b2a7d253f03a7b0b7ba486d77cb16e0aebfafa109d7592a00ea7134a777cd6c2

Analysis

max time kernel
210s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 17:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

redirect.html
Size

6KB
MD5

aa77f4196479827519bd6ac62c09b6c9
SHA1

c61282a643a1a3204389a89535399bc5ed7196dd
SHA256

b2a7d253f03a7b0b7ba486d77cb16e0aebfafa109d7592a00ea7134a777cd6c2
SHA512

3c20f2803276b537d119c732ab2455efe8e3c3d440847f3f669d0e0964d746a3aa5d99a5331e99d1da0f8949208089ac4672fa6811a612dc0ecfe4079c58f506
SSDEEP

192:d4HLxX7777/77QF7kyr20Lod4BYCIo7OPX+64e:d4r5HYi0+CIo7OPX+63

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
4284	msedge.exe
4284	msedge.exe
2572	identity_helper.exe
2572	identity_helper.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe
4284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 3384	4284	msedge.exe	80
PID 4284 wrote to memory of 3384	4284	msedge.exe	80
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 3520	4284	msedge.exe	81
PID 4284 wrote to memory of 5036	4284	msedge.exe	82
PID 4284 wrote to memory of 5036	4284	msedge.exe	82
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83
PID 4284 wrote to memory of 4880	4284	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\redirect.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf57c46f8,0x7ffaf57c4708,0x7ffaf57c4718
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3204 /prefetch:8
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7424 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,16614910306142330628,17620686701933004700,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5592 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5811816d-570b-421e-9ec3-71352282dc41.tmp

Filesize
7KB

MD5
77d5bebc73a17cdc6dfc59d666e3eb1a

SHA1
c98be2bdbb8d126414864a1d12d0646ea5d44561

SHA256
5c35b273269e1db069ca511e9d28a49252b82a89267cd9051a84e5f90a6337d9

SHA512
ee047651de8ab25f6f5675f220ab353b22d7539b7f6ce105436dd7939329c487853ee6cda2f4cb3e0a71873f22494539f38d44df733defd308c25a7cc8343383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
22186496f3392e186be64ad7e789afd2

SHA1
df9da58ad6fd26361b822df2b9e2c377c43bb433

SHA256
007d3394f8cecc85492f7f4693b2cddf52e6bc98c6ec6d044902a0e44ca1aeeb

SHA512
1c373e0cdcc3b8afe667161b2662dcb91a5876705d441896c3cc10a5c9603f09dd04991107c2e47f1415096f00f50fe116ce4c8d65fa9ab8a15cb36215eb3904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
f22f10c250e45a55fcef65f0c015f3e8

SHA1
dc0addbb4973bc8ba60770fc76a2dc4ed00e661a

SHA256
36157d9a304449b4edb18852f3d59ac7bf1124ae40a16675a7fe4e377fee4ad4

SHA512
4b7c7c5e8f6a01a9fed93409961790466dd6488f1d094851c7f3f7ae9ed869e91e07f49e3a933f8a077981bf655b0cf58b9ff9ec74bcb814b2327cb0182c05a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
23KB

MD5
45b973022f5c68e9da6f12809e2c91cd

SHA1
304186532ab287ec638438ccd0d6db26bc798b22

SHA256
52cbeaf2df4cbfc02f49b354b672a3c17f346df85cba1dcfe005bc02ab35b3da

SHA512
29f35aed99c03fc71a7d52678bbac64f0b414d81a383510be25438031a7805b181c8f43aa6dcbfed93f18e2d3790dcadd25e131bcdb814a65552e495f1d7912b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\815bf01e0e039bbc_0

Filesize
337KB

MD5
7f8677fb0bd11b589eef2486d0dfe5f9

SHA1
1a54982ddb50c1c051647609f18920834ee058bf

SHA256
d7acb785268ca3446997abbf6f9f7a6218c2e1fb2e14b29defabb8a3c3e6b065

SHA512
b86b258e82cd7d1c3b5e35501b3807be02492fa770836dbdaec0cef0b4cd0d0d5541c2df5d0c7fa3134365bc485e6c26f92b6e5afee82614049a77fa1d4cf5f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
46f8aac15e07931adfabb23c3607c373

SHA1
e16385f47f3311c08440e1d85cb5acd6bf5326fd

SHA256
8834a8fad1006cdbb7ef7fec102292596057dbc2f9164bc67dc21d38bb04fa2d

SHA512
c0947e25338d8186c9f697dfabf870f37b7cd65d0a6402df66bf2d6a29c1e3b8ecb0bbb5ee8c8ce7e82da26a226a9170b498450799c1e2979f009c2902e3bc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
332df12c81d935f560327fb36f6ad4ef

SHA1
b28a4b6a73e7bfda2478a4809cfa914f11596309

SHA256
094065d5b259e985444b9433d8f3070883343cb9d6e404067aa01cebad3b4a90

SHA512
9a3d4a46297e87913567db0fd63e3da71d325f6793bbe5765602630fb1f98c8762e8649a02b4e1317eec88e056f6e262e0e0b86739894800e2915bab7aeaff62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ebb7bdf3ab1b838a_0

Filesize
158KB

MD5
a26a004253bc77b41991fba999ed2315

SHA1
dcb4d2bc30dabaa3a5a4befe545b49c45da206d1

SHA256
c1bf736e2bb597fe1e1a4b11d6440f4d861f318881207385da06be620b472c5d

SHA512
b3d2c71efc384d5424bb5c6e672868190b0e70d57a3596bda53c9c8eec48040b32566a1b5604692ab1e858f24974d945e295b6bfc72c6158aa68cd3744143b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3ad9749dafc2789702bf1b6f83dcc338

SHA1
36e43c9cc89a034daea3f534be4af99f7a66f099

SHA256
258d3bbfb3b7bf8ef1fb2b88ac8803c9c63d5210cb107804604ee5d0d54d74ae

SHA512
efceb32a11080be315b412c457aaf62fc5065309c3aafcfdfd4f8c164687d5906383199c71621bb716a7745b3a1709de269cf76424a8116eef179c2ebd3852f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e858ca5e02d339d1f2d7ca1b829dac5b

SHA1
106709450c820e01ac19f6edf3807a7c5b45e340

SHA256
283f62d75c838f2611f6607323ae0ad9913c8f7bcade2879e530dfedd921a9e7

SHA512
3bc2fba517869ebee6f95534f87256ec452afa8524b187699c64d6dd68afd46c17345f86c2ecbd601141469934873bace85526a9e5ebbf082c4598b34a8b64d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c0b3a4fa1e82d7e86796a6d2329723d3

SHA1
f1374e513ad1099c3097351032e9fa52c0599820

SHA256
f297c803b539edb5ad6935ef2e81043c6a1da54f68609c804ea2f8b403037617

SHA512
82f16d384b39653b2e31e042d0ea465dfee22b41438b8b318a81b30013a5f1138426b3f0aba8f687aa74bfdc886407e3439d5669a806869c1256b31502a5f420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6c523b87b6f025eae3a99ab25c9a7a2b

SHA1
a85c061c618f097d5308080efd14936962419b41

SHA256
c900142564ec1fb9a1a50d0e94dfa2809d94234ff6197a93c9c0cbd294482f63

SHA512
8fcb2a386a5dd6f6bd189f67647736f7b1b5d504967c0f2f915d1b50fcab274c62004e5d1742c002c307f85f11d2b0e2c136e66e82a90f7dcd0598e3d892d775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
53893030931115a41abf8d8f89813ad9

SHA1
074cd4193acd48f24fe285426f720d61e7187a33

SHA256
857a866664c7868b814b2a072210fb4a521730942698cf1295665a3c4f177484

SHA512
74ac6a7f992e4d45c9ab792028e090b2f6300af1b9006320ff007d1ef95a780f1c8c99bb967cbf6eb71d69c03cd8729e0492f7fed24d28f801a5dc801402b4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bfc580974140262fc339704325db3865

SHA1
a2fafa5a1fdb12e5c9667f553e1eb0373c4ecb49

SHA256
18945cce43050ba6c977c9d3a746fc8ff27c8da61b26a5719ab0073f010d7825

SHA512
9240b933e030344b6b70435656e4141cbcd6d1d3e3f7519d2561d64fac5880b685a3b12f22edbf69e5d60566e464d304ebaaa3cdbd5130c4141f8e0d87519544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ee0f591fae9a36e5ee0cf3c575d6e3fb

SHA1
810f8f1eff485bd756f3bcf19c56732ed3736193

SHA256
66141e498a4fc460dac491d9c868aa61cdf9e35e2bb8c8874bed986b1c1ee738

SHA512
294044d2f373e604ddb1163a51cc1ad71cd4db935fc7edbc7e6eb780f5c46cff4fcacf42277695e84ee7bfa3d99cc41a3830a74f968087aa59019ab9ca7d858e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ab7a3f4936268f96ca6af4dfa9621fdb

SHA1
c7feb7eaf0c3d5669831e577baad514b9a42fc88

SHA256
342aeda3c8a588655bd1a90b5356943d9bd05d5801945167c56d879c4d9a917f

SHA512
fc929d92f8eed3f296ad9a75183b569ecc9ec8728295ccf4615ddf187f35a0dc4a59e25a9df7e612416b44039e0e59cc018876aed1dec19d0abb478025e79cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0334839f1942d4bee020b80667aa9e5f

SHA1
2c67e46bb21822443ba14fe1daf913962415694d

SHA256
68dc5b87d49b949d5ec5a012ef04d6d49280a9a24bb667654c19b928d0eb1e1a

SHA512
9ec67260f93f6598514be08cde75402b4703a4c9ba14f078b499b17b117eb1096b1ba827f25a7677e3b7e8c407c12f7e841f5d8a883822d05de4cb1b129af98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
34210483e50b4ffdc217c248e68f573a

SHA1
af6fa527e5f13ded5316292cf44f013c061995cc

SHA256
a4c724b65851425a8ebdb783adf849c8e56eaed93ab031f1ebd156ec5e0d52b8

SHA512
13486d7a95c0a78b2e88bf527e3b9c12fe42a737d54a2762992023ee5ecb7ca71007d6dbec646262e334852ce8b4f84a28797826d1fb579e98fd5843223e6ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5845de.TMP

Filesize
1KB

MD5
aaa99909581873f9d03b90412b6d38af

SHA1
70f12195f380cc175d3dc7f451e938b251fd5494

SHA256
7a9af5c28d2d9d9f8a462173e936afb9dc781b63c810a8f7bce73090c3ba25bd

SHA512
7359988e1dabca168e0c06b3162b2a25d4bcfb99adb13393cd18a7cc3f7356552e034aceee8959722bbcbd83b5633e099d3a612e9d291c518f10f8c9b66d4bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e4b505502c1e753fea666353fe6cdc08

SHA1
6f20dff9872d00164c3e8c01e283e607cf21297c

SHA256
243093c66f805d9d402c1995422ca58d6a0fba40ed6e78414afd29c96dd98a72

SHA512
a4fb5aaade306ce80efd980e01ac57a159c548936860c45447873ce0480cafd7fe9e77241f82fe795edcd44808e2372fda1d4d8f325c4a0b7e171fcdbdf205de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7004d533a83dbdc67f683db4999e600a

SHA1
9cdb83772f8e696639670702eb091251853ddb9a

SHA256
3b1ca30645f8c5d71b9dc29722ec23fdc86f6fe544051d4a0dadd39d28d98e57

SHA512
5728ca36543ca9951b435018ea25548b21447046c1808fd03a604d7ef7f3fd54ba0b2ee2e554fcfb39cae5e5b0a4ad4a3c97797a5a2318f118b0c7e6e38f0c82

Download Submit