe	87
PID 1696 wrote to memory of 4216	1696	msedge.exe	87
PID 60 wrote to memory of 2884	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	88
PID 60 wrote to memory of 2884	60	9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe	88
PID 2884 wrote to memory of 3428	2884	msedge.exe	89
PID 2884 wrote to memory of 3428	2884	msedge.exe	89
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 3180	2560	msedge.exe	90
PID 2560 wrote to memory of 4980	2560	msedge.exe	91
PID 2560 wrote to memory of 4980	2560	msedge.exe	91
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92
PID 1696 wrote to memory of 3172	1696	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe
"C:\Users\Admin\AppData\Local\Temp\9da54a646f957a8ad502e45a4a20248cab7ef04c6f170154ac1ddff41496204b.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb78446f8,0x7ffdb7844708,0x7ffdb7844718
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,12603471781378089909,15022603117034850334,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
    3⤵
    PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,12603471781378089909,15022603117034850334,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdb78446f8,0x7ffdb7844708,0x7ffdb7844718
    3⤵
    PID:4216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3096 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2724 /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
    3⤵
    PID:392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:3760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
    3⤵
    PID:1196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
    3⤵
    PID:4960
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 /prefetch:8
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:5256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:5264
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5365219617963205527,10929389112528251391,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5424 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdb78446f8,0x7ffdb7844708,0x7ffdb7844718
    3⤵
    PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,7598246476683713810,4708671677448370938,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
    3⤵
    PID:4548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c1029dfc12a8f36706382601fbb963b

SHA1
83179fa0cece78b3f4b0564e2132a6b2729b244f

SHA256
2a2c2656077931f6e65fa2425b657f2c4baea0045db5b48973f4e2db11b7ac93

SHA512
b85738ecb5027f772d91f1bc7d34ac4323094621285b21b972f39c761fe1c10797b3095c84fd478b4ed36cfd45643653584487a142be98bea9485679a8c541e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c60178937f72d726c9db42b2da8bcf20

SHA1
1dc4c5f82719f42530e45c01214639aa6d04a60d

SHA256
13989cfdc52298889fc0a3ebd72d0a589dfc68edca2757c98856c3c7e420cd92

SHA512
ee707e534db7631da0d359de3ceb5774f72fec89e1bdecb0f4988c1b0944845419edf0ef6b970a32db85ca38e2b6b4bb00caad4a03f75044895364d8173ed95f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
89b90ece6af1a92d505c117f05aa8cbd

SHA1
4d728d6ab08ada97aed4cd6e59e4207ea1f0de2f

SHA256
377e83cdfd3166ffa75cacd96b61b215948a26bb04badc2bb1616063394b8e4b

SHA512
7868e301bf64249956ff92e573fb0a7cee4bd81a8ff231fa019590b9360b652f5a2094902b097e364e245917f19338958019bc124b938fee164313a41cb282a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2d6925886b6a6278e61bc44a46831d1

SHA1
71f2dc1c2f0d0848cc9b3727ff8c8d439eaad399

SHA256
39b2f81ad09327d640e97e64eb9a7afde094e37ae8568015c93f4d1a472e0083

SHA512
3a52d93ab731356012f30e4bd39f706ad18c6df390d3dfb5d5b5e4775d401968fb0454ac99072246824468d77b45dafea262c920bc10ff0245c3e8f87aabcadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3fa577f6dcd1b5891ea4357ef88b163

SHA1
90bf4e59fd1ca3eb945adc80e69285b590ccd461

SHA256
fb8fdc49a1e2f277b1e82be7ecdf7a2f93167e2936fac1b00963b66a06928676

SHA512
b9d59b07612bbbce737c0fd33dbbdfd52dfa395a7edae0f396330ef6703d13e4e66666b7f9d7caa7dc45d0668267d6423d3071257b6543d6576a571f5c7cc7e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
490f531749c13a639dd0e2ceb762afc3

SHA1
a5969a88cb276a8278cad861d482805bd8917c6d

SHA256
4f85ec326edaed36978dbf1b4cc98c575e0bea074ab337a5074f131cc0793949

SHA512
ae4f90c19fa2a7cd49b234f9113b569145a62fb36d63e5fa34bfc94e915498af39ec54df5996d82ca4bda7a4e8344cd105d4644986b2b4ddab71d51f9ccacd6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
fd346e1c675d3c6d864f933a05240d43

SHA1
716c265c5578890816f47373d8e5b684c49267a7

SHA256
4c89c94d3876829cd25d0dc457b2b49df33cd97cd298e37b8dd39e76e9f91a79

SHA512
e9d4e3ab83ddb74deee667a8305fdff46dfa22acb5b98cad7f445efe41d5496651bfa17ed5bad9e0798cc945801edbeaf67f406bcc73bc8572810d3993de2c0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
439c3951ef6fab4793749381302d1397

SHA1
2b7eb727d4c7ae655c70db16e8ca00c7252b0409

SHA256
c2ea1b7302f7942948db21c1c51f23e277fd55f4bd9955b4a3af809f841f8028

SHA512
bb4eca679d371e5a348fea71e5563431e0ffb68047c9e2d2f3e951e4c681308146ca8a81deb149c8b4cc2a6b831b39daf11d5ad307ef243be1fb929e53e21f16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
cb1543e87c80d8d6aeec38a35ee34926

SHA1
ebead128a3815244c11e0fa103f080eb33ad7a33

SHA256
1c76252ac6f8fbc4407c58900eb1e9a2258664fe63bc081fe810089aecc7b3b9

SHA512
962fc6c6234ce31a5bba47dcc73b2a7dab8b7ccdfcf28ffcebcbe1dae4c5f85b9893e0c236a3ccd595bca6cd092a10f9cc51bf38d03fb29c0b33e8d4d8adbbd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a99e.TMP

Filesize
539B

MD5
eb89ad98f35c055048085dc98f1e2d87

SHA1
e3ac13d0954bb9563fdaec0465d6e3c7930e41b6

SHA256
2a704a56ef857386e005144d41875b6fb3101ba106cd1c8f9cbfd77efa5507cf

SHA512
008159e033ca17bacbb54c51df5bc84e8f6d7228fdcb7c12d12f9c8f60513c5462d249c8b348eb6ef7b3c9187f694f32c77d2dfd7d35a02c871606958ada58dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
aae636f1686771ee5ac06b43ecf616a7

SHA1
26b08aa550eb1cfd1397942e22a5529189fc2dd8

SHA256
fd284ae7fda8b2bd29b4a2b99a38a3e81695298ebdfb0b80959a1c7a055b5250

SHA512
a7319212b3464247b7b062e0afab101685c3bbb6f1116b8e6d61d6622fcdb272d58ac5a5e12ca739d663fc005aa6acc620241fb8233c042d55a5eeeeba00320c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ab82da17f947706bafb8ec281037dc35

SHA1
3bc7fca21c423e428eac5bc9db14d4d1fe0d97b2

SHA256
d4367eee8f0a1603fb2f379d144739e091e44b8d0bfac62489d24f5f98bca696

SHA512
4aaacc91e3854e1f80174ffbc52889c63b2d5339866c3188daef38f1d69af439461b871f0f930d839b4b44a0e84ad336e8e6f32c967d6aee3d842de5fc5c4f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
51889221885b55da0deaab993667db35

SHA1
133829980bc63cecda5be965caae972d057ad692

SHA256
e420bbec1fead411c58052ccaf5d130271b69dd3c9d64eb641feee9269a622d6

SHA512
3ad85eae687a420cd70912d08138cef237b123507ba216b889b0838d7b43564924ffbe9653ac2dff2515387a008ff9226c4df1e8fa71a4011976cb19eb024672

Download Submit