894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
04/07/2024, 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
Size

894KB
MD5

da75c1f0bf894623c9692d4379af3ade
SHA1

ba3d713c72973f4e685fefb642ea9ec2e20a642a
SHA256

894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca
SHA512

5b29c770b581ba213eca9577a9ef33d2bfbc8c2a9d39e9a1dee98f4e07ed545d3467bc5731ae4b36879e531387aa9bde84e8cb6d34ecce8db7288f01eaeeec59
SSDEEP

12288:YqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4Tx:YqDEvCTbMWu7rQYlBQcBiT6rprG8aAx

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2536	msedge.exe
2536	msedge.exe
396	msedge.exe
396	msedge.exe
2336	msedge.exe
2336	msedge.exe
1624	msedge.exe
1624	msedge.exe
2488	identity_helper.exe
2488	identity_helper.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe
5024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe
396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 396	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	83
PID 4732 wrote to memory of 396	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	83
PID 396 wrote to memory of 5040	396	msedge.exe	85
PID 396 wrote to memory of 5040	396	msedge.exe	85
PID 4732 wrote to memory of 1972	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	86
PID 4732 wrote to memory of 1972	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	86
PID 1972 wrote to memory of 624	1972	msedge.exe	87
PID 1972 wrote to memory of 624	1972	msedge.exe	87
PID 4732 wrote to memory of 1368	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	88
PID 4732 wrote to memory of 1368	4732	894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe	88
PID 1368 wrote to memory of 936	1368	msedge.exe	89
PID 1368 wrote to memory of 936	1368	msedge.exe	89
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 732	396	msedge.exe	90
PID 396 wrote to memory of 2536	396	msedge.exe	91
PID 396 wrote to memory of 2536	396	msedge.exe	91
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92
PID 396 wrote to memory of 4632	396	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe
"C:\Users\Admin\AppData\Local\Temp\894f50b9232689e32c941f6ffa57d18875c5c263b22a6790c3dc6a4ef77698ca.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9076c46f8,0x7ff9076c4708,0x7ff9076c4718
    3⤵
    PID:5040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1840 /prefetch:8
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
    3⤵
    PID:4320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:3936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
    3⤵
    PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3440 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:1304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
    3⤵
    PID:2012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:1548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
    3⤵
    PID:3360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,4259080007237996647,6599883001447476679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5312 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9076c46f8,0x7ff9076c4708,0x7ff9076c4718
    3⤵
    PID:624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,6573734349651579114,11523166254001130096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
    3⤵
    PID:2656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,6573734349651579114,11523166254001130096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9076c46f8,0x7ff9076c4708,0x7ff9076c4718
    3⤵
    PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,2483684694248467210,488525889842781940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
b4780ed6297b4b3da5df4a97485e84eb

SHA1
47fdb6a7e54999a53efb93deab73f89e7523bd32

SHA256
7b817c04a6116c0411d67f0342a90008dd03085eb7be86a9db1c2d209f698178

SHA512
c9f8832ceaf505cd44aac8f300bf0d14780fa129bffd8ef21feb404ebb913c34e2d96980d37d2dde6ed2d9a0e68c55cd5e748886580b1b1d175210a66a97c045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dae5ba6d40f3b65c07841fbbde8101c8

SHA1
94b7ed6b24631bb9b6c7e6cfb3946cb6039a861c

SHA256
3c67db4ffd0d5bc22d88f34251a28de4a8e840b4899940fb614df6d02d19c811

SHA512
86e9a5398e4cd00106299a380b22cc5be3c44a67be87b7a90fd49bfae579269ea7301b0e45fd9ac10771a7ae6228649d42c895036ecbc0b2c68409f258c287a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
678b0334ea8e00fb09dce83a29f1ab6b

SHA1
09963d17e8aa1a2e8478017ae31ab01fda9a1619

SHA256
eeedd4157d3d7b8bdc6773456ca9af5c555f04632b449e26a0897ac4fb6d5fb5

SHA512
23c6be38719f66fa71fab91ed5e36ec949a95a7b4f8db78f6e3e63cfe90c3dc39fe3146cd94239c04bc9956d99d06589dda79a96e44254de46d78fb64743ea24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
83897f90aba4202df685f4f7a432fb70

SHA1
1ea86aed55cfc7783c84fbf9a817a3c6601ffd9e

SHA256
86f0481e4049d6a4c0ba12996491b64e1486de56db134dba9cdaf74e3b08edee

SHA512
8403c682f026e2ade18cc650abe03f9c6c998356c0118fe67b4fd5d6e98c465ad0a4ceb654797ade942b7ff0e936308b0a74d7bc73d6ef88f1a47877d6a738d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1c0003cb11978f9db5cd530242a65ff8

SHA1
a3bfd6b437d82d2d23d558fd5140182a3f06b015

SHA256
c7641d78b21afa8d427421ab39defbd5baa36439158b3ec513efac3d55722874

SHA512
1066c087ffb6f065944e0ee4a838d210c6bc9ad0a27aac9737aa8cd875889bb40813947ab246abec65484aa8f3ee9596aacbba186b9321d7cb880d2f6a7fa1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
84f911e1992488f2ce7143df466a56d3

SHA1
87b4887a892d4d438e7c29c7ee57450a2791fe5c

SHA256
9ccbdea920d4eea1a84bf00fcc26ff354662ce4e863a3d03e55f00cfd9a70788

SHA512
dfa16ea59ed7137794c88c3b4fc442e70f31b777b9966c0d1bfc3290b1a211104ba41b91e78f02fc4e2991fa5dcfec9025e84234b8184023584852acb8d22359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
2c77ccd6076d032b356b1b8d42504679

SHA1
f459d1c5dc8d6b4d93a6745f42c1928e33e75d9c

SHA256
618e0436c46c2a53f28d90f0b41094b20d64c18b35849fdf7d9fb786bf0ef9f9

SHA512
a230cdde5252ba04aef01cf895512064772331237db9d785dfe449334f430c86c7a1eed7cc2d80de92cf8ada4d89c0b52ac0eafbfe6692e11ff52b1738e2ddd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
82aa7f350d91d925fbe5ca499f25c4c7

SHA1
0866fecf0af6f9b47382521f2a32a9f335096437

SHA256
a01608b4739d57ae58f72e8c0efbd588df244b9c638a83a2782757780c58418e

SHA512
6a7b3d44cadfa780c22fc53f00178c1aa75d905638dc492f2d921d45e7f9fc76335682ff4cd93a5e4138d5a248fe89cb7fe77d5393d511ee4111415f1b39e360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1c2b012ae2a2f51b9bee7a20e5e853ae

SHA1
50e60f207ab5539280e1f421f22432684401f730

SHA256
558eadde226ca148158079143fe8b2dc65240a9c6859afc3a28b3f0989d111ba

SHA512
b3b6bd14faa86dcba95e22f89227ab0419729132b33ba26eac06a9592373f24b20a07476d4fffa7bbfebeb69479ce97bd7eceefb9279bc95192ec27147697ad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b1cb.TMP

Filesize
703B

MD5
8e8d074c139d15b509b72ac1d0cb3662

SHA1
d38423f91e70f395b6cab1394867d60aba771265

SHA256
c8235461cc234af5894bb078c11e560f3e48643e870595802e72d3b3a8730a7f

SHA512
02153b8ade4b55a81e32d327d63b0b8270a3f3f205dd89a07cd040cd28447d79bef2a748112ca13229fff707e104e79d38414493d510e84dd6e63edd8b57b6e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
05e3dfe353f3d0b3215bf807de8d97dd

SHA1
bce74a7315e8db2dead7f45216218c3b8284cdfe

SHA256
97d0f795f498dda530413354a3952e1816b6133339b849b1d457a051c6ba92e8

SHA512
4359401d7332f2039a17f181a7dc872a0965bec6d6100b7e4d1b37076547cbdc62a21cf284d7690f37824b9ac625fb619aca47843f0a4e5483bf610af8859335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
108c73bd1e0261da102de048e021d175

SHA1
cdf03c8e32c9b5442a8d10db2956c21895dfba6a

SHA256
9c626271d5852f5fcbc88adb0d996966db0fc76321a7f46dbbcb7e9ab42f8b7c

SHA512
26b7dcad163e8c263bc4c0af24374808b92a82abb77776fa726a476ef74c7fd2eb8955c5551b49219f8a41c0ed5da10f474dd17b2688cfec355fca720405a1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3376d2f4e9d2da76307ca3d988a679e6

SHA1
c8b013733dde96d59671bfe8318d7ba7437beef9

SHA256
61264b9d068c76a933650031baa4f174d67940fa71b4ff8a59c9aaa6c90c9ca8

SHA512
d92618d32500ee4c7eaf830da0c0eeebaf3cb5cab440228226fbc448eaa763040fc1f1f9aca71a97728df8906e79a28067a10105dbc6d24e119f2cc7695eaea1

Download Submit