58473fbb70dad6fffdae8e689df52ce58e800ac828138d6f72e5e4931875c04a

Analysis

max time kernel
265s
max time network
268s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 23:15

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

D5FB4.exe
Size

3.5MB
MD5

2fa554236177b05e09e8abde31b83211
SHA1

6e929705c2cddc2614dd2c3db20666681fa9518d
SHA256

58473fbb70dad6fffdae8e689df52ce58e800ac828138d6f72e5e4931875c04a
SHA512

f3f72ade66ecfacd937ebb81641b4005339c2d2e462bb93e6b419cb16b38c93ff117005717aed4e308dfeb7c04ec5e37162964c4ee10d9a8c299e70850e9cc8a
SSDEEP

98304:u8KsC+Vfe7xYdZQ/moblT9nb1WwR/UjrPAeFDv6OheW:nnC+V27xGZQOwxcwYrDFx

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "120"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133640902961172661"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe

Suspicious behavior: EnumeratesProcesses 38 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
3024	msedge.exe
3024	msedge.exe
4476	identity_helper.exe
4476	identity_helper.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
4412	chrome.exe
4412	chrome.exe
2348	mspaint.exe
2348	mspaint.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe
4412	chrome.exe

Suspicious use of AdjustPrivilegeToken 39 IoCs

description	pid	Process
Token: 33	332	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	332	AUDIODG.EXE
Token: SeDebugPrivilege	456	taskmgr.exe
Token: SeSystemProfilePrivilege	456	taskmgr.exe
Token: SeCreateGlobalPrivilege	456	taskmgr.exe
Token: 33	456	taskmgr.exe
Token: SeIncBasePriorityPrivilege	456	taskmgr.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe
Token: SeShutdownPrivilege	4412	chrome.exe
Token: SeCreatePagefilePrivilege	4412	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
4660	D5FB4.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe
456	taskmgr.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2348	mspaint.exe
2348	mspaint.exe
2348	mspaint.exe
2348	mspaint.exe
4004	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4660 wrote to memory of 3024	4660	D5FB4.exe	94
PID 4660 wrote to memory of 3024	4660	D5FB4.exe	94
PID 3024 wrote to memory of 5064	3024	msedge.exe	95
PID 3024 wrote to memory of 5064	3024	msedge.exe	95
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 2544	3024	msedge.exe	96
PID 3024 wrote to memory of 4864	3024	msedge.exe	97
PID 3024 wrote to memory of 4864	3024	msedge.exe	97
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98
PID 3024 wrote to memory of 3468	3024	msedge.exe	98

C:\Users\Admin\AppData\Local\Temp\D5FB4.exe
"C:\Users\Admin\AppData\Local\Temp\D5FB4.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.tiktok.com/@d5fb4
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeab5546f8,0x7ffeab554708,0x7ffeab554718
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
    3⤵
    PID:2544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
    3⤵
    PID:4992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    PID:3604
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
    3⤵
    PID:4580
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:3456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
    3⤵
    PID:1936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7447596399818455300,9149735636214695393,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5420 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:332

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeac32ab58,0x7ffeac32ab68,0x7ffeac32ab78
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:2
  2⤵
  PID:1436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1992 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2076 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:1
  2⤵
  PID:428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3116 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:1
  2⤵
  PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3624 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4540 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4664 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4768 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:8
  2⤵
  PID:1420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4704 --field-trial-handle=2044,i,11925868092142413952,7168894307003498760,131072 /prefetch:1
  2⤵
  PID:1404

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3976

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe"
1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:744

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa389f055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
d65943dac4421216c4527944b5d271c1

SHA1
20d82199665d2cc5cace525c30053d4a1bc3d6e1

SHA256
49fa06b31b6cba980a9dd924a04a303cfe2f873726db2942fc217726ee0f365e

SHA512
335340a1ef1cb6655d5c6ba6e93cdf12390da6c06173ff2bd5d8a1f35b84eb38860b343046bcedf27825dcff3d1432fa2b325d31599c20eab9481f3f5015149b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8c4d8a89d455186e8930dad08ba8ec23

SHA1
5cba9e95ab62e718ab0aaceceebaa55cfba491e1

SHA256
5cf88b2bdf89a592ec1df68e3e349dab8a7902a123f5c7e8b1938a9f4c893d34

SHA512
c3ec01baf41075568c6c206211a470c811609a0ba735dd7d44483ae77e640f2c2f506eb4ba4ecf63f92af025d73a3894c0880ebcc594b19562af29c8e75cec01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0bf8c736780ffb125409c6874786f7ec

SHA1
ca088b697c8f24df214d84a442405b6d8db02c66

SHA256
56ac9cedfe36d12860a50a0b71f095eafa186713c3f7c2b182ac7106fc59b127

SHA512
99b42139eca4e5d71f2d468f09887d8571c2d3a1c0277d13a617ce8b9c8a3822a904692b4c2530d6bd9a4acf92d712c902a491355720398acc89dd341dbe9494

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9b8515a610814a4e5a28ee7992156fa1

SHA1
2fccd7a1e3304273d266f406aceee8749ed17212

SHA256
357e7f430086a6a047c29f6268417059e14f8ab5b4d209b8ee01ab9be09d740d

SHA512
7e212c1c97058c743bdf0b26c2e2f95bdec415d2bb2f84cec5d30ad1f97ea0f481ba7ee5ccc32a23de79cd81b4db36492178621ac041ae359a364cb696a715ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
bccc4cc301c6ad208f5a53291c840631

SHA1
67948eb90014b11f6c5005b84deee6190c7daa0b

SHA256
3c51279d2b9c414a993c8fc76b6ecb4e9930ed52393bfd453c223055efe354a4

SHA512
17b2958bd9742e45d577a92fdc33403df29c14243bf30fb1291d0b9235be88745663e24b8cccf23a686bb1f9573a830b68cf700a7cef3101f793f1534f200c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\da10855e-4830-4289-971e-ae090282ae99.tmp

Filesize
7KB

MD5
af29a457bc011cee4703d542eb530efc

SHA1
eaffa7c6d76b04aedc945ece9fcbd35e3450d715

SHA256
1a47b6b95f3167502f8baafb525f7ad91f2dbb73d7b8d459c8bcdcefc216647a

SHA512
4cba96982d2ad3c7efb0e25afcf6e6b178be4514b9a6d20b05d8bdfb00a60e2746786c27285cffee6cfda750360a8b622a8f3370b9845d1007365e2271d4962e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
89068f197a194ca72026fc292c8dd07b

SHA1
bd0b1dbed0372cfb4f13ebc510c100c93644bb80

SHA256
d3e046dfe7e5a7879b8cdefc95b8591fb42727363624b9f34c779effb0efe97a

SHA512
5e6a4338f569b3cc4a0d1081b7aa64af109dc66f7c24358a87506f114cdbe3f29a658fd732fae46a33a97bc924e5e2a5939702c2058c02698a9e9f0584038b62

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
281KB

MD5
e09ff7f63425f186f216eeb285a7ed51

SHA1
5e82c1b5efb43c22d46a1ac19d85c020dfec74c8

SHA256
6e08d664b902fa11abf7824fbeedf785a1edd8bc028f14cf8b6ee5ff4395d414

SHA512
5c550283354fd734ada2243aa6493a7e94a67bb25b83aef50622f328cb5919ff518243c537baae42f522fc4d49fe95350dcb5897345eeaa3a4ce2e73ee8ad174

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
1024KB

MD5
9c35428a13c15c0b356ff82d131f35e1

SHA1
07ae5616f8830947ee559fcd3b48f3c6cbbe7eb4

SHA256
2995e748d54b7d93f345badeed3dd511d7c030c0bed2f3319953e91f32ee8546

SHA512
65f1d341bc847e65cda6384d3b5cd9a0a193e12142a3e03f86e9478a4050aa220f641fbd3eee2c9df13106f78df2ccd3ccf063bcdd3c639237cb6ee762ffb021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
468KB

MD5
e476d74d82d56c4b5bde3bf99e753b3d

SHA1
6066ee23f8d76224a71e226b225060a468231794

SHA256
1865335e3c28784d2ed3bb1f621384b5118152ed92faa87d1d59862ed8e7471d

SHA512
945e538eb4b28a0390e3cc59d3226a3ef449376c403ad544e61d1b07ebf999c171228eaac6e23a18809536ca42bde69c8ae3604e10482715768216c38e117899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2c523f338ddea17c37d7d2f9a55a0e88

SHA1
9b2afa97e7417bc7d0348ecbb1554c5fcd053e8e

SHA256
3cba1f32fe228107a191e460228bddfbc5d0bddcd152301b6d8711b09f86e408

SHA512
1f9700d72255174d4bc1802380d6b3c8c922bb421cd3e241eaa6a2eca71e4d86b0362f79f1fc26d14606221646fa9897a22a18db11ad6fe3224910bf0110060e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
94c3c97c2799810ada2acc617fd6cfca

SHA1
06a9949ce20599c0edf77fc64b5c5a37e5f952b0

SHA256
41bc33a9ed608006a9a622e319f5a024f6e3b410f2ed2dff770dccae138c6181

SHA512
51da6c9c56fb9eb1f1c886997336ee40ae00b6abce99a4bd4d4d5294aa1181a43da67a1c78c8a66b4f3b935ed1fb3f7b519d81adbb6218f3ff8d273419cce7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.tiktok.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a9bef27ab6b0ce48eb2fc6876c288559

SHA1
59cd018b14f4f92d727ccd46ca9b76d65d834784

SHA256
de03a87a74ae5b93194089ff3f216e0072e8e99c916fda2e4ad6ec5af1c30964

SHA512
ec25b7b193c3e5ac72ec9cfc26858c15833e9b9b12cd3e27c985844278890c8c4fd032e70036ff066cf47185cad64a6aa428d701d1594c503e8689efce150b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b7147494527fcf49cc3dfa9bfc0a4a71

SHA1
e7031f5d19539f59a18b8cfcb3b76b171498fdd8

SHA256
776dfb9dc1b3c0c9de0118db773ffa439ed88c37d97c9a87f701a9817f396a7d

SHA512
3208975413efe5100a100d3ebbb8e10da9ddc3ed7566eee045ef39407bdd15d50a13f0bc4bd866064a46c215c40734ed16f2c3ae7db23d551fcd15017f68b0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
94a4686367b9c3ccde17a04e78c95279

SHA1
953eb89dbf1fd59d3abcde1d0399a228bc078338

SHA256
b9ffe57249c4be09cda357c716015b1dbc636582f01e126f7cc19981d4ad29fb

SHA512
d215ae9b485696960a2c3c8e817684cae790d0d6b0e36d525be18a3525d952d2fe561156c3060670bde36a26fc44173a3202a68c37de4c725cd00cf2b1254fab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cac8e93b55381eb212d2b31a47ad98f6

SHA1
b1db8615badc2cf434a42f5dbdd3c7c1409189b8

SHA256
31783218bb3f67db59ed00b52b0f3e2644b7430c5e3674ea3793648ea1901279

SHA512
2b0edceb62dd2b618254281a6f3ebce0e0cd71895c8ed87a8eb927e5dc27c3fc96ce5e5ea254cd4c9e914bb1564081a4849895769d5a746949c6d82898599683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2238b9962261aaf98714a6d8ecc6a909

SHA1
dd590f9c86d0279a4e88866806bed56c92ab1ce1

SHA256
a328c2d20b92ddc5c4da359812cc84e5b3d869f6806a558fa019571b1b175238

SHA512
c662fc8f08e236883b163cc21733cf890a9b52b022f41fd61b34b2893482095314d3d64deb5f4e8d1e0f223472479a471566cb5e82015a8d7c0696700bbee8d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7851ff0723c8a18e76509cb9459a4d53

SHA1
94c9902ed8ffb13a393490142f9132fbe9c2183e

SHA256
2fed80fd74876ea4c78a4c3e954d7b42c1011f7eed0d296c2630f6fbc61452eb

SHA512
746cb0606c1e7f99f7d9162c3fb1a825c3a5d63193324774a15da6f70816e80f417fab518cf5cf4ae68da05ee7e72a5f73b31a725fe587932eaa3cc85662fd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90714db06b9ca2d6b4d2223c0dbb0ecd

SHA1
55277c77e96b323f5f1eb140dadd6bb282b5182f

SHA256
dadfc913edb67d449545bc6a4c5dbe43d64f6928a80705d3740c03254aab5e81

SHA512
d42c50476b86a7ea6a4613471d32e99d0ae2e559ed28edd74f4e3e74c311491eaa0bd10bd2e62d67929e60fa4a389d9a832135c696295e6d2bc3a4de4e0eebe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9802a005268d4f4109d1d7209e9112e1

SHA1
5fdc4990fd5dc10b98279a9366f4d5a9ffe1a330

SHA256
1c95796b7dffeb554d2a4321506583054fcde4a814f15dc1d570bef1f7cf9826

SHA512
54d3b118d60c6dd8ff76b03652e8e9b83658c870aecaac6dea7bcdc858ac9307746386775adb4fb5ace29ad1139aeb7fcbe97bcfdec1ebb29f6b63f267f0e472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0cd3e4da-ac41-4778-904e-7d91ee8bcc4d\index-dir\the-real-index

Filesize
456B

MD5
34f7d4309e485603b89ef1b5af406406

SHA1
8147949f9e04de16045c9dba019a434cb5377bbe

SHA256
f05716d38ef2da4fb958b03700b6f34abe099d64195b84598bc00bf4451fbf05

SHA512
1a589304dbb018700f249789d08fc693a38798c92eabe3526cb8e354e8b8d956729dbcb89cccbd3295319017dcef884680a335d43b5f31702ce9d493e8d2753c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0cd3e4da-ac41-4778-904e-7d91ee8bcc4d\index-dir\the-real-index~RFe57f9f0.TMP

Filesize
48B

MD5
e934c02804cc0bdc6a0b2ffba98b6b32

SHA1
3461b6a74b968d023439c75f50f6ec3aaf9b71f6

SHA256
491d3a65bd78ad47be7e45884ce757a2d49186d44cadb2e72ba4f332c8d51498

SHA512
066edc88e528393b0362b3c370e6f626b631d45ebc30902081dbb33a5f5799ed5ecf32f6b19970ae553019f32ac71cacb1de09a783e0d3a136013cb6c8b4e9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0d0fe942-af4a-49d7-a927-e0ec63209bdd\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0d0fe942-af4a-49d7-a927-e0ec63209bdd\index-dir\the-real-index

Filesize
72B

MD5
7a0272abed871e65a72adea005e42240

SHA1
248a02bd1dc3596dae1f6fc5aab30320d149941e

SHA256
03f02fed3b63fb51e43e4919c812ef70f3d4090f40d0752ab0e4af57bb114b74

SHA512
a904c5a868e6ec9ead936f55f7920736dc208fd458cdd9eac13bda914f05d4c9fcc0c0945239830699f1d2a6aa590ab7eb538fed9fdb06eb2a8006b9121c79fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0d0fe942-af4a-49d7-a927-e0ec63209bdd\index-dir\the-real-index

Filesize
72B

MD5
16505b51f445b6fd82019dc8fdc63dc2

SHA1
31a320f6f06508ce7ecc775c888b121041ad50a1

SHA256
3361a6e92462e2473c2ea8632cc689235586afebc2c93f8bb26c246d156be423

SHA512
074366d17ed01e88240b1c0b84a210aa12e75b56ab92e92c8b5088da1c2d270b5fc16aef09a3e23e92ffc53f1eef620916ed1f15b0e9a5a6a6bddfee4a65fedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\0d0fe942-af4a-49d7-a927-e0ec63209bdd\index-dir\the-real-index~RFe57f7fc.TMP

Filesize
48B

MD5
61c84d7640b12164bb2aad430a128965

SHA1
f15d1eb1f654f9fc99036c52bb8edf73ccc89527

SHA256
abc8ff854be81057d8dd3e9ed034017f9ac8720b9fdb31b8b514b1fedfff1c84

SHA512
70cf298a221e36510767e53aba4e5d871fa96076a978f348940c803397d1c665f83765b599bc27385d150b6f1145b7f53476c0355162f6031649ae049e86b543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
168B

MD5
6dacb9bd13f8c7278eb37c5c4d4ba634

SHA1
2e67ec34509ee4b15ef1f373a619c9d1bd3af1df

SHA256
bad200b80eecc7acad299eb49f63f1ab812aedf9357be9c0c5a679c104b3ab7b

SHA512
f78f153d26b28d9f6bf89f32e9e7b0d3a47ec9bc77082ee5084043e5371a44e6831b1cc2102eb72b9b1a389b0dc8babfd7efffc409675d0acdf24d34a6854d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt

Filesize
165B

MD5
66f213c0e7bb59ef373b77d54d9d2b20

SHA1
c06e0be69e27db1454e8649314c6db18a9e68154

SHA256
69dfac575288fd9ca45a4ab9ae8e0427720937975479715813bd266c5554e417

SHA512
6bd888bbce4436cf42caa9d8e826e676e3d3e5e429eff36c9591bd63c418bcd013c37273897b98864a7eecc26945073476961a65661cfe176914d56b1d72f035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\4cc699dd486af2551d01b1a74abd5337c6e052e5\index.txt~RFe57a9cd.TMP

Filesize
102B

MD5
4a7e42c6de2790ae4bb433d9035598c8

SHA1
1082ecd7a6c7dd88f0167bcb1ea0299dff4270c0

SHA256
f892641b4d2680cfa0c9d7c0074969ff349fff8dea23a4fd78e1c07654a72b93

SHA512
8679849751e503bc15b3769f30621f596db4ce9cfc36e79e2b1a675a0c5f26be7dbf1ce41c92fbab91b3df5d156d5daa1759a9a58419b4767527f03691d0ed5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
fd1d1c18266065bca28248466e2058b6

SHA1
2519c41c02eaf3fdb5dd9a6d043aa1acfd4ac8d0

SHA256
ce7e9194a0d19bb2787d1e69068e91ce4de1cde9dfee175cb23d094f0904d31d

SHA512
cbeb0e0b5296dc255a851b7d716986302f5c704c106338ccd669290926784067f6a216771b87ba15d397c39fed3be9cd212e830803dac75ccf89196a9d073cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f7ae.TMP

Filesize
48B

MD5
f09de7ca1b3c285d356722ed3ed4f7f6

SHA1
ae28e098142a8fe13fd89b248783406d9c94142c

SHA256
4f3481ba23c4745ddbff70bb2f54a0e433ab90481fb01521de09b89184133fc9

SHA512
200da65627028b4eb59bcbd5331e23e11d802730e56e00d9dc67114f6a81121f115e938e0ce927af82474dcb05ab70f4c362523a02a63d5f020d22d0767163b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a03e8c8fd721f84eec2eabb3b05ec501

SHA1
35da7dbd48f7106befb39d7a18eba8a22c3f52ee

SHA256
0d269d11ac43b4427d0b5dcc7a6550b6c812cd84a7c6cdb485aa41069329692c

SHA512
67609aa054fd7bda6d43790ab69fe940d1746acc98a975195da58d256aa650a2db78dc8e0d7632a62ddfcfdee48e48f9785a66da3be0fbb7c0f54a0a6a694b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
07d59c365771cec7186bf2705b13d937

SHA1
39e08a381f416cab0743a10d16d4484b5daf9ad0

SHA256
8698f84e331152d68162020d7055b64155fb372646c7eb37d6f8a891fcd21973

SHA512
14f51167a4ebb5122e91e41c0ea830b3655e934f130ce496785e4d5be92100cafca40b5e53fc4efd5d24e18abb708ee0b9aebe35038ac46b0e17bc12f33429f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9a5bda4e6d46e18615e32f8ba6f2371

SHA1
64509932c8170c2e9f6282b9d419a646f61daef6

SHA256
57649ff82ce37c204ca5dcbed5868b57d036a9ab434f85f2b1706247aad1f161

SHA512
f9207967d70fad03bd8611914da0035468b941c7546f7f301fae605389a48f574013a0edc415a6c7494da269d718bd4a81459423721436619854bd62a91d4347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b554632a54d5fa06acd70ffc428eb5c

SHA1
f81c5f4d8c70a71412fde4d9261a6131f4c07dc5

SHA256
7000903f0f1e9d004354d8321880a2b81631ca6a25233c315b031446de6adc38

SHA512
b91e3f1ced6c3fa83b1a77f7d76c5bb95c63513491ebbd0f3ca9413c78139e7aa945598019aa6598b15f37ea685be4c1b21548c20a498abb8aa285c769cc7fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f368.TMP

Filesize
1KB

MD5
591a61bc2525c6225581d7fd5781fcb3

SHA1
d841c386d09b98f97887b71f6d131a64cdf2f9d6

SHA256
451f7c88c01ae62714e04562c820759826eb1aa0a3cbf5457d5056c2f9797c6a

SHA512
4130dc932e284739e9986afab61df62450262e6027ccde050211b465234becff0562017c0d5c96a21c52e65205c0ef8251aa288ed2ca2f7cabdfcb3a0aef875f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c85818e69d79aede0d23895c61197358

SHA1
d0159e13a4c5d1c815b8bf11fc62a5851d49dd02

SHA256
343337ffd63782e55df0023b84763606a461dee614675d2fb1efcd455099650c

SHA512
ea15cdb435a12353c060de691b007cfe1af7e3446248332dba52739ce80ef8f2ccedd250931495950f911061bff3db8c0005dbb98001357a03cf52de23db56dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4330ac4c2bd6315863e5e7642c207361

SHA1
dd663e8ac9c4f4da9f5fe88655265b782fb78afa

SHA256
c3bdccac4899bb1cc209006da9c487d10b07341866643a5cab013f9e3becf029

SHA512
7ad521304c117c10748abeab27ec4047f228e18094a70ecebb1cbd1462da31d28d4b0df96930f2695c213b6158b59794d92dca0d1d6e699f8044902ddc22e334

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8bd0e781d6a73063576409338195af0d

SHA1
3ddc2020d53be8e8271321728541650153660553

SHA256
b6f5f10484c86d166348fa4b1be3a6f19330ab25c53512335edb6fe29dc240bf

SHA512
eaf5b597d70e08c83291fc22df267c0965b8f3113a0e91f205cb07ae8a05d596ac74c748b1d4bfa7357f2d79debd3fef150423546a5c8fd938e2df03d484e660

Download Submit
memory/456-518-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-513-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-519-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-520-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-521-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-512-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-522-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-523-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-524-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/456-514-0x000001E637480000-0x000001E637481000-memory.dmp

Filesize
4KB

Download
memory/4660-202-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4660-576-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4660-0-0x0000000074DAE000-0x0000000074DAF000-memory.dmp

Filesize
4KB

Download
memory/4660-8-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4660-7-0x0000000074DAE000-0x0000000074DAF000-memory.dmp

Filesize
4KB

Download
memory/4660-6-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4660-5-0x0000000074DA0000-0x0000000075550000-memory.dmp

Filesize
7.7MB

Download
memory/4660-4-0x0000000005200000-0x000000000520A000-memory.dmp

Filesize
40KB

Download
memory/4660-3-0x0000000005210000-0x00000000052A2000-memory.dmp

Filesize
584KB

Download
memory/4660-2-0x0000000005720000-0x0000000005CC4000-memory.dmp

Filesize
5.6MB

Download
memory/4660-1-0x0000000000470000-0x00000000007EA000-memory.dmp

Filesize
3.5MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads