Analysis
-
max time kernel
145s -
max time network
151s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
27-03-2024 14:45
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://steamcommunivy.com/gjft/738135
Resource
win11-20240221-en
General
-
Target
https://steamcommunivy.com/gjft/738135
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{75EF799D-6F4C-4B60-B24E-BE7293B81125} msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 3908 msedge.exe 3908 msedge.exe 4996 msedge.exe 4996 msedge.exe 4044 identity_helper.exe 4044 identity_helper.exe 4568 msedge.exe 4568 msedge.exe 1468 msedge.exe 1468 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe 780 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid process 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe 4996 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4996 wrote to memory of 2672 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 2672 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4224 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 3908 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 3908 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe PID 4996 wrote to memory of 4832 4996 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunivy.com/gjft/7381351⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffca89d3cb8,0x7ffca89d3cc8,0x7ffca89d3cd82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5932 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6328 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5448 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c65e704fc47bc3d9d2c45a244bb74d76
SHA13e7917feebea866e0909e089e0b976b4a0947a6e
SHA2562e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110
SHA51236c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD55c3ea95e17becd26086dd59ba83b8e84
SHA17943b2a84dcf26240afc77459ffaaf269bfef29f
SHA256a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc
SHA51264c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
2KB
MD51b95e795f827c0462307f7eb43e75e25
SHA16511747620d6898cfb453309baf653f71ae130d6
SHA2561363b1cabb9409cff8df0019986e42a983d09d128ad39134f3c87b7821d7889f
SHA5128d5c51e173a8352291f7151189f0e820db8d806b419ace490b722e9fc5944d64358ff68b269a5b78b3a3ffee1eb0138534ecb25c867e9d0eb4896ace7fad0dde
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5f089e1e0414bc5fa8fa5b608857fa2b5
SHA1193e99d5c7691f78935695962b3e91ce02e2efa8
SHA256d1f217cecbfb12186dcd9a5f3f8306bd4cdd36058c3c26cfc73135ae51a39488
SHA512532b72c3084be4213ea63656a2322049241a33964181eb4422e0083042a9271683cc5ecfacbfb909ef98b3e2d89d0bf7325b6747b54e67aa75883b144042a712
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5b38d1e17a60bde1cdb4bf669c434e12f
SHA1c3d57cbba4136a58279db03839b36f3692a8ab76
SHA2561b8be99c5af71d18cc7e56e993946b6e8c30cdb180e7b13b189c40741ecfe0d1
SHA512ce99794033bf399cfe123c7bc9fcd6bff2f55d5edbe1a1b04800d3c9add53c096d595b1e9b8431a1c19ea2b39eb7d36b3313e7fcf40e31efe5b65db2edcc84aa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD574252347349c39ea33f11bd12b6dd38f
SHA18fc9ffae81c522f19b4ecadfb3f68ef3cf7ca212
SHA256dcfdf85653618d04bab163501c310d90afb349fbf49a83a3b13b84675a12de0f
SHA512fb728ad717534a3197f3c95f36597b2386e0e860ec47eec3f23846a4428af163184f3f8d6cb8052fb44b0d0763ce0cfff8e488f71c6040acc37e4e425009591a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD54731a4dcc05c93f05df8cff0261a3729
SHA113e7183726b58d4c3e621b722fd8ec6e7ba90d26
SHA256c22938521ce90bfa254e009488134334cd6445cb7b730b907dd458bebe756a2f
SHA512d66d64f63ef50bca69f28927011075abb2406799c4e8582e30b0a3c18c899b756eecf877852a9c2a963d8698777c4fc45b9f60fccfb8bbd0925318628871deb4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5162a6c5611f7942e20b4eb5e904ac71e
SHA1f90b4e061d3329ca3352e4d156ebffbcc51f8978
SHA256f0ca004c78fccf0cc84efaa9eebc38364d1e96bbcd273fd396a046db0d97b264
SHA51274fdd7e92fe6acdb4c689839bb3c44a0072a434e84414da355e37b459b2767d4b94e1e198e80765f080288fdcf1334c8c4da5368cae64d175827367fcb9b8156
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5acc09432b6eb0a90efbc7aefb7283262
SHA1bc6f37c2b4c0d2bc5369febe6be8744b33b753d2
SHA2569127c9b6dbe9706975a7152a8046e02442afd8ede6f6af430bd441b855c633ac
SHA512fe69ef63983c7a79f4d8e4e9d56834785f546a7bae6fb9e4258965da262fd83693796cadce2b554445a8de196b7f91c15f289d34af1f61487b01a88c6235b3f8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD591d49dd9909f77a5af29c24d2eef04b3
SHA11bc2768f03330c9028e05b2ef1dbbb06ca2967ef
SHA256d034a934d8e2bf49613bb1524e18aa3e30051a4a7c20136b67d4b5287e6b66b5
SHA5124b12521dde4c2e98526feee5dde2781ac58d5080f9bc3fed0384b70927caa9b07023e5a21cdf17aa916f593ed41ea87109420d6210aa0e4e7e5be9c80d0bab04
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD589462a34d67e9b81de47cadc39224eb3
SHA14cd6a0686b4576918a6a28668483d0113588343c
SHA256c6492fa71b9d398c74dc81edee23f612cfb57a19aa0f53329626e0252274231e
SHA5121d6975d62b93f79ea82917586ddd19784600cad86d4a6c549ec3d523da4a200742d242e52e1f5f7921663de2d24a7b86ea7551762a7ed8053fad649a9841a296
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5def6580f9b743a2c784c88a1e0e358d1
SHA10cdf4da535c4681c36ac990b9f81588c3d2eb981
SHA2565fd4bdfa710c0f27b523ba3e611e1567ea082fc7e67b2de47221c9fdbb9b1ddd
SHA512837849b39d36ff543a4cb9b9c48278eb9b10d516d10896d9f56f640af366103c786c0b2b73b308f7797d5068be96c9550d2149f70e589806c7ff73e2983fb41c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f29d.TMPFilesize
540B
MD5bb5589a7923c79e7d49ee7b5382a46d2
SHA1edfd71ef141960f36f7c93654d4abb4871cb600c
SHA256f1feae7ddd522fb9adcf0980bcc238ad1b82451af965248d54d933e8be411a12
SHA512e28c6d4c34d777bf1ec8f1d1529effecbdd4b8d4b61b391b2cf64cbe66940cbc9fb8beb18f1adbda587b852a0ad0426740928f312d464d8ebe1d5dfe13c94a82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD54f2705cb14d836d694b7570ab6ab1ea1
SHA1138f19f3800cc1e9e0e53a7f964654c1f98a56c5
SHA256885069a354dbaf9b1420abecbeb0309c9fed6d76228aeea1873e388259894445
SHA512f4c267dac686645fde5910c00820b905112cab4eb678862893a13bcbe4fc4aafc1357740b632e417ac8bea82567f42642ef9c55301e1a39ba409a6178934847f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_4996_FNGWQOALNUVFPWOMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e