ffbc0d5351cf3157a8bff2698fcfcff7f37240a5e00acdeb8b5bf513029d5c93

Analysis

max time kernel
149s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
04-09-2024 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

D79DEC1AAC5B.exe
Size

2.0MB
MD5

67ce648678fef049134294da0925c386
SHA1

a680f66bdfa61b4b1b971d49b50d2b28d272d4bf
SHA256

ffbc0d5351cf3157a8bff2698fcfcff7f37240a5e00acdeb8b5bf513029d5c93
SHA512

e696a6f6b20a76071cccfc6a3108530293b05619d46877abb06f6cb7fc68c04d7259c57abbe063a119ecc1d259fa991e0f9b3e088f19ec67fcc7e801f46917d8
SSDEEP

49152:TTTo20TjlliUWVh/QNCljh5X0BYDMlSznUk4Pq57e:joVjlrIhsClXkBiUSrKPye

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	D79DEC1AAC5B.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	D79DEC1AAC5B.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
11	pastebin.com
1	pastebin.com
3	pastebin.com
7	pastebin.com
9	pastebin.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1735401866-3802634615-1355934272-1000\{A9E3BD3F-1999-4012-B00A-9CFE41909134}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
3036	msedge.exe
3036	msedge.exe
380	msedge.exe
380	msedge.exe
3924	msedge.exe
3924	msedge.exe
2784	identity_helper.exe
2784	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe
3036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 2660	3036	msedge.exe	93
PID 3036 wrote to memory of 2660	3036	msedge.exe	93
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 4504	3036	msedge.exe	94
PID 3036 wrote to memory of 1332	3036	msedge.exe	95
PID 3036 wrote to memory of 1332	3036	msedge.exe	95
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96
PID 3036 wrote to memory of 1340	3036	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe
"C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe"
1⤵
- Checks BIOS information in registry
PID:832

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe
"C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe"
1⤵
- Checks BIOS information in registry
PID:3960

C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe
"C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe"
1⤵
- Checks BIOS information in registry
PID:1516

C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe
"C:\Users\Admin\AppData\Local\Temp\D79DEC1AAC5B.exe"
1⤵
- Checks BIOS information in registry
PID:4612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffebc683cb8,0x7ffebc683cc8,0x7ffebc683cd8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1908,4520169862609020645,14473938238036736314,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:4124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6fdbe80e9fe20761b59e8f32398f4b14

SHA1
049b1f0c6fc4e93a4ba6b3c992f1d6cecf3ada1f

SHA256
b7f0d9ece2307bdc4f05a2d814c947451b007067ff8af977f77f06c3d5706942

SHA512
cf25c7fd0d6eccc46e7b58949c16d17ebeefb7edd6c76aa62f7ab5da52d1c6fc88bde620be40396d336789bd0d62b2162209a947d7ab69389e8c03682e880234

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9828ffacf3deee7f4c1300366ec22fab

SHA1
9aff54b57502b0fc2be1b0b4b3380256fb785602

SHA256
a3d21f0fb6563a5c9d0f7a6e9c125ec3faaa86ff43f37cb85a8778abc87950f7

SHA512
2e73ea4d2fcd7c8d52487816110f5f4a808ed636ae87dd119702d1cd1ae315cbb25c8094a9dddf18f07472b4deaed3e7e26c9b499334b26bdb70d4fa7f84168d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
66f60d620a343c838d5fb1824cdcab33

SHA1
c1d4f005a9cde741d9653d77ce5ad5207a7d51b8

SHA256
fa98d8976e5562ee1cf7b2a6052cb93ae75a1f9317f04be20909319ab1467e9b

SHA512
07851270608de6924566aab77d10e033c3ed32d4551b57ed6375144b5393412ea97660935520a1f71406abce415729292073654c7f6e10b07b25a59444dbbe97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
df7be7910062d83213d1d02dc8cb9ba7

SHA1
5643a05323ef3c7a80221a6c773eb0981126b95c

SHA256
784ae039181e155364747dc42ee63d67ea986d62327855fe77360218fb020b77

SHA512
c7a58860090b9b1e58a4f5e34b01d15bdfcfe82eb00bb7e41cac97bbccaad1adbb824060f7cf4561ab4c4160c246f7779c5c687e9842c4b44edbe7450c594114

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9aaddd24d4c959da9414a448a90462e

SHA1
9a4fbba8fbedcbf6760a231dbdc4f29a057c11a5

SHA256
85217509e577f4dfa2554fac664baf2ca85687898688bb503ae16d211d222b4b

SHA512
182b930e336a9cab475bf6240d4a0bb566d309cba99b5fb981772cf61537cfdc444cd5b0d4310ba96ae860d67089382d4d48bfd807a097f9b3b2e6b7dca1d5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3494321667333d03027315f430b8c9a

SHA1
b30c5b310b189f199f477e07aad42ed761221329

SHA256
d368fd7c005e4cd69a91eba4726b133e92930dc1824bf6aa17107ed8af421cd6

SHA512
0d693583d3020992d99e4ccf2d5b632752b5d6b5060fd926ec3e9dffa061bbc281c90159da4b10b0ae35145e12fc747361aa8ee4b59a5c83babe42d77acd8821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
427511bdd5dda422040f86a0bb3c625f

SHA1
9ccc4347ce11cbaa7dc585d44c4e9f1b02b44f37

SHA256
6df57c72d737e5703f90369e6ca61ee9aad1e18b406bdde076306844fc57aab9

SHA512
7d8e14e1235dd24d6d8df142dcb07753203c4b280fe4386370288070de53b5da8d739d2d9668f22bc67f8cbe108d89157d4972be5b01b70c327a475832074183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57800f374b5fe3baf07c9ba31cfdde89

SHA1
83adfb85d61588a98fd3fb3a546fd3d53acd7628

SHA256
7257afba8906ef338408f998b9a4005fa764df5219096f24bfc51231456bcc66

SHA512
c17737a52223e787fbd5288dec80c0ef147ef4d6fee66456784baea100654e7e2efb578911c88d8b32b2e23838a84a4426fc18892c474bb7d58a9835ce43e940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24cddb6203872c8fb4a713e1bb14b648

SHA1
f745fad94d9453d7d75a8224549aceab26dd700e

SHA256
6ad9c51293fd06b102498fae2b9bc0adf5e45e3426926c1962312053dd6bcd08

SHA512
555fa6a176191711bf00a75896efa7fb21b0f7857857c75d35342521eab7f25d88a1deafdf2cfa042cefb09801b980f30b17de9b0e67d5d8aabfcf8e707696a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe591a16.TMP

Filesize
1KB

MD5
76afd275830a6837f57a717a0ee65860

SHA1
a7d1e278488971dcc3a9008c58ae23d7c752bb57

SHA256
8fb3a756d4a66fe1bd126f5c33550f06b7182f44c39c6169fae2379ac122135f

SHA512
90455c036f6109f3627d2c7f9d98c00949adc5b3837c362dc5316c3224c95ffb35d879dad4e24b3a481758d8fd2c67f55ab6dd9c668706c99ad3d9afb6f811c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dab2e57039011e60f9dae6ee435db6c6

SHA1
3236a714b9e0ed5e8cfa7b50ea24294920381dce

SHA256
a454e6731f03519cf159e9de94e8f35f74f305cc8b92b79b2857f6f8768c7bde

SHA512
1040fcb22c2fe805d52e372555b4df1d6ac36da33050d6ba20dd39cde6d66932dfc452f17126e91639c097685d324c4a426c09de5c159892b6c6bfa296f712a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
392a66657aad5152a1fc67264b6a742e

SHA1
0ad7ac30f9c4848eabf4ad165d147560a00409b4

SHA256
8ce14c04714f153f40d484d05df4ff4bfb895349ecce1cf28e8215950e2a2bed

SHA512
b04b47a9ce79425dcefcc36a6b379af1a95020bc22f979089193ce786607e97fe4927afeeaae8943ce186105956ad3d638ab3578e67e463d6f9c3aea59061711

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 267022.crdownload

Filesize
5.6MB

MD5
c72a2850592803f68bac20e08308a403

SHA1
e461f8f6fdba9896208af464eb997102b4c8938f

SHA256
59dbebff0000ec259b4fc2cbd89626fe27ef6e0d8437c6b83a4a46d469ca3d8f

SHA512
b49f9f57d3a4f44a1637805307bba9ade8140e4d4ffb101b68ab2644c19907e99863942a65d7b9de374459b4d92776fc883bae415837adfa1b2a99a1a37e4994

Download Submit
memory/832-0-0x00007FF73D1E0000-0x00007FF73D788000-memory.dmp

Filesize
5.7MB

Download
memory/832-2-0x00007FF73D1E0000-0x00007FF73D788000-memory.dmp

Filesize
5.7MB

Download
memory/832-1-0x00007FFEDCC87000-0x00007FFEDCC89000-memory.dmp

Filesize
8KB

Download
memory/1516-7-0x00007FF73D1E0000-0x00007FF73D788000-memory.dmp

Filesize
5.7MB

Download
memory/3960-6-0x00007FFEDCBE0000-0x00007FFEDCDE9000-memory.dmp

Filesize
2.0MB

Download
memory/3960-5-0x00007FF73D1E0000-0x00007FF73D788000-memory.dmp

Filesize
5.7MB

Download
memory/3960-3-0x00007FFEDCBE0000-0x00007FFEDCDE9000-memory.dmp

Filesize
2.0MB

Download
memory/4612-8-0x00007FF73D1E0000-0x00007FF73D788000-memory.dmp

Filesize
5.7MB

Download