hxxps://steamcommunivy[.]com/gjft/738135

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
27-03-2024 14:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunivy.com/gjft/738135

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{75EF799D-6F4C-4B60-B24E-BE7293B81125}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
3908	msedge.exe
3908	msedge.exe
4996	msedge.exe
4996	msedge.exe
4044	identity_helper.exe
4044	identity_helper.exe
4568	msedge.exe
4568	msedge.exe
1468	msedge.exe
1468	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe
780	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe
4996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4996 wrote to memory of 2672	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 2672	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4224	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 3908	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 3908	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe
PID 4996 wrote to memory of 4832	4996	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunivy.com/gjft/738135
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffca89d3cb8,0x7ffca89d3cc8,0x7ffca89d3cd8
2⤵
PID:2672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
2⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
2⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
2⤵
PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:4924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
2⤵
PID:1572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5196 /prefetch:8
2⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5932 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
2⤵
PID:848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
2⤵
PID:3112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
2⤵
PID:2724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1276 /prefetch:1
2⤵
PID:780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:2944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
2⤵
PID:3824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6328 /prefetch:8
2⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1832,17799239557876967744,1463608288811192550,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5448 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:780

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1b95e795f827c0462307f7eb43e75e25

SHA1
6511747620d6898cfb453309baf653f71ae130d6

SHA256
1363b1cabb9409cff8df0019986e42a983d09d128ad39134f3c87b7821d7889f

SHA512
8d5c51e173a8352291f7151189f0e820db8d806b419ace490b722e9fc5944d64358ff68b269a5b78b3a3ffee1eb0138534ecb25c867e9d0eb4896ace7fad0dde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
f089e1e0414bc5fa8fa5b608857fa2b5

SHA1
193e99d5c7691f78935695962b3e91ce02e2efa8

SHA256
d1f217cecbfb12186dcd9a5f3f8306bd4cdd36058c3c26cfc73135ae51a39488

SHA512
532b72c3084be4213ea63656a2322049241a33964181eb4422e0083042a9271683cc5ecfacbfb909ef98b3e2d89d0bf7325b6747b54e67aa75883b144042a712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b38d1e17a60bde1cdb4bf669c434e12f

SHA1
c3d57cbba4136a58279db03839b36f3692a8ab76

SHA256
1b8be99c5af71d18cc7e56e993946b6e8c30cdb180e7b13b189c40741ecfe0d1

SHA512
ce99794033bf399cfe123c7bc9fcd6bff2f55d5edbe1a1b04800d3c9add53c096d595b1e9b8431a1c19ea2b39eb7d36b3313e7fcf40e31efe5b65db2edcc84aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
74252347349c39ea33f11bd12b6dd38f

SHA1
8fc9ffae81c522f19b4ecadfb3f68ef3cf7ca212

SHA256
dcfdf85653618d04bab163501c310d90afb349fbf49a83a3b13b84675a12de0f

SHA512
fb728ad717534a3197f3c95f36597b2386e0e860ec47eec3f23846a4428af163184f3f8d6cb8052fb44b0d0763ce0cfff8e488f71c6040acc37e4e425009591a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4731a4dcc05c93f05df8cff0261a3729

SHA1
13e7183726b58d4c3e621b722fd8ec6e7ba90d26

SHA256
c22938521ce90bfa254e009488134334cd6445cb7b730b907dd458bebe756a2f

SHA512
d66d64f63ef50bca69f28927011075abb2406799c4e8582e30b0a3c18c899b756eecf877852a9c2a963d8698777c4fc45b9f60fccfb8bbd0925318628871deb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
162a6c5611f7942e20b4eb5e904ac71e

SHA1
f90b4e061d3329ca3352e4d156ebffbcc51f8978

SHA256
f0ca004c78fccf0cc84efaa9eebc38364d1e96bbcd273fd396a046db0d97b264

SHA512
74fdd7e92fe6acdb4c689839bb3c44a0072a434e84414da355e37b459b2767d4b94e1e198e80765f080288fdcf1334c8c4da5368cae64d175827367fcb9b8156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
acc09432b6eb0a90efbc7aefb7283262

SHA1
bc6f37c2b4c0d2bc5369febe6be8744b33b753d2

SHA256
9127c9b6dbe9706975a7152a8046e02442afd8ede6f6af430bd441b855c633ac

SHA512
fe69ef63983c7a79f4d8e4e9d56834785f546a7bae6fb9e4258965da262fd83693796cadce2b554445a8de196b7f91c15f289d34af1f61487b01a88c6235b3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
91d49dd9909f77a5af29c24d2eef04b3

SHA1
1bc2768f03330c9028e05b2ef1dbbb06ca2967ef

SHA256
d034a934d8e2bf49613bb1524e18aa3e30051a4a7c20136b67d4b5287e6b66b5

SHA512
4b12521dde4c2e98526feee5dde2781ac58d5080f9bc3fed0384b70927caa9b07023e5a21cdf17aa916f593ed41ea87109420d6210aa0e4e7e5be9c80d0bab04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
89462a34d67e9b81de47cadc39224eb3

SHA1
4cd6a0686b4576918a6a28668483d0113588343c

SHA256
c6492fa71b9d398c74dc81edee23f612cfb57a19aa0f53329626e0252274231e

SHA512
1d6975d62b93f79ea82917586ddd19784600cad86d4a6c549ec3d523da4a200742d242e52e1f5f7921663de2d24a7b86ea7551762a7ed8053fad649a9841a296

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
def6580f9b743a2c784c88a1e0e358d1

SHA1
0cdf4da535c4681c36ac990b9f81588c3d2eb981

SHA256
5fd4bdfa710c0f27b523ba3e611e1567ea082fc7e67b2de47221c9fdbb9b1ddd

SHA512
837849b39d36ff543a4cb9b9c48278eb9b10d516d10896d9f56f640af366103c786c0b2b73b308f7797d5068be96c9550d2149f70e589806c7ff73e2983fb41c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f29d.TMP
Filesize
540B

MD5
bb5589a7923c79e7d49ee7b5382a46d2

SHA1
edfd71ef141960f36f7c93654d4abb4871cb600c

SHA256
f1feae7ddd522fb9adcf0980bcc238ad1b82451af965248d54d933e8be411a12

SHA512
e28c6d4c34d777bf1ec8f1d1529effecbdd4b8d4b61b391b2cf64cbe66940cbc9fb8beb18f1adbda587b852a0ad0426740928f312d464d8ebe1d5dfe13c94a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4f2705cb14d836d694b7570ab6ab1ea1

SHA1
138f19f3800cc1e9e0e53a7f964654c1f98a56c5

SHA256
885069a354dbaf9b1420abecbeb0309c9fed6d76228aeea1873e388259894445

SHA512
f4c267dac686645fde5910c00820b905112cab4eb678862893a13bcbe4fc4aafc1357740b632e417ac8bea82567f42642ef9c55301e1a39ba409a6178934847f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic
Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_4996_FNGWQOALNUVFPWOM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit