hxxps://ce50s[.]ru/r

Analysis

max time kernel
148s
max time network
145s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
24-04-2024 08:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ce50s.ru/r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2718508534-2116753757-2794822388-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4656	msedge.exe
4656	msedge.exe
2812	msedge.exe
2812	msedge.exe
4100	identity_helper.exe
4100	identity_helper.exe
2980	msedge.exe
2980	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe
2268	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

msedge.exe

pid	process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SendNotifyMessage 16 IoCs

Processes:

msedge.exe

pid	process
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MiniSearchHost.exe

pid process

2288 MiniSearchHost.exe

pid	process
2288	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2812 wrote to memory of 4640	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 4640	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 3160	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 4656	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 4656	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe
PID 2812 wrote to memory of 2624	2812	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ce50s.ru/r
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffd63df3cb8,0x7ffd63df3cc8,0x7ffd63df3cd8
2⤵
PID:4640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
2⤵
PID:2624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
2⤵
PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:2936

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5628 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
2⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
2⤵
PID:1768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5644 /prefetch:8
2⤵
PID:4436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
2⤵
PID:2852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
2⤵
PID:2972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:3092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
2⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:2576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
2⤵
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:1072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
2⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:4852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
2⤵
PID:1584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,9542462579346388821,15904070957862268944,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2588 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2128

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2288

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6e15af8f29dec1e606c7774ef749eaf2

SHA1
15fbec608e4aa6ddd0e7fd8ea64c2e8197345e97

SHA256
de9124e3fddde204df6a6df22b8b87a51823ba227d3e304a6a6aced9da00c74c

SHA512
1c9c9acd158273749e666271a5cdb2a6aebf6e2b43b835ebcc49d5b48490cbbf4deddef08c232417cee33d4809dec9ddac2478765c1f3d7ed8ea7441f5fd1d15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
3e5a2dac1f49835cf442fde4b7f74b88

SHA1
7b2cf4e2820f304adf533d43e6d75b3008941f72

SHA256
30bd1e1bafb4502c91c1fb568372c0fb046d32a4b732e6b88ce59ea23663e4ce

SHA512
933ac835894ce6cb8aac0261153823c96b6abec955173653dd56e534d644efd03aec71acb4f8cb0b9af871962296ec06cd03e570a0ac53098b8cd55657543786

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
ba3302d6674dac4e11ba6644da1742f0

SHA1
f47f9e6471233ad7499eb8b748e14ee55e7803c4

SHA256
80bcd85cd208b96942320d32c2075b9d2cca6025cf51712eef278a105a7f13c4

SHA512
bec0368469ce2400ca9c175e6043ee04303c75674e43b5875853a946ccbf1013eef9ed5e27f6134d334b0c3b84d3a31eda0adac747aadf023f9223561acca39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
67fa375e7f36796b80d7ded93f9c0de3

SHA1
935cea2270cc2f38c339a1c4ce66b727c2e0beaf

SHA256
4a056952accd4acae213cea342178d39406c1ce31c43cf4993dc1c1ce5154e8e

SHA512
691947289d94e79700fc651dc8fa07bd0ae42358e5b03139196d13a50dbaa0fbaf83af6cba67ea4635e2aed80ff0c7376171ee8240a44bbd681b16a3e928a2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
789B

MD5
e5ab08b20d914e46cd5f49c227f31655

SHA1
1cd2fd4eb1f4b44597a7befb450a31a6901a2965

SHA256
bd8ce2f9ad3a2c2de18439248a699f5e3d4dc0a9eb31c4dcc0eff2e2048d1785

SHA512
754223ff50ab338b963430335e97c170bec89741c821480a06d53ed141a5c483326ca5cd5aec36b4e53efdb64d4b4e5c39dbdd2e19f6499254781905b1bb81de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
37f61e3f0c778a691d660290cdac42c0

SHA1
2d82647b76abd87d88b4b54bcc909462dc2b40a3

SHA256
35e6e8b1c771d88e692de924dffd144435c4364f75e83cfa7773b21af78a5554

SHA512
92d63b7c26e9c59afd3184d6ea8fc8d8fd55c9fc3073fe94717b41c70a159b703533b472bbe8caa723389b51e63aeed1ff1b54cf9674da11a2783a308c0a9976

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
07b39c01a7de6222f11160c629339983

SHA1
540d5689b1cca1f271a27ccd1690e8a0cb6cf9a1

SHA256
261a7ef85b26053561f0abc602dfc0d68ff7b3ccb6e7de0705ba77bdf044e49d

SHA512
5ba117b9653549963328448ea43f03785c78e0528be275e9f9bb5fbde39385252b3d3354f46098897cf9a8a112d3009491963606f6d5825fffe919b5a1f07176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
8ba01e059914de82cae084f92e89dcb0

SHA1
921171d3ac65926e8c397cb29c2c2bcfa1af639f

SHA256
6c1210c25102deca9ff4465643fa0f0362db0d28e11af4cdd031c1b22a9b80f3

SHA512
3ef03fcd3903bb8e64d028fa4106fcfea1d58b31862de29cca8c326ad0618cd3a91c0f6b4a43476e4bf0ef390c4d235c0bcee928d52b48aca78211bb922483f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
24a9557ade9e71ecdca1bec2ecda6eb6

SHA1
f42e9bef9317f18b7129924e9d28f59cb2561bbe

SHA256
a9bb3a6bd6d17f5674668096efcd5fbe09d80f716bf29e8fa830e37b784b0ce4

SHA512
d7cfa66595a893618b81fa4bddc39c92ee20fff857b51f50e8739533f4813bef9869a5c6532ba9d0fbb2eb1af0d24f88588c2c13d965dc110c71681d55fe9ca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
e2450fe84e6453e121be5295f8d04319

SHA1
cc65666fb2b7ad167cd17b446b2549a990e716fb

SHA256
31a859bcf5ce8a7aaf9fdc8ddce6956e1ad8e078da6456bcb4966799bbcc1ded

SHA512
f3a7e77c48c3c9e2c8319ef7f43294c6dc500f4851abb093effc82f7a56c28b51fa4cc4d1b39c9096451d6d727346d83940becc9c5a46bf5d5c23a55957dede5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
452f58893848224e3ef572935b1bee7d

SHA1
b3aad0971db92325d07d2aaa04b44a2d658b4343

SHA256
cccb32e9681a0ea9493c0f944e5e9d21278a9011171fc309eab7354a15e705ad

SHA512
4b4c585401399c4b4d61636307c14f6429b0861177823ec94eae44c9cb40160b5877c6b53a59ccccc16232dec7e3e2ace6d5c5548769d0c8da34880830419f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
ca62b58fb085d37234a3ef44d53a2d7b

SHA1
34de8476d99c12ada67e828703ab8d5d0aa3ee9f

SHA256
92f841e004b444f9417d431a023ee0ec3dc9ef354d05d27b05481f0b4397b786

SHA512
5db2a6be656b2951cb6987b823dc0f07e8bae69955fa194225183987b013b66edc75c962205f3847c08b5e4fb9b9c5d351af73781befe7fad27e72cd145aad3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
e830fa998b094a06965a211b53695ad1

SHA1
546a8eabc62916e1f3a39b5585498a7996c141af

SHA256
3060a86bfedad059012a20ca7343640aad8afd4a52cc6e37fe4b995acf59bb24

SHA512
89ca66e0902a2bbe72a9e41d31f906e539d24ab4781e93a7e063a950b8a0eec42cc1504d977001754adcb710b335616faf25affc749ed08302b982fe6a623345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
698B

MD5
50a02a5475023a44a229700760b4554f

SHA1
02ad3b3283f560e25461e3995a5ab1f31701294d

SHA256
80092a28e465cbfec6ce4db67ca32905845b170add18a2b345199f42a57fab94

SHA512
d71a175d48b0bc8ff2bf8411a2b7a910b75aa2c2bbaf6de849239adf1420dca7031f2fcad0d9da3dd5125b3bbe86f75f407b74b0b7ed4772cb2a039cb446d2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
698B

MD5
b9d8582e5efd92d3da6575b493ad2e16

SHA1
8755959355206e5920558ae78d8d426885edd8e3

SHA256
f029dafc4c65f9b72f9bd0d704a1185c63ba57928246c6e905b083a60f07b90e

SHA512
77eafda984ba548660e012773ef988805305b7d38d0c6d08b89a1e99a92f35ec49e01f6453c6b5e1ed97ae87fa01daa31063a04a1b72e18060f3edfc5fc4e768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595402.TMP
Filesize
364B

MD5
0236fb9840f07038be75110605616354

SHA1
bb63c6deb9b01ae0be5c927d9596931c8f45a7b7

SHA256
0203bf6e61f3acfa3009e89b56c3a86679a20900fcc383691a495203cccc31f6

SHA512
0e7c767c55aa35ec9359a53ae490829a41a66f0f644ecaa8836c204566e7a161a49a927210d04382161438f07bb80e9ae43cacb7e0d2fc4e803fd4363ea13ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9fabf7e9ed0cdb6c7089e0aa77799939

SHA1
6fc6cf7fd9e4093302e9f93ff40fa7888d24a149

SHA256
ff04c382475017dd0d3866e91a25374a2901b8d91eaf39bee5d2b257b56966fc

SHA512
7127e2372d21502ec4fe7341166e05bbaaab41553bf18d593a8d81ac6e4903aba44907ea6fe8a38cc6db4f40919bf71e0b8f86eb4d2e3bd77ec0dc73c36ecc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f751be5fba0425b36c1336c1ec5eec8f

SHA1
933d0c8c1554bbc21092ba8156e0df2fd3fcca64

SHA256
d35397d8da8eaa58d49d7a4639381404df4158fcdf8df281ab1bb5be183cd16c

SHA512
500deeb0b070af7a59cbaccbafdb60abc2eef771a2c78ee2486bae7c018fdc734ec0b2c742afb99e28c77d579e9bb4319bfec69277bbcf5db6613547c9123c51

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat
Filesize
10KB

MD5
ecb8bb6da8424f5c9d3047b6a4da567b

SHA1
07ba5c0b6d136c725f31a3c55cc7c4f060fb014c

SHA256
155c89f8430e6a9a33dee522bfab40365ce354be545a2c346afc6b0459a34860

SHA512
db11874e3152e0f0a8350e439035ff28613761c08ce8d717712b0adf5b455f85957e2680e591a1734615ed4bc5af1d4dce9def78f90be01d2fe07c0d608006b3

Download Submit
\??\pipe\LOCAL\crashpad_2812_VHQNLCWAMOAMOTYW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit