4e6a9ba02eeebbde5648bf8468460ae87415fe5748fcaba9c165cf4d1b710542

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
04/09/2024, 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallpaper.png
Size

84KB
MD5

bc770d5d1680e9013b1a852dfec4ec1b
SHA1

0c5d84256e26228f8278f6a33b57c5ac44008e6b
SHA256

4e6a9ba02eeebbde5648bf8468460ae87415fe5748fcaba9c165cf4d1b710542
SHA512

32b383fd22e6c2c4219e32f64fa61307429e52e122feb47606a845f04ae86288c07a8647e21dc8c0c8ed1f1e626a1897cb83bc6c88beff14252b4e3c6c9d804d
SSDEEP

1536:9hQBEqIddijNSLPHotgzme/1O55TH1Ugj99OuTfe0dMdLk:9hQpk+N+o0me/o55T7Euy0So

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2400	msedge.exe
2400	msedge.exe
3256	msedge.exe
3256	msedge.exe
3364	msedge.exe
3364	msedge.exe
4432	msedge.exe
4432	msedge.exe
4032	msedge.exe
4032	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 4364	5068	msedge.exe	106
PID 5068 wrote to memory of 4364	5068	msedge.exe	106
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 5044	5068	msedge.exe	107
PID 5068 wrote to memory of 2400	5068	msedge.exe	108
PID 5068 wrote to memory of 2400	5068	msedge.exe	108
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109
PID 5068 wrote to memory of 4992	5068	msedge.exe	109

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wallpaper.png
1⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault81388516h238ch4214hba04hb50dc9a38ed5
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,7530952584735160525,6260664673634626624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,7530952584735160525,6260664673634626624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,7530952584735160525,6260664673634626624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta9bfbb98hd3c2h4c08hb5eah9240bdba2b92
1⤵
PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,841132261852697660,17617055649145416193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,841132261852697660,17617055649145416193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,841132261852697660,17617055649145416193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:836

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulta1b4bf0eh7419h4a84ha3deh41b5197eafbd
1⤵
PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,2633974789123021986,631079130531914143,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,2633974789123021986,631079130531914143,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,2633974789123021986,631079130531914143,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault2a68f943h2c0eh49b2h916ah448ecbe6db91
1⤵
PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,3533264974537197864,5573259366436737225,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,3533264974537197864,5573259366436737225,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,3533264974537197864,5573259366436737225,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault267710ffh6d71h45e1haab3h24a8b25c2f1c
1⤵
PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,3946820420438028742,495189104763731578,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,3946820420438028742,495189104763731578,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,3946820420438028742,495189104763731578,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault16ca9456hfb1bh4be5h9b24h44d6b10d53cb
1⤵
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffbc10846f8,0x7ffbc1084708,0x7ffbc1084718
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,5766364295344933423,14032700816525541876,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,5766364295344933423,14032700816525541876,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,5766364295344933423,14032700816525541876,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b31b0bac537616a35891b583f3c9eb8f

SHA1
9987dc4acb98c84a2990334cc4ab688f34ca5197

SHA256
3a9d59c08acc10d727770fa9e8ac8c91b4a48c176ad645fdeb1913d70cc57e96

SHA512
92c2971580a5e706c804f90b525b16af783889feb2d8b8a8d5af6b1c2656e980dbbdd94ab9d466f8dfea17991a954d43e66cde890d454e28a1aa2dfde4392eae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
78142044b92d988bde47886ad60c659b

SHA1
a92fa4f5d88ef197dd0f8babd95e70da6fa648dc

SHA256
4f2f7ca5579c85a495aa89e2e9dbf8caee527e2c6c890e2b1c04087153ba7058

SHA512
ad259ed622d2ef257c6f3dbb22da19a8bacef1f30e1d9b478841bcc2fd42db48675c01b663fc7f2d17493b35b09cbb8bf5e14e109fa94413b4285339d1d10083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d5195699532b12b8b5aca30294153a

SHA1
2c9dbedf628d666f278de760bfac322967c732ce

SHA256
63fbb2bd189ef3754fa4f7b8b06e1813a6ec1b666d0f425ff36edb4a86c0f321

SHA512
c9303582ad64f9a771aa9664cdfd93964054be4f1b2f42691d7e9afbc39acff69ec20966b7264c5f96c084542a2e38f5c7e1c63143800c0133a331a1dda7dfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e30742636e352e3ff0165ac0bb434c8

SHA1
4ed6dce106644b5865a7aa1b98bf87e7c0901940

SHA256
a54ae988f5aae8fdcd3d1b545b2703893a7b1810aaa329bd24f552dc42958bed

SHA512
422dad83ea14f4ed4e079fe3d57908a22ac2fc7968c14b8ad9f524b91a115d500d9ea884502a494cbc10d2b9566389f38e523309ca3d0cdf617f14ebf0e2a16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6f83db0baa0cc899ed273ad501aadbc1

SHA1
e16aee8e4d8c0513b9888681176550f4c2b45990

SHA256
b4fd9bb989a46c746a3afed6026679d01e6b78da2d143414dc3dc1d388e13185

SHA512
3cb651070a790a8bc751f1170bf9ae155f2a52e6655e6dff507b96ef79f44ac4050f56adea2aa00827cceadcc075b5d480e69a2d0643e4d6b4012f7b9904575f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
4c8a05601155f3145b5418450abaf9f7

SHA1
1440836ce5ba1aa640564fa36fda3f3d54c93eb1

SHA256
e35263e3f237080b194d5d8ad21bc183dc8afde68201120b184266801614db02

SHA512
9baa613f56ce1f867cb90774484091e42b9031f936b9405c2a1d2ea5b424975ddb5d1a54347f761806c955901982686d519df9463af556e39d030fc648d5b225

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15f8748c777527f2570b3de8b52455a0

SHA1
1263f5dae0aba0d4f64408d1b51da7990aa7760a

SHA256
738cb028cf00147635b500ff2d554481181e96456a4bb8e85745313511fc5d4f

SHA512
5e58fa591c6796bce95df072f19ef0871368e24e7b4631775a433f47fde1b9d40fc0db511896729bdebf823ab04f3529a4365af564afb32be1d507cd4d8e0320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
784d2749b438c5a5fc3a86503e3c54ce

SHA1
6da2fb6da8d6b1440c4bd62d10f250d49d440561

SHA256
29aa93dbbcce4fc58931d7d6242f2cad6e785e659f27dfdfcffe5295412451d5

SHA512
b0da180be3975b25859b1dd0d226f9231b1cf30fc68f664ecec4d50fcd2515c22c3022d76227e8cc900aff85f261ffb15b8c637869d9ae42c605b5002af6ae5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05b598abf1405bfabf85ff65e1e75c1e

SHA1
3f9c38cd919369d47dec47a6e0807bc747b69483

SHA256
cc1c484083618267943fd4f449a2d4a46a4720a5c9e9bc714674ba05d89225a1

SHA512
b795d39d3815dc370d866c4170309983fecff525a431603a77c89afa656bd0b495d2e66c629757c310a671e9f80f446fd28113c963c537077bf0d6abc9970fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5114478650af79d29b9ac3c2ea89f63d

SHA1
fab43be08fe874430c6cf31f3f3407c35453d8ca

SHA256
bba2e0306d649acf5ecbfda238a4458d58bba086d7af9a413b5295e2b771e8bd

SHA512
b9012cb1fda82a2402870b276329ea4edf0126dc3cb03119d436520de4fb21f0368c262ec9e33c48e6099a631f8f698ed9746dc4305d2fb24f9dbaa9873ed6e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73ab8229b99958f6a545f000e2bae366

SHA1
9459d5992514d00b82eb1c54c8ae1a0a72f4eb8d

SHA256
44c6480da093bcb171217820e8c95f6e520f1fe7cb0861b989d789e9268b213a

SHA512
cf6e7e01d6d3d4f8fef2e57de73bc1dafcdd4621d51a130848e344b66c83fa0ee801e3496103f11eb3eb7f60853639cea2c8000f8d1f233a2d694035e98b47db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
8311eedbf69582839d81588d2bedce5d

SHA1
7ec6aed0f370c6d73343eba93efc9434d8fbd3f4

SHA256
116f860a4708483225a5470d7899595a3c0c6179c3197a679dfd1c260a68e4f7

SHA512
a57f00f70528a8e0f62fb371f7089e7c6776cf078c762c2fb165a911b99ea3a18fa8c612342681f46eb5a1de21d977bb811662f6a6a12938e810b81bf2769c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
7a6ad9c593e24db9553af86252d07ef8

SHA1
f40456992dd4716bdea052fcdcd7ca36c3daaa3e

SHA256
8ddf050be37f50d2a9a670702a7d7af1e6766a88789b27c249abeba6aec142d3

SHA512
bc04574cc38ceefe1cbe85d438cfe895aa188472051e6775a53a5a0d5037f57a057d9a341ea6a2289cf822fe77dbb80031f1e9491feb68d56fa07087aba56f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
826095e4900b6bc0cafad5768f9ee60d

SHA1
156089172cc845a96bd10744c942848c620c5ed4

SHA256
12aa2601bfb0e6b68680f8edb46c16afac05e1e6f3eba6a42583273a5444dfc8

SHA512
903fde2650a490bab3aee93b4274e8dccc67fded7453741d4870585499b036645cf22679f2eee95dd1a3ea9ee63b68633c234804bad8469bc4f6c8fdd362dc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
70a8f36363b04fa94f201c897294cf52

SHA1
8bbeb22e4c38f3bccb82aea2a78b9145907857dd

SHA256
18e9995fadc3304db7a9ca80a25b1a4a1da1aaacf2f86cf43bfe595c7d1b1b6a

SHA512
611809aa0e1e28a8feb0b090f8ae98d4e3170a472211072af8d5743675db280f644249d7fde749a22a7acef5a1f4f101c19b25a9b02e5781717a48d31a3d339c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
d36eb1701cc102062c0696e067127325

SHA1
11be766e329a558f978dc26108488d2b977266c7

SHA256
480d8d59a0933439d3a662bc3b4bdb5bd6e2d932b506b729802e4c13cd0fd9e6

SHA512
73440d2154e4b6e210abb0740682a7eec7ef4b2818ef7133a7f76950515ebc55b55a319a1e4aec5ef4ead8039119ba574d63362be7bd7942259d739581d05288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e4d07062fa0acbf76401675afdeef14f

SHA1
21441cdaefeecb39828ae29ec3c0a6fe8d1d76e0

SHA256
6c2ca33363a50a46a431e5f6d46e38b764f2d399968fba0419dd1b69f1bb30a2

SHA512
bca184a6cb72f8f82b1ebd4ad789ead9f436e8b1a89c005aeab550bee57b4f60655b2ae2c05e153e43fcf8652808249bfa5124cc5922cfd6e49b2ae12ba3ee20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1da98a84ce42dca10883f930690853c1

SHA1
3e0e95831eb01f62c4d5f03ada3a87a96e46e3e5

SHA256
497aa9aca19025ca9b59ba84b74c44be968d6c0b82f841c36691b66fb5553965

SHA512
b8ed0d6a9f4e48af72a31f29868344f38069e264d433744979e18ea01fb1ce0131453e9def2ca41026722a0973021bc672be3b7ae0a6140936543a4ae273466f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e3780958bda4cc9c052feb972ad6ebc1

SHA1
d337f82086ac8e940259000da11ae3c6d347ed0f

SHA256
fcf92551650a2a61e47bbe31644967f6c79d55826837e77c529ff6649969bdd7

SHA512
820bdf71c79d3e0d0b0615841ac7b23a4c376a9d977d92266e177b0a1efe4ccc9a0e0a095a8d0f1d5821cc94dab9704362d5784fd34b050429ea57455d184421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
e1a1f6b7975189c35c9beb784d0f0c98

SHA1
a19ec6ce855a15f346f654c53f721f774d7d7cd9

SHA256
23a8414d8a98ea0213fff5a20b3db5d47014ffa0be2f4650a11833c3b2395235

SHA512
9fb8987491acdd31c2a56b0e6dd49565f8beab15031edb3b5313123f68ac35975457f38cfea3a64e6a7a4d04a1b0e2140ffa9058554d3bfb8e9237597c750a8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
cd564d218a6fe8210cd77ee4b46dff2e

SHA1
5ba68704e7bc48d1a4bcd60d3841b6dbeb747720

SHA256
f8e81b56cf8dfb20e4a55bab489d5ee19c76b2911775189de62b9b4584cf8b55

SHA512
79dc0e13a4443eeda45796eab23aaa5789f80dcd3539b26e89957975376490e48192a076311695c41da6f0e467566dc8ee410916126ab1482eac595c44911d0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b76c5f78-cfe4-4406-9ed6-338428cbc31c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ddbeda206b76cfb8f3fcdcdd9f77b46f

SHA1
5355d1836067cf0af0a0ba4a96f528df16fd72dd

SHA256
ad86b957327b4196dc6278fe7f6bcb14ca886194a0200adbc45993f0b97abbfd

SHA512
9a99c7df89969717f864b78aaae5893d695d3a66ba413d02a5c66c1fbf079d8c95257e6bdcbc2d404f6c40b37bef1be1a162e3a0113d05830591c3f3a2b446e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
740d2d768463a0868366b5044fb123ab

SHA1
04192ede11220a76c8c1893c53080597d00f229b

SHA256
bdc612e78b18dd50137d9e3b74ea0cb09eb750e03a3f5f5910a790b15a84c64d

SHA512
2ef0ead9f62577f518391e54f2330f12601da73740876f0082e683c2b4c845a060361dc8ed81880636242f60f421fc5fcf81b7114c97da6c4be98deb2cde2131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b6142f30e3f30467cc6536555e5b83c1

SHA1
c563b19429db8daa8c8d2f3897af3c32c582f765

SHA256
abbfe43ef6c514e1e85ec5b5eb7069ae54b6af6abdbf89ddc5b2c9ed46b64ba7

SHA512
26a5ffc66c468e9f4aa1b6eeab2add9ffe8f5f2c60cee1f86c7dce1b0e5e01b0491e1ef809e4390034a7ea59c1e1d1bb9621ebaad17dbf88f0fc42673f75e960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c9798d509a35052a2750f8cc729a1dc6

SHA1
2a125540e3b73585d969cf56bb64cdb4381764e1

SHA256
75e5acc6c1b109a88510d7569b190277205dd84bb50720a0f46d2c2d59ed3690

SHA512
a3ceb8c74abd8293f175456f299857e6bb18a8fc348f19410bb86f84a4b785a79eefad7f2a4b45f688583545a6381643f18e4afea8e44178b256a76102dde716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
b9aad017e5d85e69df785f4191481aca

SHA1
e997ec8d8c2879b84539fa8dd968aee3f3ea531e

SHA256
85a859416c76cb99f2bcfe0450ef9bd69cd25ba28d2b7215a36c3603acb89123

SHA512
b97a0376c34f19c9f5ed5f6afcb1d18d45153a3b4a539c9e150c97e284f93d6da54ae7fa56c35efba316a9923b82d54b5d601753379c5661c03f3f0671820bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit