hxxps://www[.]mediafire[.]com/file/gheqt34xmpaggef/cOMET_V1[.]19[.]zip/fille

Analysis

max time kernel
62s
max time network
67s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
21-05-2024 20:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/gheqt34xmpaggef/cOMET_V1.19.zip/fille

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

93 raw.githubusercontent.com
127 raw.githubusercontent.com

flow	ioc
93	raw.githubusercontent.com
127	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings msedge.exe
NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\cOMET_V1.19.zip:Zone.Identifier msedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3001105534-2705918504-2956618779-1000_Classes\Local Settings	msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\cOMET_V1.19.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
1992	msedge.exe
1992	msedge.exe
1388	msedge.exe
1388	msedge.exe
4572	identity_helper.exe
4572	identity_helper.exe
3040	msedge.exe
3040	msedge.exe
3236	msedge.exe
3236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Comet.exe

description pid process

Token: SeDebugPrivilege 5816 Comet.exe

description	pid	process
Token: SeDebugPrivilege	5816	Comet.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

msedge.exeComet.exe

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe

Suspicious use of SendNotifyMessage 18 IoCs

Processes:

msedge.exeComet.exe

pid	process
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
1388	msedge.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe
5816	Comet.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1388 wrote to memory of 1112	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1112	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 2356	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1992	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1992	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe
PID 1388 wrote to memory of 1184	1388	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/gheqt34xmpaggef/cOMET_V1.19.zip/fille
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff95b673cb8,0x7ff95b673cc8,0x7ff95b673cd8
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7272 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6780 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:2344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,14580573619981998231,9522210243325235436,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5192

C:\Users\Admin\Downloads\cOMET_V1.19\Comet.exe
"C:\Users\Admin\Downloads\cOMET_V1.19\Comet.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390187670cb1e0eb022f4f7735263e82

SHA1
ea1401ccf6bf54e688a0dc9e6946eae7353b26f1

SHA256
3e6c56356d6509a3fd4b2403555be55e251f4a962379b29735c1203e57230947

SHA512
602f64d74096d4fb7a23b23374603246d42b17cc854835e3b2f4d464997b73f289a3b40eb690e3ee707829d4ff886865e982f72155d96be6bc00166f44878062

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8294f1821fd3419c0a42b389d19ecfc6

SHA1
cd4982751377c2904a1d3c58e801fa013ea27533

SHA256
92a96c9309023c8b9e1396ff41f7d9d3ff8a3687972e76b9ebd70b04e3bf223a

SHA512
372d369f7ad1b0e07200d3aa6b2cfce5beafa7a97f63932d4c9b3b01a0e8b7eb39881867f87ded55a9973abea973b2d2c9b6fc4892f81cec644702b9edb1566d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
995fc3ff7a1ece68313f33ec75582506

SHA1
849845476c83dd1c1674bfc17fe67d62b400041c

SHA256
136292dfec703693648b7f3549fc7878320259234572b9e910c0470faf741579

SHA512
1d8887a9c09240fcd761175664d77b5d791e8d77c299a1d6eefbb299f7e681be94fc1f1314be87f9291c4748959f4f5e7ff6c18a3fea51f28751c82af95c0001

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5733de42dbf4c43e8f8f0397bc0ae248

SHA1
057572214d8933e58b7ccce87d7841b4f8d5f31a

SHA256
4939e8661dd9adbe0005b43f536e56669dc311ff4eb0e7aea695b43cef2e9f21

SHA512
83aaeab0df43fa9134c92be8cd1cd71eaa07241b7ff6eae66b5b05723a2625d9974860726c89833b5cabf4e4025851ef51432be1c915d33f29ec89c796c526f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
fb95ebd02599598a9a017516d592cde7

SHA1
d9372a80527938aef65777a2845e8c719a88be3d

SHA256
c1def80fdd8f1d03a6efbfd6511e492ec831d13247bd54500725e9bcdfb9e072

SHA512
a66fc3c4a0f9c9657108e6722d69cbf02dbef49736b134923cc20b0ae8655078d40e2bb08c4b201b7429d3534aa85eb75e0a368dc2d65d801b2a04a4b9c03287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b737e1e9e9c21786669c4785c46c198c

SHA1
b014f2f8dfcf40fda619214626bc7464e155427f

SHA256
6f91bd43c222407c1df80b62555dbaa34bbfeead4af5b83ca7e0573ff553876f

SHA512
09baa4d1ba57af4729a4a35c4e22a1239e720aa80256c3d467fdc2841c457fe8420020718dc788e5aa10c84db0a33f1852daf62cce4a7cbfb199c86043d5bf1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dd771289bae94cefe1461ad094bcaf20

SHA1
4f31516e1a6a8417a0e14e087bb5b45967d85f6a

SHA256
61aed5e612a015d15d701089ac660cf30ff1836f14317e8e481abc65ff6e9dac

SHA512
de5118728067dcf2cbcc61ab6f2a6f55def6e220746ff56ac7f3fa984a33a929182b9683817f47116f0c586676b481582633491b022d5201a355156bfc4ee493

Download Submit
C:\Users\Admin\Downloads\cOMET_V1.19.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
\??\pipe\LOCAL\crashpad_1388_RIPRSKEDZQJAZVQD

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5816-249-0x0000000000EF0000-0x00000000011A0000-memory.dmp

Filesize
2.7MB

Download
memory/5816-250-0x0000000006F00000-0x000000000743C000-memory.dmp

Filesize
5.2MB

Download
memory/5816-251-0x00000000076F0000-0x00000000077AA000-memory.dmp

Filesize
744KB

Download
memory/5816-252-0x0000000005680000-0x000000000569A000-memory.dmp

Filesize
104KB

Download
memory/5816-253-0x0000000007F60000-0x0000000008506000-memory.dmp

Filesize
5.6MB

Download
memory/5816-254-0x0000000008C40000-0x0000000008CD2000-memory.dmp

Filesize
584KB

Download
memory/5816-255-0x0000000009200000-0x00000000092B2000-memory.dmp

Filesize
712KB

Download
memory/5816-256-0x000000000B7F0000-0x000000000B7F8000-memory.dmp

Filesize
32KB

Download
memory/5816-257-0x000000000C850000-0x000000000C888000-memory.dmp

Filesize
224KB

Download
memory/5816-258-0x000000000C0F0000-0x000000000C0FE000-memory.dmp

Filesize
56KB

Download