34d33840273ebe82e4ecb35d0270a6335c54596071ca7ca31d20a854265fb076

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 09:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

The-MALWARE-Repo_Botnets_FritzFrog at master · Da2dalus_The-MALWARE-Repo · GitHub.htm
Size

356KB
MD5

b84f42f428bda71bd2f421825e28ecf5
SHA1

28b4309631e99c943e3b91450304b17d7a8f261a
SHA256

34d33840273ebe82e4ecb35d0270a6335c54596071ca7ca31d20a854265fb076
SHA512

67cc2c6025e9bacd44cb84163365610f1f679b83807af052e80aa6141ea3a85a79716ac49436e031b8d090da8cfad62fb91ddcd0dc1446f1e7297f37094eebff
SSDEEP

6144:LcR8Fu1uYWSsTFp6cGEQsjWHoM7n9J5UMdpLPKyO9tz5e303jNekg407FZ9Ox3JE:oR8Fu1uYWSsTFp6cGEQsjWHoM7n9J5UK

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
215	raw.githubusercontent.com
216	raw.githubusercontent.com
217	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{D9759F38-0A39-46BA-A12F-61696936E600}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{56343DB1-0F50-4A34-9669-3320A866E09B}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4732	msedge.exe
4732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 4956	3420	msedge.exe	112
PID 3420 wrote to memory of 4956	3420	msedge.exe	112
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 2304	3420	msedge.exe	113
PID 3420 wrote to memory of 4424	3420	msedge.exe	114
PID 3420 wrote to memory of 4424	3420	msedge.exe	114
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115
PID 3420 wrote to memory of 4052	3420	msedge.exe	115

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo_Botnets_FritzFrog at master · Da2dalus_The-MALWARE-Repo · GitHub.htm
1⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4752 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
1⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5744 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
1⤵
PID:2840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5368 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3872 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:1
1⤵
PID:2780

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\dbd4febe26a84419a8b903feb97978aa /t 5072 /p 3576
1⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2e4,0x354,0x7ff989062e98,0x7ff989062ea4,0x7ff989062eb0
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2168 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2424 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2912 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3420 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3528 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4716 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4916 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5308 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3660 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --no-appcompat-clear --mojo-platform-channel-handle=3692 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5864 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3772 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6096 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4988 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --mojo-platform-channel-handle=6120 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=6184 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  - Modifies registry class
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6168 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6504 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6744 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5080 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=5084 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=6524 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --no-appcompat-clear --mojo-platform-channel-handle=6892 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7020 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=7412 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1156 --field-trial-handle=2184,i,3853753595528925430,1795751409691277531,262144 --variations-seed-version /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9266883dhd700h4fd0ha54ch8b46e9b654a3
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e44038395fd8f3015cb9f28e5c05cf5b

SHA1
0d1906146b6642376f67ab081f2c8e7ce8a473a3

SHA256
2acc6669e431a21e2085d56e03b11ee897fb40a596386d9cfe926fde1e01a01a

SHA512
9e93503be5c9866915902115a66593b9da216050f0eb940293403d288030c895d0501353b360cf2edcebc34cba8ddbae926fdc73f1cfc1d65119ab75d795aea7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
cb6dbcabc4f24a26754b69ce3eab67bf

SHA1
bccfcde3b724df44b48f98838c3d7e16040ac4d7

SHA256
4b2c2c1f69318b08aade500c9b56a50d94147545c50e6bb96f5466a2bdfdc8c9

SHA512
35d403694a00540d86d928d9de2f704d2068bf69cc99a1511866aefcd74ee6b2e0131bc01c51043d35847d13fbdf7063033a9dcd8c9b5d4df1afbd1f583e9e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
96bd74a6ac556684bb042a0dc5f627a7

SHA1
e7978e849435fcf8d512c99e45935b3c89115705

SHA256
f6da51dc3459532eab21d26badfefb3657d4e9d2dafef4dd57bd0c6a8d7aeb0b

SHA512
c4d57fa80529a54c156ff3865a05e84371820feba5f372b8f9a2e38a61ffdb16638632c50212865c3eab53995079d5babed901bfd1ed2bb13987dda4786b8ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe593e57.TMP

Filesize
240B

MD5
1773a5dfc8bd3387aef4a5708272bf62

SHA1
c58ae879812d8ab264b2585e6c36a8a8bbe10633

SHA256
7c95e9c8278189fe07fd48830d08fcd91b9e51277630d212e0f4ed8f78ec3914

SHA512
cef8518f979017757b31c0a641a4622a14d6170a4d43a434bb6dd0f1302b2b7816408f14f6be141c96128c36ea2287753f141527624368d95ee8332951fefc87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
69f894f3ce27ba189b247178c36ff6ac

SHA1
4d7107e71349400dbf043caf690c18088c7175b9

SHA256
c53403efe64a73f5c2de0432149628f20b0fa6efb42f9b257e1394e6d9faad40

SHA512
3eab6d447fe8cb54ec9c5be7d2a366ed6bcf9bd47123e7ebc68d249ee25c42bb27816b320fb04f8180784c07a7f7508714711852c8cc0fc111481ce2b5177335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
b65d2e82c4724bcff1eeccbeae697e0e

SHA1
ecbf82567a4cf23ad30091bab3f4461b3c4fdecb

SHA256
22c9e654a2cc00dfad0e84eb389b51b9ab0278943bd0980912b943a55ec94add

SHA512
f4bf2e1455b63efd25afc00c2cc30c6cc1b32637239f54fec99be8dbce484aebce2fcbb50330a15059dafcbe59f485b6d93edf7a9bdb2af866655d3c02d7cccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4344c9ac6fa2547608d93fd133d0183c

SHA1
4626bdd8e9d3ccb3205578de97c1ff6d5ef26011

SHA256
45aca9a5d45ef4219554538fd1cc779872ebf2e7fe671da0cc2da80fc5024af9

SHA512
5f27fa8f148a1eb6285ba7eedd93b56bad842cbf03303eeda00c65f5723a4a0f7a669efb259100755e7b19095b6fb85fb66c29f21935ec81de6185d9ee58809b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f724626753d88d34069f5228510cf8ed

SHA1
9057bf3526fe4f7114af956f54c859f9545831ec

SHA256
e52baf8c50be0121c34fcf0d1ae9c9b0f7f1088b0e2728e13f6c918115563338

SHA512
bf3d04bc52623d0b9f4145d478fc984aa614f6385d509fb27e4c0e48c5cff9c6fb6b84e27fe114bdbcf8adf0e92188c6304236fbb1a63043c523e2a6cdd449b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3fd2470636386a8cb1b1bebc096e913b

SHA1
dc8761d58f4af336633aaf1ae51d2776f8df0eb0

SHA256
16d084f2f0dcf16509fb761516ccd8d90dffa3af22b0b36afa165fa255a1f0e1

SHA512
90268e138cc52df96922570834224d51df0bffe4f31301839c0f5d6b0387eb4214ee8d424267fe80cbb829c57425e04e63a24b2a6c8e1e20832bb1c00a4eb63e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f7ed9646a10df509ad8a2378517665d4

SHA1
fa550d9818878b67ad4698ce6a4ac39fd5d4aee3

SHA256
6bad49e2fd10bb37ced8702f8373830bf58e6c9f7dd494f89a0622ca9bb8d454

SHA512
1e9dcec7d5ec6105738a0276a32aba3347b1899903d27729a2175eb01b50a72826020fa4a946afed1a6b0fe00ca97cb98c2d89c52f4fc9995ff9ff1ad2b66072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
874b41497ac17f17c2df92aeda5d935e

SHA1
16a541b783ca2f22c0e330271e458e049c41c726

SHA256
f19082e35756230be69954557ee16e6735a111c599a41df4ddafb2aa5e2659a8

SHA512
75d65ea0aede551a1bb4213266347eb1d45b47d3971198e0ddd90f05cc0c8691bcececf3e12863328acbd28470540f06283e32cc5758f48dc61031adc8988777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1bfa6050507b7ad8c2dd351c4734ef8a

SHA1
c5a87e6643ac6b148ea1f6d88c970b7e4b7a2051

SHA256
a010c610193c4d402cb4158c64377d6bca8c3df68cc05d15183090d70741f299

SHA512
8634c0b572380858817a95fd930f75bece51b95d286461f432f6e3ac17f08b2986f750e81b44a8ada874798d158d5b4e6b674c17ea2aaf9136595ee6bb8f337e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
c78681bdd49f859f9de04eeac59a5fc9

SHA1
2d98dfa524066e38695a86ae50ac4a8524632b61

SHA256
926c3f8ea03e1f5129007c66115d38e61819f7b91beb28036c913fca00c816f0

SHA512
8dcc07528a489c2e551b2e42cac14272017530ab39911b29722e82c3b6b8552e2bec6b3a4c20220c406b387ed7a5bce4f350f0e0adc2d1de6e4663f63853e916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
5bd8e0d47433bd4a385995ab8e9ba512

SHA1
7fa18ce06989ae67e6c2f6e4d32c094153dbaf1a

SHA256
022eb1096c177906433158cb4325580dc19c42af0b20f95c8d73fe7572135119

SHA512
07f50fa832c06c5bc22088259cf696d80dfb096ffde93dd256f9ed11dcdaf135a6917741cf1d26a6ab5f2cc4457b385e98907cd4efd26645f073f53f472072bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9025f57b12fbacc37d022ab541822f3c

SHA1
d3d0f6a962156052b60b75d70938c70250b6a113

SHA256
402b4da63229a07407f050a9f0c18a9f65b5b8ad2967873bfedcb94d66837b4e

SHA512
0f8dbfa7727e4bddfdfd6c4862068605c298a8bb9a4bfec7332ff172f74c23ad3b32153ce7232d6f10ad335a5996c10e15179efc480789109e81918784e6c3a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
7e939467cd8f4d9c69fe0f1c83d6067f

SHA1
c6a47700e554a5ffc2f3ae4e69529992c25d7078

SHA256
718c1099b257bbfa2620fa4631dd4b5edbd5e7c87c37adbcc8317582817ee16d

SHA512
aa4b08fd3dd24e3285ea3e9297323ac869211f53f111b12c61710b582147b3efb629801f884f5607c6afed97acc181141c121c112df7a6b838128edfeb15d73b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
1761c4cab528124363f330e043d63b70

SHA1
1bf1d55f1ae648bbb0b5b21e4063580ecba4ddbc

SHA256
7fca487c5916b129e1bfb0b251f99e9a12cf5428a2549c5d880a78ab223c0201

SHA512
2ab42bb75e3ec7881c84f36a7285b7cbe28114cc96545a78bea37b3646f863cfd64daeafcb9221989d35864732e302496d8f3e28cf0ce07b2d7ec41b658eacc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
46KB

MD5
01c5f4ec43f13fe7c54532adae2305e4

SHA1
340413821f4a233a88ed7467305b05e57c1d02ed

SHA256
c314c7ec7b8d5d82fddb227b6d4e782b34daff6729e96b75565c61a4a54f9aaf

SHA512
42890ca2ab7ddb1bc1140aad02ef9538681546363ef8a70c5bd176384c3fe7f01ff7a67ef87a8e83d4c91583f7f727a12fbabc4e639641a3edc7075fdcbc2f7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
a95dbdc20ec992464fb55e7cd814d311

SHA1
e5247aa33ea19afac4266f72c3d5cc5c3cfd7e0d

SHA256
98081e7c184b9d50013f5b3740f027a37f87853f957c64ec4b6d8dd00a43ecc1

SHA512
0c2f9fa3012b152be0554d7d2b5279669355ac5b7c11734cdcfc27139a7c56fc42c092f213e0f6a66197b0649f7cc006384a480da9372d501a82aa9abbfb6655

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
36KB

MD5
741093f454f17005d205669ab789a87a

SHA1
795bf66e97ca90403be3091fe29fcc49aa75a3a1

SHA256
3489fb7c330b6c5dcb5c7cca96aaf6786878a85fc66bcb434f17d54fe12b3218

SHA512
7692985a03d8f9ba44be8057d13b1912677418c380755663b5441c874eedb68989a008449cc0e5b6701aaaa926e2d530970090ebe738ebe52a89b3224429a4c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
45KB

MD5
eb1dc13248c1f601064805bca0467f81

SHA1
ac41fc7354b50a582b45570bb5e87b351210d128

SHA256
2bfcf1171c485123ae9cf3bbcdaaf0b2792141432a95429e4920882729701244

SHA512
278dde5c7ebbfef6afdffacf3c660c0260a7bd6a105d6c02955c4b7eca2f1a9c07e1b5a98bda42da275b40f2be244cb6a71cea496d00101bbe8d67c06d812e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
a43951443e53a22095d38f2ee7c348b8

SHA1
f4df68a3740315a35fa26448919d62017f94c9be

SHA256
2acbb98f7da15d759164cb620e077a327a168aebc23e5239ab95ee4ea2882f49

SHA512
284db73211ff6a2ff9225a24c7f9a425488ebd40fd6e379572e1a569f5e35e313240f801f2639efd1379f7629abc99a49aff77aadba8a5f1a8b509134466242f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 946708.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit