4144b47cf3a8a22d6483dd58820c0f380d975ced0662f392987112f9a83892ac

Analysis

max time kernel
76s
max time network
78s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-02-2024 08:35

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

hi.exe
Size

8.0MB
MD5

0643f5e19377fd38e4665c2a6e1f77fa
SHA1

f4c4d078731f328ab19757a2ae0ed06010fae71a
SHA256

4144b47cf3a8a22d6483dd58820c0f380d975ced0662f392987112f9a83892ac
SHA512

daaec710db10671283f8a1b152cbdece3a257c89bffd45bad73fdd5cf160875ee5abc95f9ba351a8e1b4a4fb99360cd81a984e65a5b1a13c7667349a228cb570
SSDEEP

196608:GxjTCTDwGcsKgectcGfcY3gtFrlnv/yb4n:Qkk3+eWcGfd85se

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 5 IoCs

Processes:

hi.exe

pid process

1596 hi.exe
1596 hi.exe
1596 hi.exe
1596 hi.exe
1596 hi.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1596	hi.exe
1596	hi.exe
1596	hi.exe
1596	hi.exe
1596	hi.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "24"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{44050882-50F8-41DF-B07F-960C1B5815EF}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 460328.crdownload:SmartScreen msedge.exe
Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

2568 msedge.exe
2568 msedge.exe
3980 msedge.exe
3980 msedge.exe
3588 identity_helper.exe
3588 identity_helper.exe
2792 msedge.exe
2792 msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 460328.crdownload:SmartScreen	msedge.exe

pid	process
2568	msedge.exe
2568	msedge.exe
3980	msedge.exe
3980	msedge.exe
3588	identity_helper.exe
3588	identity_helper.exe
2792	msedge.exe
2792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

Processes:

msedge.exe

pid	process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 1320 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 1320 AUDIODG.EXE

description	pid	process
Token: 33	1320	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1320	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

msedge.exe

pid	process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

LogonUI.exe

pid process

5264 LogonUI.exe

pid	process
5264	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

hi.exehi.exemsedge.exe

description	pid	process	target process
PID 1148 wrote to memory of 1596	1148	hi.exe	hi.exe
PID 1148 wrote to memory of 1596	1148	hi.exe	hi.exe
PID 1596 wrote to memory of 3980	1596	hi.exe	msedge.exe
PID 1596 wrote to memory of 3980	1596	hi.exe	msedge.exe
PID 3980 wrote to memory of 3616	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 3616	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 4568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2568	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe
PID 3980 wrote to memory of 2244	3980	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\hi.exe
"C:\Users\Admin\AppData\Local\Temp\hi.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1148

C:\Users\Admin\AppData\Local\Temp\hi.exe
"C:\Users\Admin\AppData\Local\Temp\hi.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/watch?v=uHgt8giw1LY
3⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffa4ac46f8,0x7fffa4ac4708,0x7fffa4ac4718
4⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:2568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
4⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
4⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
4⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
4⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
4⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3812 /prefetch:8
4⤵
PID:4776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
4⤵
PID:1772

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
4⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
4⤵
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4352 /prefetch:1
4⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
4⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
4⤵
PID:4976

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
4⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6312 /prefetch:1
4⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
4⤵
PID:1780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:1
4⤵
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
4⤵
PID:1604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
4⤵
PID:4192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6608 /prefetch:8
4⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
4⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
4⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
4⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
4⤵
PID:6132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
4⤵
PID:6124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
4⤵
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6708 /prefetch:8
4⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7016 /prefetch:8
4⤵
PID:5396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
4⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,4458674434250231471,1786408892561040985,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
4⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f0 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1320

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390f855 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
22KB

MD5
7a204d478c8dfe822bf86f9103bbd9b3

SHA1
7114b36ea1588d9372d730b2ee5dec7a3aee36d1

SHA256
d9134e3cf60db564c49cc181251c7308bc568acf060444c443a90c0f464ebfeb

SHA512
f5fb06a9808e9370a5fb3b926ffa27746ca7942eba36a2f63135168218e326abc74195453b9bcd8a045d5870a71b7f250dfc281515c7fa51857410acb316763e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
47KB

MD5
7cf459fb6a385376d557bfc91d964087

SHA1
43df1c5a3fd47487a815871ae01ff4da157bcac0

SHA256
6228b80b1a0b5e74b5ec45368b7d8254f3d03538ee1f9f1a6981a116d28ba979

SHA512
a3c8499d7181602790919cf14fa31c64aa5c26e179f72ea1649eb37651170a7f7e1b84858809fb5473932080d9b11ed7a9b28d9d9f61b283e05eaebd5c19cc34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
212KB

MD5
9938fd17b172bdc10b284401c55bfc65

SHA1
2e8b40a7d6b974c3e09e26df71440c445525a609

SHA256
c7daef2774cbf611a79ff767c2486b0aa3b240daf4f50725df1542f3e773200b

SHA512
1dd313f52d357e64574e952f3f093d5beef33a943e053dce4bda2841ecfcced70d53e1abdb699f6bf182cf1dd45124c6caebac43f528c3efd430500427526087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
777KB

MD5
8318db8ce08e20961a259124b01ed12e

SHA1
cf66e2d5683836cc4c21369d3a422b4b9c177238

SHA256
adabe0cd0f13b34099125f1048d14a62bae093d484f41903f90da8e4ff23736d

SHA512
9737ae97918ed8c36856e29908da81f1e462f0ef7e3d3f742c634e3ed81b6e60d3e9225fea972def48ccda01c84c608da16461acfe7bef1e4ec9e24a11a164b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
1.5MB

MD5
67dd77648c95bb6b8b7c74c5e06640dd

SHA1
b044ca7fe534a3e399f8646817babe0b02369522

SHA256
8211827e7d384812f8ab3029583effa3ecfb319061017db5780d741bbc009086

SHA512
7c8077c24e321029f07c32eadd6cfe476e53c7cfa172ec0ff023b9787286b59697145acf95f71d69e7568e35ae3c328f0cc979321cbdd2602fae3022d6de50c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
31KB

MD5
4c47f67b4f8335e3dc3a778fa84a3637

SHA1
4e2aedf7cd05fa7e9bb469b02e9e9c9e5ee25e81

SHA256
c2fd94c17833abc2adb5f9e6095e08ca8aa14af9821d1fe754327f7aa73cb9b6

SHA512
119175e24a55fa84ea58cc72e7dff7952f1281d1d6890236b9e37e508005e6ae931907ac86bb07d6b5b5d8b737f5657fc7eca3c76a9217ff76972dc31f957349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
33KB

MD5
63f8ce93cd5b30f76b0a6cd029b7d354

SHA1
3ff83134ad10ff1e5c8da09db619a0274e5e8546

SHA256
35b6dba4a78fb19170305143a6f3740fe43a43ae35471709431d8391786c55ab

SHA512
7adf420a457e00639565a3f5918c8dee5026307ba37d71b3471cebb4313ac29897f1860ed22eda7caa44a563911987efdc4ff9f686f228d1ea9876e76a9484df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
23KB

MD5
9eb7de8c0fa7f23e016eab8f94b70c84

SHA1
d1204205d4b1f0e86186dfb05cfc312c1815a65d

SHA256
40d9bc5bcbe614270988e8e6d180f20504ed458a7f4938dff60173fd5a851103

SHA512
32d4842e1fc1f2ccd81f369ee7a19c1c8c8f15c1d6ddef777a50c7d7bc93d4e2b5dd387925c579dcfca4f8f6ae6ef736676033a12306c978fa42151bdb137e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032
Filesize
27KB

MD5
ce0b8d11a00256be872539d386e3f8e5

SHA1
64658a28b3b3a52c5332c9e1fdb8875411a4f9d2

SHA256
3a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e

SHA512
06fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
792B

MD5
281e1a1c8af93218fc3acc35afccd9a4

SHA1
304e2bdfead79fd7c0e1845ab1c6d1e2a341891c

SHA256
0285bfe30b06ec193907c07c62fd9d9e2e85a9a6778563ee6933fbdd28f1020b

SHA512
7a5d951af479b70967346cc4e5b640f8ac312f830b25672842f8ad8877e27a567cd4d2acf5d548a72ce8261f6b9e9aa7ec1613a9063a4c22456a40cedef0f8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
799daf91b973c8848ef8197df3edcb58

SHA1
f76dde3f8517f53b92a56714fb3c8a969c964252

SHA256
b7cc1aa496060d1ab1ff6cb1c39b07f8ea1206e0244dcdafc729b93bf1c5aa07

SHA512
aa04d423c8ebad87373729297b75bdde31083a2ad4edcd6ca8646242d3539c37f1bcb7fb2cec92ac4d0845f61a67631425dd4cabce2410be06c4125130911419

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
6KB

MD5
66df54046e2031ebf15b5ea8180c6d53

SHA1
49e4d670a75b45c63c3ca856b993ddc7c822980e

SHA256
dacbe1483d1975170f46711a74f3a9c658b8c0ff5d018d9c1345d30e50766e01

SHA512
4d49dc6e4a8c1f84b3d4734751900a87c22e20b33208185028b217ffcf384a8fea3a73422495b6ebddf36ce2bf28bceec5b808d1ad271b47bff8b0ddd845883a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
db8558e4c7aac31fb3f67d518628562d

SHA1
3571b3b1ed637b6e807d2d64dce24ca728f924f7

SHA256
4a06271e31b12fa0e53a06cc5b708480deab1c0434b16a17bd1e89791e69273f

SHA512
b17ed682da637115f9bd50eae6e540e96a8af0e3cef704b40716e3c653808a7e29d481a498ffb191c29a0ca2d31f10950d4ee99525111fbc5c6c11f54aed544a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
db26cfe2c41279a36fdea81b41100c4b

SHA1
963f7ffb96538a9dc6db7a7060fe3abfd1253be6

SHA256
4c623a35f9564e7f22aa4bc7ed9762ab4496a212f287e5dbd7a049d74b52c112

SHA512
cea4a5d0bb63a39762b3b69e25cd992c78dc69e66149e468e5385438ffa0620947b694c82745d45239c4537e37e6fbf874a85045130158851aa6a7924a5e1a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
5af58eb9a56d354068e4d716ab78fdd8

SHA1
30df445d1a9e128e2e3bb2c8cf5114b9a8e4489a

SHA256
e4c80dd7b871bfc417a7c4995a0d522e34f8040e953f8a389d8d9441310718b6

SHA512
0199f0478a66b44f0d4967ad59121c9475f859150851cfb83648c65d3d1cbe5ea630e1c75fd7a479429b57eefd902866a934d2aff3a963e65506b6df8526ed98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
24605c23826876db629658d97840d26d

SHA1
5ec5ca9752c7b1d166a193168284628bf6b9cfad

SHA256
ff636d4e002b7936f41770fb72025d7f2f32da12b7cb9be8f5845b2f10779e7e

SHA512
e7fe597beb34887b081ec8d039563dd2c47f39181660cb19c9b4376f83b110d96a45ae6aef8973d27269b7f218ace65ba0c6ce3dccc7170ed50f42f0e610f9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
f7f6124755dcf30fa25bc9782838b915

SHA1
3618ab95d4b4d21feb8d99f1394182f39c81b6b6

SHA256
2fd74ebf6df96ca3ab7bee6dfa85a98601fda3e045d387c7d45a05194fa06056

SHA512
61e042fea63dd03bef789f002fbb1e8c7304e8b87506751a407dc51c0cd3b6b2c53ab222c9511d9154dadf04883d65ccf0bc578e44dbaad877cc7b28e6155b0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
312566ad547a9aac761839bdb5112277

SHA1
dc1f600deb14b460fae250192f0d9c8d2fdfbed4

SHA256
edf336bbc6b4cda279dd4868c8f7af4a37534e2801483315135621f350b0c664

SHA512
bd9eef074647475397796122cf6f80ef921dd3f80a9a775c59b038a7baf037443c0db59b248994298a48cee86bc68020da343727f20dc30d5232a25fcedd8ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12dc1f7e-3b7e-4b48-97eb-bc5d2404c47c\index-dir\the-real-index
Filesize
552B

MD5
3fdf5af104b1081c022dc5c47a5311c0

SHA1
a1cc877d04e045bb57aaaf2a2dda083449f32dc9

SHA256
1c9e68f028a2d07c23e00ae1d4f6aa1529455c524596d5e6ea81731431615ef4

SHA512
e09bc9730045461080f57e816985254dba47ee1f48c6099115e17d1bf787c73c88d538e4cc0b3db50fe7432ccd58b370d9fa7e8eb1329f5fa478eb21f111bb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12dc1f7e-3b7e-4b48-97eb-bc5d2404c47c\index-dir\the-real-index
Filesize
2KB

MD5
c0bf27ea5cb56b7fb8ede9d418422955

SHA1
8997584cc5b84c4d6d5463e99ece25727615b3ec

SHA256
3d0c9e6c9032333275f99e68c2cb5151422b14bdb318a28253f608c355d61baf

SHA512
b9affdf03550ae6bd1fcb8a7f17cbb601120c39557acf554206bed4cf1381d8e17e595b722915adcd97ad3d529f97fe845f00cd43dd5ac872c7e50830cfc6806

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\12dc1f7e-3b7e-4b48-97eb-bc5d2404c47c\index-dir\the-real-index~RFe57637d.TMP
Filesize
48B

MD5
3efcbadbd692349646f27c3df5141e02

SHA1
71d1d5b6cec47501bb47323500e3d8efe432c03f

SHA256
3745275c1ddfea560a0b6cb4b53b814adb2900647fae204eb60282d172c63e45

SHA512
f2fc084a5a3170d5401aef68edef126b5d3684c19ff8ad3a2f772c47e907e53a130acd607ca13fc60b5a1fc6a0a54b291f54324626b5ef7042d48f9388ecec34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7390e5cc-bf24-4a71-9b5f-cacfad0f8fb2\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\91d42d39-1607-410f-9248-f00ee1f2f32f\index-dir\the-real-index
Filesize
624B

MD5
fad70af516b639799e17ae16ad9aca06

SHA1
3e0e2e8d41df68d4cd51cce43f966b9d4eeed332

SHA256
8bdddbe7e8c656ce81ccfb534eb83c27a518d01000f2e678da8b3cf300392809

SHA512
ee7d6d0ab0b3557abe08569244edda771223072ca09178ce8e6f5f8a97933b6c2bc2af3a194fcb0bc22e7c76a6880f7e6d858109550e41d4f26737c184cbfe1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\91d42d39-1607-410f-9248-f00ee1f2f32f\index-dir\the-real-index~RFe57dc18.TMP
Filesize
48B

MD5
d389ce9fc5fa7fa6c0e04cfe7966bf54

SHA1
bc93df02ee3f5b8b065870d81200703a8973be47

SHA256
65e2ce2e9aa2c96287cec09db5d9db27944baffa262a1e63a30e20185e146d75

SHA512
7a76d934ab77a929a060f5becc7863c2dc6461b7d2ecfdb7d56517dcfcb4f10fcf3c018820a4210c68f8755263556f42d7207a3b0b67d918c5a5e9949756889e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
146B

MD5
af5517cb5dd0a8eb159387962766ad15

SHA1
36fb30d89588b3947a244fbf067d8ce49f5218e8

SHA256
13169185fbbf8ca31026826959f26cf8383510e6cba53fd12607b1bbfabfe4e2

SHA512
00e754fdd4a1e4a872a7270205082eeeac8474e3da64a5f7d06ea5efbc0c6aaa905934de4d8633735c079ccf2f538708ac91458bbc2c4e6b59c8a13a0761e07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
148B

MD5
21025f423f362f430e1999968429db55

SHA1
cb7395a1bdb32b0b41db7ed589c291ad5992d767

SHA256
d11e6019702e9dfce0dde249a2c02588f8745dda94bf87476606b2555625b5d0

SHA512
5396ee562fa17c7158d04e6000075d7ed203bfe281b100720e97161c4b5365100b9bb9c5059a6c9e30fae3fc23ac63cbf821b217a915f077b01cfaad30259181

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
157B

MD5
167915b749d68f22c5d3f4f74f1d2382

SHA1
4ba784cd51cfe60e26e5e66aa7aaf81c514be096

SHA256
574269117e83e891a8a8c6066e8c423b030b79db84afb398f0c10dd1f8efff4a

SHA512
8a86593018c20bc53b02abfdf2b2dacf0b6a9eb6e2815f2bc7c30c833d7a7f7c3c885c32011d9cc453a89b7747af029707fa02bec287470e7d2c27df335130ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
82B

MD5
924d3a3e5a9ebba1f9c9681322996071

SHA1
e1518d9c748f7a01e70aa189f9c9247ffa472e3d

SHA256
2f62fcef7333eb6912acc2a8f100801568bee991bab80496cc58d38033f67bc4

SHA512
415cc00c367257be0e9054f0696a99ad8fb6e2833bfc1f9d81adb329ef8d0a57593d072a70f3dd119419ec0c7a8c51f045a563374f7a3cec48db4e5d3dfebf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
153B

MD5
3fe1630069886eb1de42d6ba83049c79

SHA1
15e2fae49023e4166fcea784f39123aa647e189c

SHA256
193b7d4951f3c6baaee7b7eabf6a05b005d795ce7cc17450b4e43a37aacea224

SHA512
3f8e679409ae3637d4c102a6288e20111a30ba491ca97332b6eb19fb8ae95eef0fec122584bd6085775b633762757e290bfea1ed7abbe944c6debe54a165cfa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
84B

MD5
d104f4ef0af764bf0bddc963c8ad5e4a

SHA1
eff6477589fc50ddd3754ed23a4182310aa10031

SHA256
ec91bbce71fd05d34b462d0f1981c8050cbba5e40b9e40132536e87425a73487

SHA512
1baeab04ed7d73e5d71c2e0dad9b408be9328a5b65f2521da2b8a9e6e110026a3ba43fc94f1e4fc13b5bdf30288ed9c596fc83fc02ffbb9fc01f4dede6ec82a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe575ae1.TMP
Filesize
89B

MD5
2219dc1f3ee553f39b96567ac61974de

SHA1
92cf1795c95e8010de130835aed6a35c94eaa0c9

SHA256
5c73f687665b9b41817c6e69d4f391e4b17e0ac2ac7f564b3ed03194970f8741

SHA512
12850a520a10e0f0131d1b915733c04468b79b52fa09697fcc5c39e131f8928b1ee8300e537ffc9273015cff9328b0423b3e85f9f65dd9082a4be07a1ea3ee0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
96B

MD5
decc86e8095800757dd44592cbb650ed

SHA1
417dfed3414b911e62f987dbc5732825b7a51db6

SHA256
384d5e3c5ba823c836f6e2bdc9a417795f90aba10b2af67f4b36ad8f54613502

SHA512
12a954957b1146ac20427da77e6666abf8221c3c8f800e6385d7c5346a0304079e018c0cacf31b4c31e51c76f5651d9254da306f222bd1cb5af1cfd7aed64b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57d09e.TMP
Filesize
48B

MD5
533b99b7bceff18838ea1c6ba051fb1e

SHA1
8cc245be7e82ee6ecff03d3ca523df443cff8332

SHA256
13d271494f4d378c7c4e4f855860da53e68fd4c3e5d5af4e1b0d83f50a6259a8

SHA512
96fa209bbf6fb5acbaba851851baeca9426803bb3df4fdabeee7a05deb56d8f78c793946bc582f88bc5a6a1cb7d0c04589ff74da1a50377696bd39d828487608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6ee81c9141b7d80c22d1b4cffa325a3d

SHA1
36f34913d61168d987376c4253f150bd0a2dc7a6

SHA256
3ad042ed2fd2a60983f21684c06acb38e6d0054eeb7005401385d62d37c7b8e0

SHA512
95241abb5a7e5c021feab3e49f4d56ca077cd2bb3172aee6a63de2014fc9eaf9db51e2ff76d4aa098ae7a5f25fa4ee9ff41253bd7e08136b58a69825d86fd252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
83faf663c70716611a908a4f578bf8bd

SHA1
f8a519270f061bd93993a9de0164c8ab06c1329d

SHA256
addcb6a254357609526951ae597f4e17a9e9492b386ee0e5d277a166ae1e0211

SHA512
149082c482541977224dd8bec2a017de1485714b383107ad52ab1ae06e1ada46e8d2a8f7a6bd984d96fc1d2beea65409ae62ece1386ec79b3bd625252de7707a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
56cb7b068b8ddbf3aa7358fef424a0eb

SHA1
78cb4d227e0ad5835f01fd04cb760711b2009cce

SHA256
677a5c4bd0a5973339d7bc0194d15532bf6707a1bfd0f7199adc2d5fd0c35c4b

SHA512
741467e00c32b7dded11598a1d3679ffbf7a2f40f3d57b1238a3af85561e10f7408c5c3555b407e0ed9c2bcce5cf1e7262e617d5b1d6ce8ef6875afe398f386a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a1ed.TMP
Filesize
704B

MD5
79d3081d74ab36d24e4edd9bb8011e69

SHA1
367822c27869b50a3f9140061840cce23b3f3a9a

SHA256
57a9295532273d061a59e62290eb2ea1493e6d0876edf59a6313dd3860952812

SHA512
068c96ee10ef336d82660c19b50f2fed5fa75b29b7799fe55bacf7096fab1f793a69f7460f29cb3794ce68ee13afcf299a321dd56fd697fa22770145b403f97c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1d8478ca7886c8139c72af03ba0db845

SHA1
a0e090849e03e88b92e09634a6597d0bb4d3d907

SHA256
9fd3a5fb5a0a582a61788d58a7a16f15e7bcb7df0e748912c6791b0978059e58

SHA512
67e34e93e2327cf6038d12dbe354ac8b25be7686d760b91162c8cc9b017203594dc75e9ccf5ccd7e7b20b8c6dfaf3d55272f950610f0daba7163f9d364334bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6b495962df2783d1409b9941ae601eab

SHA1
fa9444049bc98c608b88989d46e812d4603f9789

SHA256
3b4781d65048d2519a813ae109172a116bfca94da3176345a00206966899fba3

SHA512
dba77e0de6c92efe34aa5e6b902390a5c7d1242f66aa2ea20f6ff30524d51968f84b099f89c0f749fc9a8495017e285e6afdf7198818526b99f0105715d266af

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\VCRUNTIME140.dll
Filesize
106KB

MD5
49c96cecda5c6c660a107d378fdfc3d4

SHA1
00149b7a66723e3f0310f139489fe172f818ca8e

SHA256
69320f278d90efaaeb67e2a1b55e5b0543883125834c812c8d9c39676e0494fc

SHA512
e09e072f3095379b0c921d41d6e64f4f1cd78400594a2317cfb5e5dca03dedb5a8239ed89905c9e967d1acb376b0585a35addf6648422c7ddb472ce38b1ba60d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\_bz2.pyd
Filesize
82KB

MD5
4438affaaa0ca1df5b9b1cdaa0115ec1

SHA1
4eda79eaf3de614d5f744aa9eea5bfcf66e2d386

SHA256
ec91e2b4baca31b992d016b84b70f110ce2b1b2dfd54f5e5bef6270ed7d13b85

SHA512
6992107ac4d2108e477bc81af667b8b8e5439231e7e9f4b15ce4bce1aeea811bc0f1aaa438be3b0e38597760cb504367512809ee1937c4b538a86724ae543ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\_lzma.pyd
Filesize
155KB

MD5
737119a80303ef4eccaa998d500e7640

SHA1
328c67c6c4d297ac13da725bf24467d8b5e982e3

SHA256
7158c1290ac29169160b3ec94d9c8bcde4012d67a555f325d44b418c54e2cc28

SHA512
1c9920e0841a65b01a0b339c5f5254d1039ef9a16fe0c2484a7e2a9048727f2cc081817aa771b0c574fb8d1a5a49dc39798a3c5e5b5e64392e9c168e1827be7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\base_library.zip
Filesize
1.8MB

MD5
1df66a5a8d8c7bc333ed59a827e131e3

SHA1
614986f57b9922cedf4df5ebadaa10ea307d46d1

SHA256
190afb1aa885c2aa3516ab343e35f6b10472f4314492c8c4492c7d0f2add2f80

SHA512
6568af0d41b1d2f1d4a75e25705777ec263c4a903db164923f4a10118218270a2b003f16f39ae238fe71f0dc1ad52d0cc1ac93a7bf2c6643d009f825dd00e1aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\python311.dll
Filesize
4.5MB

MD5
5866424f8eb7a179d6a7ae4d4a6b16b2

SHA1
6ef85ffec3dbd47f87c1c2a7024e3cfb09922259

SHA256
19d0101477e6c239065b68ff862a7974f4fac57f5246e85c253385ac23d501d6

SHA512
a8b75b459f2b4669c10c8a6460df37d0ca3169fed1495524f7f771ffeb0c5637a8d734b94c6d7ca91a5734d5b8e2ac5791d477140bfa607347ebbf41e90032f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\python311.dll
Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI11482\ucrtbase.dll
Filesize
994KB

MD5
8e7680a8d07c3c4159241d31caaf369c

SHA1
62fe2d4ae788ee3d19e041d81696555a6262f575

SHA256
36cc22d92a60e57dee394f56a9d1ed1655ee9db89d2244a959005116a4184d80

SHA512
9509f5b07588a08a490f4c3cb859bbfe670052c1c83f92b9c3356afa664cb500364e09f9dafac7d387332cc52d9bb7bb84ceb1493f72d4d17ef08b9ee3cb4174

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 460328.crdownload
Filesize
1.3MB

MD5
a7a0b03f43fdb677480b986a0edf2076

SHA1
23f3513207ed9d4df7378a8e6a4ce8016176d4c2

SHA256
ab4f4786790c7e7f85885d86974d8953551a40249f19c5551ecbfcb5b6319e9e

SHA512
7a05bda4ceb0aa46227965dc44256e521600c3030faf47a4fab5cecc4266c3033954191333c573697ad31e536335f7597440ab4721f4c81943692b5057424e48

Download Submit
\??\pipe\LOCAL\crashpad_3980_JFCCIYEJCXZJQZTL
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads