Overview
overview
4Static
static
1URLScan
urlscan
1https://fs4.fastuplo...
windows10-1703-x64
4https://fs4.fastuplo...
windows7-x64
1https://fs4.fastuplo...
windows10-2004-x64
https://fs4.fastuplo...
windows11-21h2-x64
1https://fs4.fastuplo...
android-10-x64
https://fs4.fastuplo...
android-11-x64
https://fs4.fastuplo...
android-13-x64
https://fs4.fastuplo...
android-9-x86
https://fs4.fastuplo...
macos-10.15-amd64
https://fs4.fastuplo...
debian-12-armhf
https://fs4.fastuplo...
debian-12-mipsel
https://fs4.fastuplo...
debian-9-armhf
https://fs4.fastuplo...
debian-9-mips
https://fs4.fastuplo...
debian-9-mipsel
https://fs4.fastuplo...
ubuntu-18.04-amd64
https://fs4.fastuplo...
ubuntu-20.04-amd64
https://fs4.fastuplo...
ubuntu-22.04-amd64
1https://fs4.fastuplo...
ubuntu-24.04-amd64
Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
17-06-2024 09:26
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
win7-20240508-en
Behavioral task
behavioral3
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
win10v2004-20240611-en
Behavioral task
behavioral4
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
android-x64-20240611.1-en
Behavioral task
behavioral6
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
android-x64-arm64-20240611.1-en
Behavioral task
behavioral7
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
android-33-x64-arm64-20240611.1-en
Behavioral task
behavioral8
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
android-x86-arm-20240611.1-en
Behavioral task
behavioral9
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
macos-20240611-en
Behavioral task
behavioral10
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
debian12-armhf-20240221-en
Behavioral task
behavioral11
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
debian12-mipsel-20240221-en
Behavioral task
behavioral12
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral13
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral14
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral15
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral16
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral17
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
ubuntu2204-amd64-20240522.1-en
Behavioral task
behavioral18
Sample
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1032 msedge.exe 1032 msedge.exe 1856 msedge.exe 1856 msedge.exe 2168 msedge.exe 2168 msedge.exe 2080 identity_helper.exe 2080 identity_helper.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe 4768 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe 1856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1856 wrote to memory of 1132 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1132 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 2088 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1032 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1032 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe PID 1856 wrote to memory of 1520 1856 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fs4.fastupload.io/d84d7c9ee2c50425/FAMalHashDatabase.txt?download_token=01cbe50de76696e151437e662d246bc7b2454c84a197b0c2b5c4f57bec5a26f21⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffbae5f3cb8,0x7ffbae5f3cc8,0x7ffbae5f3cd82⤵PID:1132
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1952 /prefetch:22⤵PID:2088
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2320 /prefetch:82⤵PID:1520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:4964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4564 /prefetch:12⤵PID:3040
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:12⤵PID:1924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:3340
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:560
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:1808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2168 -
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:12⤵PID:2580
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:12⤵PID:2768
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1744 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4768 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,18182555941991822983,3731312661671618983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:12⤵PID:1312
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3036
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3692
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50d84d1490aa9f725b68407eab8f0030e
SHA183964574467b7422e160af34ef024d1821d6d1c3
SHA25640c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50c705388d79c00418e5c1751159353e3
SHA1aaeafebce5483626ef82813d286511c1f353f861
SHA256697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5c2f5b7d2e69b5d6b3819aac01c467bd6
SHA1f835280cb90da07328a7b6cba283b2133f9637bc
SHA256f192ba00ada53a5ea528caf0d4e02c77fe78a866860e8a88b730a07437e50728
SHA5126db17619445e9944c06f720a7b61bd3d96ec7f2ff94b44600ea1000d14271ce050660c2fe9f194698229233edaae58239be3f15f984714fa452a429a636dea0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5ab06a5eed8d111f9f189021a51035e0d
SHA1381278118dca1f7afb1264b069ab4affc042ed56
SHA256c46f341b2797ecc51e597f3b6e9550b9ea13f58e37ceb45c3ac83c3ecba985b5
SHA512eec63e37efcd146777f1ec41a815bb26f4cdcf9b26adda385e9ab1323f363e8855cb7c2d866e207bcb6b699a17d8e028e4a856377496e432aab0fa6735b516df
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD594373222cecfc02f96c8858b126494d3
SHA14ba3fb911437b5eb8168b71b2541bc9af4d7cbbc
SHA2560f31b3c5de16889992570e102c5c81f0fc164f8d42c4b9c9dd046360925a1ef3
SHA512bb1eb94927d4235e527d6a3cf943633fe986ac5c896477ed1e7f0c2d98e8f394b7f89368d01fac76632e2d8d323ce6b2e0526de2750df8aff78c61bb08f32dec
-
\??\pipe\LOCAL\crashpad_1856_OSMLCAKPONFHFKWHMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e