hxxps://www[.]mediafire[.]com/folder/dx8ht21114net/Inst%C3%90%C2%B0llerV2

Resubmissions

26/07/2024, 13:38

240726-qxmf5a1cpj 3

26/07/2024, 13:32

240726-qtf5yathqg 3

Analysis

max time kernel
257s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26/07/2024, 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/dx8ht21114net/Inst%C3%90%C2%B0llerV2

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3960	msedge.exe
3960	msedge.exe
4824	msedge.exe
4824	msedge.exe
2852	identity_helper.exe
2852	identity_helper.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe
4824	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 3216	4824	msedge.exe	84
PID 4824 wrote to memory of 3216	4824	msedge.exe	84
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 4048	4824	msedge.exe	85
PID 4824 wrote to memory of 3960	4824	msedge.exe	86
PID 4824 wrote to memory of 3960	4824	msedge.exe	86
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87
PID 4824 wrote to memory of 4548	4824	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/dx8ht21114net/Inst%C3%90%C2%B0llerV2
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb7eb346f8,0x7ffb7eb34708,0x7ffb7eb34718
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1864 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7564 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2612 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,6182138929246050382,14484666213780535132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=180 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\94bbf1d7-4e3d-48fa-b5b4-57908ba8a62b.tmp

Filesize
7KB

MD5
8ce58dcc699d85749997abd941166cde

SHA1
3a48bcf623f29d268be62cf315584d0132e888e5

SHA256
ce5c5a64fc735e797f78a8f2f5219b7a33b58ade41b98492abc5359802b1b66a

SHA512
16508652c798815ede73a9fab6d20f4efce9179aded49b60997f23a0c8686030393c6a1018362a0cfa5a90a0a89687469628ead5b95aa3ac8725c5aa5213a2e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
62KB

MD5
42caa5394be00aeb88e057eafd4adb21

SHA1
8b91faacf2b7ece910a6f876a0ca6850334a1b32

SHA256
87938e4f4d76399f0f7bd19469916684fc6171ce362f657c7f6e5cd079091ca8

SHA512
c5e765e4fdb376259d717934ee85b878869cbc3991d2022ff8760c457677adb72a7eee85dd9afdd74f29d93b657038411088daa022a2658acd4f1ce3cbc61fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
20KB

MD5
93eeea702a80c096950e60b99b74b8a4

SHA1
cc5facf47047c7aac51bdfa9db1339891957e8c7

SHA256
98fa60f3d0aa0668eb3bd9f56657d4d016913f2194b0e2077810f4c906a77854

SHA512
c4ceb5227cada0067261eb6adcda1a0cebe46e1184884a03bc8061f0d947fa8f3751ac3709080934e79ef2b0b76aa417f5e0df40ce8cbaa9c1b4153c3b83734f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
20KB

MD5
f50b0303a93c67e65305be05cbe1fa57

SHA1
4de34e70f9a065d38ce665fe473c9d2631446135

SHA256
b6e402069decead39d4fc8b1be4458df3dad2e85d34d0d0b421fc870099e2cda

SHA512
ff933165e202a26decb473ad2f437ec749336a8d5b14afbd9797fe63fbada989de3ff22251e7580f775d7011e428876b37be66a0cd68ba656d38f577ac9e7824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d4b4a3dc1b8314a506ca6031a7647512

SHA1
e780c62c3ec417b684ea3ef4f8313a7ba48ce829

SHA256
17456bd68b6bf562e6c6bb03b82e6c9889e6ccaca3d15f7500ac0ffb54bef554

SHA512
9c5e26fa296831e04e667c922e3b901c6c69ad668ccc6a22a82923532fb81b6c5927728943d3075bee695d1bfe58121498756c92d214d4f3738ec2b15e78cfd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3a732b9901b287d0b2203e07613ada2c

SHA1
4bbe21e03b6b90a96cd920cda5e8e4a508daebda

SHA256
d449e6f7d67342bee6c8a867fd614c55c523f880037b07b1d3f77922199209e7

SHA512
dd86b6566ea50a8afec44200136b7db7616207663bb5ae30710d91f727db986ac9dc418efe3f3ca71db0d370dd10a1d38ad5d407e480608192b96e01ae5941df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c0046f3014f9e11d2844e8a4c973f414

SHA1
0f7b63310f33ea1f4e94fdddea8c9e5eb8628759

SHA256
aa04b333a11038fabded2aa1e63a29a243e58abdbfe3f751efc1073e11a79446

SHA512
747679eb31711ffa1c8370217dade349b3b566757d0de758552869ba388c0db86033d6601f108be5e0ec42bf3d343a819d0cc8797c71f276ea7bafc84ded3608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
41aa6d06c5acd8ce5b8e692090d5c755

SHA1
d7fc399247f3a4e8489810f0d76a4ff9d0699069

SHA256
a3a49bf16e2cff99de13889629ee3a7f7f06eab2747555cab3ceeacc9565202d

SHA512
cd70fdd26d435fa04db573381da40c276694cb2ddade27a5d1c20d7de394a584120d4f5f8248a04e387ea3bcc4e854ae5eccd8955f5b98eef44755de1aa3f5ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
edc2d53aee99d39d7e31f589db1b2c30

SHA1
78b65a24fca2e8d29b811f54950866073022197e

SHA256
3dc04be792a435dcfac7f49a3160e36e36b2da3468359f56536d873c04b0ff1e

SHA512
2e7a8573e122675f9277db340c72fee4d8dc2f5feae6ad9c2ec0bb7483c82f3992022a7160263e2af81a213ce2aa60a674cd82ccec27473119e778dce3652b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
b4b8b73d356afe17a2f9d8d09ed85f86

SHA1
feffc42b38ea396490b36cb4620e2996740efc9e

SHA256
fd71324538169f75e84c4234879a0405b8f1ab49b49d216df9bdec829794cd1d

SHA512
a60db9466b00834ea26c3f9fb0826d31d04a8ff282e8652ab72fed3d2f18c0bd2b2c07fe1b0a85e2d73d6815f0c6a5bbb83f545e993d49b81cf641c65df9fb36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
bd91482c687238f4949c778664d0e165

SHA1
63cf3bdcb49c06fa3e5b092c0f3770b09f37ef5e

SHA256
3a08d61ac9fc18b049b428e0e0a9954d88e8e0fac96c5f087a2c9f70588bebca

SHA512
550ceb2ac9a4bdd5e2136c54cc9e5fc24b724820692530a43445fbb8a6d83a7991f96b524aae934e5cf1e075134fae4a8ce2044803c71a284281e263aad25bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2b3f0b69c62e800de40e05fe9fb4d77c

SHA1
755f82fe37d01cc7a5150e00b13dc39d917eb93b

SHA256
995ce2f3f287787cdfef70fd7f13fea41fa997bbf0fc6e2b1d59316bc1e2171b

SHA512
7a8a55df9cd6f3ce913715bdfdce7b51ab6def9c87e68bcaba945367505f14e282207eaabafd4446708f91280001410c8a8d4a30055363acebf153d2f17a3c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce9181560e6431292e0a7fb2e27ff3d4

SHA1
38d9e1542b82b4f7ed99ed7d11cc07ee3d687fac

SHA256
622644518a4c1eb92c1cc5e8235d6269cab9d9d18f96199a63461ae6c7ea57c0

SHA512
bbac868859adf70811efa73845475151024c530d449f1974d266200d44cfade47721db5df064014cf6f4a61f4c331696e92eafdddc06201ed2cfb9ea33d4838d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
d685c721bb02da616785826e04535bad

SHA1
c3ccb860c0c68c71e2e05aba3a36ec059e8d4fe0

SHA256
0e44ac7564780f5a66a13294e5614c30df4bee282385540818e6e55bdafa4d43

SHA512
06c351ec214956a6b7d67eea42ba3519e91c5c1a5b057390781f65102c9e465c9c987a94255f8d9f33713956987d2d5dc26d4c9b8c7bce34d555b504121c9d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
319095f12de086620b84e630d5c005e1

SHA1
49f6ef6a4f85bcca2e0fe167d876754c80db76bb

SHA256
4890dbee7c98345833d132230c60da616ba01d43c2049fc5acfc60229124659e

SHA512
bd4644224d536b3c54f428d1a9971101097a861f288970f4125c0fbc5a58dc4193d8e4d75b3871bd72c943348ae25bc94ccc4373e2f3c7c45be89c21eb87a9a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a00b30d74e4f729c9b7286a4b2e49dad

SHA1
1b92e81a5dba378c411085b54282d83604a97212

SHA256
4438ffd84dff8c1cd852814be92aa0c5378003648667ee3d3c9dbd1be0e73b6f

SHA512
a4292efef38dff6a6d12d11c820236a4c4e3b6ff8d65a6c86e6a77bce7146ba130ffc843d857c27f7d787ec1830bb5a0e145e88209f757a33abb6b8fc024428a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
678423f9346565e4c358716ce78cdbc0

SHA1
2dd85d8dd505a6d29536950b2df99130a490d95b

SHA256
80ad0c26c6c70d542b3469a827f503c7ab984678a273ef18463248c45820297d

SHA512
7afd55f2610261e537a72c0c35c394b8a0556795ec79c03a3092db6172548b52cfbfd3b10de757a2d1a930e7ba11fc55947d05058559ae4a2bf835738d860a07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
ff335a3d2d098e4ac94fd04b1a198efe

SHA1
a226735fa143e6fd65fcb8fad7fe7cfa848706d1

SHA256
a54158e5c964c2a8c7b53132ea6eaad4bdb9bbb5571c9531d4b090998250eb62

SHA512
c77c8bfc7e8dc16dc01e504a8a26de1a0e2dbb6e2a0366cb9ac238ff9384295111e7643e70da1c8efa6ca43adc2cce0a039cc89ccb3bf4a1ff9b31221febd388

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
da6d6d5f277ddd8b8721311bb42c0945

SHA1
a9bd916e77ece5d894f3a57c9b8b36e3c35d6804

SHA256
18da01a2975ed57ba903380da49b41a16b79e4d8731f541f0f8c405d918fe14e

SHA512
cade315d6b67a11b2f7559f5995aa74fe37a735e4e54943ad9a2b02f9078f22c384d0a549ea9b385e1e06ff90ffa59dc09901ca7bead99164aed3843d19bde71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f5d9.TMP

Filesize
873B

MD5
940120626083ffcc3f94e76e0265631e

SHA1
aca70ac2daa114aff8b252eba8b9a071de836b71

SHA256
a7b2ee1909f54ded2835b092e759fe8b0178c8c098780e8a9c043fc64bd72175

SHA512
5abe3ac12ee093ecfe2a56b49fd2eb716e50814bd468fb1c8bde6a20d547eecd718b3a31b4f3aa3a2e3f25a822df646eec3fd6bbfb661284d61145688f9c5a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
341b568848693ddb059bcdee9ea5979a

SHA1
aed7ceb58cd6d6d24e99b1d8a1734be5915b9c79

SHA256
f756927e89b362df0b0b6c0c71787bcc912e3fb43ea28a76359c8850affd5394

SHA512
8f4f972b55d5b48ca2ba101fc84ac19c403e0ff7211d7751394ca26bf4aac3f7916a11240a71c7d1e51835b196d0d35906da2d51e12aa076109708557ebe286f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a35f55970168ddae55829ba203c206af

SHA1
51a778affa7dd674f401f924aafdfa7090338216

SHA256
602b83e0dbd35d5e80c1e51b4222b82e4ed169943e2a327aa2dcd97eeadaa9f0

SHA512
7e4637c9bb4bf684c54769e0c9c0e293d710420947871eabb490512ca444645968ec5b060f07d3eb6577766d048d6d40788d2b4fd190c8a7a21043cb33b672f3

Download Submit