hxxps://bitly[.]cx/AXk

Analysis

max time kernel
148s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
15-05-2024 19:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bitly.cx/AXk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{DF11299D-0C32-450D-88FA-6F74A777D551}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exe

pid	process
1376	msedge.exe
1376	msedge.exe
3152	msedge.exe
3152	msedge.exe
924	identity_helper.exe
924	identity_helper.exe
3016	msedge.exe
3016	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
2100	msedge.exe
2100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3152 wrote to memory of 1720	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1720	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 4844	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1376	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1376	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe
PID 3152 wrote to memory of 1504	3152	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bitly.cx/AXk
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe782b3cb8,0x7ffe782b3cc8,0x7ffe782b3cd8
2⤵
PID:1720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
2⤵
PID:4844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
2⤵
PID:4504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
2⤵
PID:2116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
2⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:3920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3892 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4848 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3448 /prefetch:8
2⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5676 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:2276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:2160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1056 /prefetch:1
2⤵
PID:1960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
2⤵
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,13107888371627261066,8629695857398957330,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:2164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2876

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
5e9d17421907619a0dacc3ab741494ea

SHA1
64caa4bf4c8438fc694adb264fd942528ae2fb3a

SHA256
f8228b879bdc7aae7ae485290b0c929305d04b19e4014bf736694fe52a047aed

SHA512
bc068346d44f6e10aca23e2d2e7190c59056f2f26d6d83f54d4b049b852023b5d8fcc36afe6dae04ee02191e476fdffb2b6f5252b7d5e72acfdae07e9f26b28c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
4fc7ee87b9bb5720394fad999c355adc

SHA1
57ca87866b0d66121920febbe8615850e91a1473

SHA256
2e188b67e91d7b65aae1f6838a0821c22ac53130fe484eb93366e703935a2b71

SHA512
41458af0af0dc8c8428c3a03c5bac4e57f78224b604086a976b3c22c1294b1fba6e57f573510deb85e6dd2e0107eb00d56df19ab868d7d7115f99bc48928312b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
986109f2acc5fb5e80001b30a666ae1c

SHA1
97042088b505fedb024341833fae0f88508e9daa

SHA256
a1c3ad0884b933d25639fb2cbcc8151174f41b05a8cb2656659f84d7cea75a9f

SHA512
1b24cca062d7f8345e6e1863878f18d13ed452cf8ae896edc8bde514648250dd3acaded37fa1f01d0613127465666f88b1c3ce60b325a3699e8a38005ee6c4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
f3651b1cf3a4577a6732599f7f3028ba

SHA1
e3d68c9d3dbf1e935d195d4604391e8933c898e2

SHA256
41e8cde6c95ccc4a6eea6aa65dba79bef5bb0948e34d9543a3973706361eb5dc

SHA512
b56f5f3da749e7f3e91e0a0f8ed4a94837e6d389820420ae1c1ca083e0536e6cd6d83bea70c28cbdedbae6a4326abe150b5f2826f0c67fb104a7c57183992580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4ad0111f7b34cb345c4ae8bade5ee5d6

SHA1
5f1dec6063c30815b676e684d792d755a674e4c6

SHA256
cd04140f35e5262c58ac9e08284eb782218fadeb99eeeae53be3f82385462bec

SHA512
881c7adbfb6f7716622e995769bfa4ab80760f49bd56629cb2e742a90fb12e951aae3522da1574958835ab35b41166ab78c0cb8adebf59c5d7dd42870b24070a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a8224be12cd529202cbb665889482661

SHA1
d3f3e375d410251ef10b3ba1945944b5f7163078

SHA256
835356dd2090ed326836918155ef534189aa8000465b03a201977ae0a6d8240e

SHA512
06159064e8abbc6f112bd6b81fe1c52cafba7709f3d6dff0703fba66b6de3785b4416743977e2eef88b124b713bc1f7d2c4eccd6a7b058212ad87a0f51a026c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe599522.TMP
Filesize
707B

MD5
da67da109bdcd8d2f6cb4a25cff4eccd

SHA1
40db44c86826930f6745bdb341695ea98aa780e4

SHA256
479b3dab9ad6eec2bc41571eda874ea3c02a5c08db995a69d2aba74c5877bca9

SHA512
0248b86596dac3e8734b296beab90750fd17ff69b437a339358319d9616a2562a79b209cf4be5a220efe2fd34d8650dcfa14997764d216fff36f3b2a8b4d979d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8540f9ad5079d69f77be50b44dbd1ab8

SHA1
9ed50f83ee2776647222c234f0511e4f7ecde400

SHA256
0bcb1b90c1a6d062ab49360017f280338e1b691cb701247868cdb2421c90f783

SHA512
8af2e10a1ba038c7eee30696813f687b58a940a77afb6b234ea6b41ee45a2ff380f9484ddf16afe640a420467ba34e7ce4880819beca0abb5196797ade46b4bd

Download Submit
\??\pipe\LOCAL\crashpad_3152_DZWCJCLYDAXDCOFU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit