hxxp://google[.]google[.]com[.]hello

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 09:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.google.com.hello

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2818691465-3043947619-2475182763-1000\{F0F1A10F-C211-495F-97CD-FB721A537136}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4672	msedge.exe
4672	msedge.exe
3092	msedge.exe
3092	msedge.exe
3600	identity_helper.exe
3600	identity_helper.exe
5768	msedge.exe
5768	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe
3092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3092 wrote to memory of 624	3092	msedge.exe	85
PID 3092 wrote to memory of 624	3092	msedge.exe	85
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4388	3092	msedge.exe	86
PID 3092 wrote to memory of 4672	3092	msedge.exe	87
PID 3092 wrote to memory of 4672	3092	msedge.exe	87
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88
PID 3092 wrote to memory of 2036	3092	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.google.com.hello
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd39046f8,0x7fffd3904708,0x7fffd3904718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4156 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9283249896689250829,13249422424220133637,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
37KB

MD5
ad41c0bf481fc026fb5dd7bc5d42a587

SHA1
8d76e29ea2a0756681e4a018d06b941fc690c4fd

SHA256
2205a91208045c5071d38404e02305882d7920beeb6ac0aa56f52e63bd30eae8

SHA512
649bd4b3c4858566d6862a276d595b75b4ac8489559df676cf4275edfc6073013b9880dd59c12a43aba9c878542bb232e13188c9c74d46092cbba31dc49d63d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
bc31b3e68f12ca2e104f1cfb6b99d0fe

SHA1
a263b2502fc1e3984a8ea96f5a76cdfb0afd1739

SHA256
07e16629a1b1ad0a44035cee2279590d0a6eb71355489af75a287e808a3f9e87

SHA512
d8bd6d2b8a4789aa88e8c032933d4d2f48465fe17d7889a259b9f1759a6f693c2953595425684dc0a0bda2292c37b6d78644ab7269b436dc3e78dd2518286f4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d3946371b9b1f80f9aa7cac8df77e1bb

SHA1
b34ee0533edb9cbcf7b8027bd8157762e90ebbb7

SHA256
17091852262c1c15601955b2cc8f16cce7960cf900966c75889e62e98967a639

SHA512
b108d4e11a921d414504ba4ef07d52170069e486e96f59dd0c2185300bcffaa7b1bbc62fb77e817560024990f21eff8dbabb8e30e0a40deab11706e5c3e5d9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
4006e8441abc48d92bddc2a57e5f9ff0

SHA1
bec2edc3eedcc946fdfd5d3a8e3a3fa6ebcd1476

SHA256
97b43a20bb0f6b4353a65886b5b7e4420f032b990349a53e0a646bef1c7b9c1e

SHA512
087575444c9bb2f743ee447df8f39c1af38033a5666b7d94bea2b0e870ae3306ad811dbbfa7048666fb3385d94d81e50bb8ef5c9123d0ec7cd7292bb5c90fbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cda903ae8805c2d7cd0b89dfbf8d22dc

SHA1
d52db68af1df2ecd47de25d5bc7bb265cd3b026c

SHA256
cf725ee926edff815ec2dff1fbbbd7b062f8672a0373f5a548c9f743387e177f

SHA512
5dcbde4cf00ef9052347696f14677c391d5f1a94b696654c37348b596aec95177c7f649981218faae857f78875085e4d6eea3aebb8eb497244b2bf6e8cdd51df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b25f59848034d3bcc855255c37d603d7

SHA1
527e974fd6912a60b950875017fb43f375d8e4ae

SHA256
7aa700f10fe739899e207c3cdb8385f700f4c663de079dd9f95fa26b4142d525

SHA512
b731341d216041d16a23f848557c94e747ed7fdc447c4bd86fca5ac1e92e076352bc49b17cb009d905cfd168d2a07b3006299e1b04b95c68bcda380b262ffed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e45d70c01853a4e82733908bd0191fc

SHA1
72a22ef58d8c32095eaf861dbd4e5c49ba54775d

SHA256
4d81d15131565e1b2595a28915512d0d734c3ab25800c62fe351995c9a6d3a13

SHA512
b9d31f71fe05be4abd84a2017312df328d5d1a2a4d28eb87c95ef1b00fa953046b7338bb91c99f0313cff66e04f2740a0fe81b164c68b9cf85090ec8b4e38327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a2659fa69c09ceef2e4a6e774d4068ff

SHA1
5be46908d41f547d567434374693a5cc9893be58

SHA256
33c1acc15bf2f3b7f3ee9c1e31ef01d146b28c6426dcafc130cea49b6ab3e789

SHA512
ce64cddf76ba3096efd0e48c65ece72f15f5f1f6298b274afd7ea5b9bc5f9621a63f828390285486087ba88920787a524f3b2c84aa4d951a1aa906dd961ec3e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df69a96bcc9967d4fe9cf0e7cb13e127

SHA1
f31b9aa716fe6cad49d6f43ba3140fe263776660

SHA256
731046117832bf0b5d5d6ade2430c9edbfafd3e5d83805688a990d1828f97a38

SHA512
89cd257a45eea7a996ceee90c624cd9d9159fe6424d05e3cc7a9ba3cffe173b043a70a613be408abd9c16eb891048ee024afdac28516a03f5fb3b500afe46538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
e010e5ae3f1df7808666d2f892130733

SHA1
c940238c8fa020e3d83d2a1a4db7c05862ecb4c8

SHA256
5cb04e20c297aeec516d259eb7714003f525cb9a7e15293d168ef43453250ce3

SHA512
5b54a949b3880c758954c3156705f0864fd70271af1029d8e7d9d9166b16659855a5aaa4e898d2287db5a6aaee87f88eb2a4de63d014cbc2f846739ba36f3359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583812.TMP

Filesize
706B

MD5
a4065e34dcc7ce6318c8285fa551c892

SHA1
90b94f3419be453915d4a2102c436b13306b6435

SHA256
3fae01775faf1750a6edf6c6acc1f9f633f255d7883c85d81a180f7c837c6710

SHA512
cf7d7dd98ed0b5284afde197de631395cf0037479da491927c1c1c4491edbdb2593cb8924667cb4401d8912aa44a093c8b52fce3aeba4041392f40cfac34c706

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f95021e4-595b-48aa-8635-a290f843503b.tmp

Filesize
11KB

MD5
6f8d8c24c9b75c2e1e6c18d7b8aed980

SHA1
ce6918aef0fc383b5c89d86bbf0b6cad891578f7

SHA256
d9bf1349898de8f9e889b11a4c8c210356080439ce0d94420a4d298114446001

SHA512
f6f4c6387b09900e7ce991ab1c0b2d19f57757e11f9e8179b27253e1c75b00fd74e4c55f0d81a5585d0c005d42d87226912f498fe2cc7316d641601c548b2860

Download Submit