Overview
overview
6Static
static
3FreeGamesDL.net.url
windows7-x64
6FreeGamesDL.net.url
windows10-2004-x64
3Instructions.url
windows7-x64
6Instructions.url
windows10-2004-x64
3Stardew Va...nt.dll
windows7-x64
1Stardew Va...nt.dll
windows10-2004-x64
1Stardew Va...nt.dll
windows7-x64
1Stardew Va...nt.dll
windows10-2004-x64
1Stardew Va...CS.dll
windows7-x64
1Stardew Va...CS.dll
windows10-2004-x64
1Stardew Va...io.dll
windows7-x64
1Stardew Va...io.dll
windows10-2004-x64
1Stardew Va...64.dll
windows7-x64
1Stardew Va...64.dll
windows10-2004-x64
1Stardew Va...rp.dll
windows7-x64
1Stardew Va...rp.dll
windows10-2004-x64
1Stardew Va...ue.dll
windows7-x64
1Stardew Va...ue.dll
windows10-2004-x64
1Stardew Va...rk.dll
windows7-x64
1Stardew Va...rk.dll
windows10-2004-x64
1Stardew Va...rp.dll
windows7-x64
1Stardew Va...rp.dll
windows10-2004-x64
1Stardew Va...64.dll
windows7-x64
1Stardew Va...64.dll
windows10-2004-x64
1Stardew Va...ns.dll
windows7-x64
1Stardew Va...ns.dll
windows10-2004-x64
1Stardew Va...re.dll
windows7-x64
1Stardew Va...re.dll
windows10-2004-x64
1Stardew Va...ic.dll
windows7-x64
1Stardew Va...ic.dll
windows10-2004-x64
1Stardew Va...es.dll
windows7-x64
1Stardew Va...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
143s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
28-04-2024 03:14
Static task
static1
Behavioral task
behavioral1
Sample
FreeGamesDL.net.url
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
FreeGamesDL.net.url
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
Instructions.url
Resource
win7-20240419-en
Behavioral task
behavioral4
Sample
Instructions.url
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
Stardew Valley/BmFont.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
Stardew Valley/BmFont.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
Stardew Valley/CPExtBmFont.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
Stardew Valley/CPExtBmFont.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
Stardew Valley/FAudio-CS.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
Stardew Valley/FAudio-CS.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
Stardew Valley/FAudio.dll
Resource
win7-20240215-en
Behavioral task
behavioral12
Sample
Stardew Valley/FAudio.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
Stardew Valley/Galaxy64.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
Stardew Valley/Galaxy64.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
Stardew Valley/GalaxyCSharp.dll
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
Stardew Valley/GalaxyCSharp.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
Stardew Valley/GalaxyCSharpGlue.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Stardew Valley/GalaxyCSharpGlue.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
Stardew Valley/Lidgren.Network.dll
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
Stardew Valley/Lidgren.Network.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
Stardew Valley/Microsoft.CSharp.dll
Resource
win7-20240419-en
Behavioral task
behavioral22
Sample
Stardew Valley/Microsoft.CSharp.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
Stardew Valley/Microsoft.DiaSymReader.Native.amd64.dll
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
Stardew Valley/Microsoft.DiaSymReader.Native.amd64.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral25
Sample
Stardew Valley/Microsoft.Extensions.DependencyInjection.Abstractions.dll
Resource
win7-20231129-en
Behavioral task
behavioral26
Sample
Stardew Valley/Microsoft.Extensions.DependencyInjection.Abstractions.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral27
Sample
Stardew Valley/Microsoft.VisualBasic.Core.dll
Resource
win7-20240419-en
Behavioral task
behavioral28
Sample
Stardew Valley/Microsoft.VisualBasic.Core.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Stardew Valley/Microsoft.VisualBasic.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Stardew Valley/Microsoft.VisualBasic.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral31
Sample
Stardew Valley/Microsoft.Win32.Primitives.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Stardew Valley/Microsoft.Win32.Primitives.dll
Resource
win10v2004-20240426-en
General
-
Target
Instructions.url
-
Size
235B
-
MD5
8a29f9e18df09cedb78643525d90a00e
-
SHA1
bd947fa773209bded11b75b4a3bd834a52ca23ef
-
SHA256
7517b3d45e2a1c1a06c6f41ad4b8e31388d7a9356a8c6a86b2e4a5f48c82756e
-
SHA512
4e4d792b6d53e6ec864eeebc43550abb114d39e6b47b99ea4591201d2b69e08235ecd70458c9a0a2b1242c15f7785b968df3f5287416351d39b46db03c6b7a48
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4492 msedge.exe 4492 msedge.exe 216 msedge.exe 216 msedge.exe 3076 identity_helper.exe 3076 identity_helper.exe 620 msedge.exe 620 msedge.exe 620 msedge.exe 620 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 4184 wrote to memory of 216 4184 rundll32.exe msedge.exe PID 4184 wrote to memory of 216 4184 rundll32.exe msedge.exe PID 216 wrote to memory of 5004 216 msedge.exe msedge.exe PID 216 wrote to memory of 5004 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4112 216 msedge.exe msedge.exe PID 216 wrote to memory of 4492 216 msedge.exe msedge.exe PID 216 wrote to memory of 4492 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe PID 216 wrote to memory of 5088 216 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Instructions.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.freegamesdl.net/download-instructions/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9542d46f8,0x7ff9542d4708,0x7ff9542d47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2152 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4524 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,16476486340092195663,451396967974795627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:13⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50bcf53ab81780ec6b60bcd097dd6afe8
SHA1560d246d88e577b2a5e8c282f2d21042bc5ad9c5
SHA256de3a21772ea61913c5a13a487d775f9c937406a854f59656fccf537a6cf12c12
SHA512dd1d742fbb1a2adf8ba2c47a2259bef9be67a4b6dbb04ec6e738cbd900b9e0ec7cd04b72f13332ac0f84fb1769ab95abcfc6d83b36086f0b6b362a3b47aa37e5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5233458cb07202cb4349429caaca89aa0
SHA1d8558d400440e9f625ad45bc8de8ae1a9669c62f
SHA256f37b6bdbc8b790b18386d393ab080d5c318cefa534957c7e05d327b6dfa2cfc5
SHA512fba3ed76de11d25bc02117950191af4080f8e73645ce96a12706825e74e387befa998b4cbdc8f92bb30a57a48b7b10a9123f718a164d2969fe1e2f551fb954ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5a401af22333beaeb3b819bf77060872d
SHA146b6a49fc1bea4f1cbab2ef7212ea1d32d59641d
SHA256b10dbcafbb2af0f2b070e9491de422f7a45a3eca2e46eda6b8eb8a4017e75902
SHA5127d8ff00744aee51465d30700b503a00f0ac6139d7799fa6d374e1fcd6f8de5bbc3ebb0a60f0247b455491649cc37ed279913eb6f73238b77fbb6bf0f17cea481
-
\??\pipe\LOCAL\crashpad_216_KTWEVEDPRFTNPEHUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e