9c8c654fe26ffff624d54b10e91c30938ac4019fe8c64eb6d739783b9b5f10d0

Analysis

max time kernel
145s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
20/07/2024, 11:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

30.html
Size

162B
MD5

b6a1a37fc4ff7a4133530bd086b1e7ca
SHA1

67b4ee209cb3c69b38693c5884a8f5267c7407b5
SHA256

9c8c654fe26ffff624d54b10e91c30938ac4019fe8c64eb6d739783b9b5f10d0
SHA512

b572fd77899459294e8c437f5cfcaf092fa1021558ac8271e82cc57b1012c1c198899b8b303518c5910144a81e7f008524f8cf3b95bfefcc0f750a74a2e9b05a

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
8	discord.com
23	discord.com
24	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1210443139-7911939-2760828654-1000\{2131C5FA-F081-43D9-B6CE-397AC5A46D1E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
3320	msedge.exe
3320	msedge.exe
3332	identity_helper.exe
3332	identity_helper.exe
4408	msedge.exe
4408	msedge.exe
1844	msedge.exe
1844	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe
3548	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1820	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe
3320	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4972	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3320 wrote to memory of 2944	3320	msedge.exe	79
PID 3320 wrote to memory of 2944	3320	msedge.exe	79
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 3632	3320	msedge.exe	80
PID 3320 wrote to memory of 1184	3320	msedge.exe	81
PID 3320 wrote to memory of 1184	3320	msedge.exe	81
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82
PID 3320 wrote to memory of 2924	3320	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0xe0,0x7ffa41e13cb8,0x7ffa41e13cc8,0x7ffa41e13cd8
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3428 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,12552240936667358361,5917557280126483726,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004C8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1820

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
afe63f44aa3aa9393e4251b4b74226e3

SHA1
29eef15e4d60afed127861deebc7196e97d19e4a

SHA256
7787181844d106768f78847869b5e784f07c1b65109d59b46932979bac823cd3

SHA512
f0f7951b5d55c2cbb71add5ab0c2ed3617a6fdf93f2c81ee9dd15d9f7c67881b42cbfd97cc4d2f17ba8a383624b23da1897fee069ddcee34233c1f625062a1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b0c53c5fe6ad2ee4ffbde1b3384d027

SHA1
0c9ae4f75a65ed95159b6eb75c3c7b48971f3e71

SHA256
2e9fc3b050296902d0bb0ce6b8acc0bb54440f75f54f1f04ae95c9956108171f

SHA512
29f62e085d685d3b4902515790ab4f298454d0f8d53b6234fae9f9a0edffdd0d4edee57261e8eb0b94a4af8e86d3f7ab8b044c6f259576b89f91183002e58b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
782d5173e1555ad8702766401de74675

SHA1
a7f2d8d97eff27596814ee05bc2e4befaf9ecca3

SHA256
3a9bccffbc50e29cd6cde6849a023e15f0563b954d07af111e76c9b63f1b4371

SHA512
59cd93dd8d4e726061d6c6f5ad4e3a2088ba5aebb42c80e774b18868d570c0c3cf810b6d76e7738398c4c60e04813fc60045910152acea670ab386baf1092258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0f39a370ebca1dae4f61d1eecd92823e

SHA1
63b6a063be4f505d4a7ae836de674493a43f5971

SHA256
ee209c1d695c0ee9a62a4b66b0c334c3803e976a03956f8a2b401b44b29e2b98

SHA512
33e526a59bd75438c6718821b94b7a1cbd3c6976f577de2429c6ce2df91e8f6bb2a3f1f68df94af2e0571cc78207a17e2171e4f1f46c6eb71e3c30974519f957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
968ae9fc5cf15b31c81bd28b176ee9cd

SHA1
b328e137d80efc9b50af68753ab95ab8ed249914

SHA256
bc213951dbca33ee077f1ac1a86ecfb72eef2a0a40e320b3228e34f26f6123f9

SHA512
fea2787358c45a622a332818fa9b9ba9f6b86d8988b612b1baa1fee028d8a8b0763864b787bf94bab3df4a870d7baaa0fc55dff745082e4259d3117edc176960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6fa0bbc0b42546f4d62bdc009322b70

SHA1
2e70f7db28b3d4c8edce02ee63ae48a571062cb3

SHA256
d12839b5c8ad030849607378481bd0daf3404c46f733b044d02bdf8867aece47

SHA512
39cff8e44abadf1b3f84a2508462594924d4402e5bcf17f65436583de300930821e701b3e973704716e1ed62f11f599d97314af9538bf4b11c7fb4bd26a18120

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ffbba7291b13869f075fe26804cb1f7e

SHA1
f1242b378eab3ff7e04d06d4cc1f29be6d74aa13

SHA256
48a167be2be7c375cd7d48c384207d6f22e376d07d0c7c4188a5cc0668c21091

SHA512
0e58d0c1b8e5a10f1577acca5be8d93350285d6afebbedbc2f1524bc58d7dbf987f37744b0f38e26137f6c641826b357beef4663f667134d8e833897903fede0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b813280b19fdf7ed440b66884ab1d98

SHA1
468f8f55e042e4c421f7baf8df648bdd55c60335

SHA256
223e36257ff1d394e964c99d3bcfe868e5aea1be341da84e6411a1e7ce207bdf

SHA512
aa4d18b2a29b91852d30d989abadb3bd6a704a38ba9d26cdf817ef78467a7c59dfc8c597b191fe9b6cb622000af78fb8e9ddd3be078c203a5ce4c87e05c07132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c73a161c13e0b5b79e22d1da4e85ec9

SHA1
3c22496de02161dcb40bd6e94417b2427252a8ee

SHA256
9d31c344e4dc4dea584ea28fbafa333d851cdebf3e12c2bd34587f8627770752

SHA512
99869a8631c964aed04771ec0008f7285e88fb92a9cf63a5daf52792b0fcbaaca22b80dfa8cec15c7bb5c35bd6ebdf3fdd1809b8f5696c7fee5c6f65ec9f01f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7f2d6649c96b8edea207a7b15120bb60

SHA1
f58c312420cc534cadc2c5c91a48ce163a89f243

SHA256
ef369406b4a73c1324369315e4ae8f638e37a7f539beafa8a67886ab29348cc7

SHA512
b838a72204c127e0dad2c2923cbf3c153e1401881f2f72722573b7855a1a67c9f3168ad22d8b11b8b0621bb0cc2cf638132513990dcd2c21fa88f57a14ae7e15

Download Submit