9e9aacf4e8a0aa1a3d9aa520ebe97aaa7be06a60ee8b13f4da5fedc2d08d292e

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2024, 00:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2024-06-29 160912.png
Size

548KB
MD5

ee5e09824c26bd15b0e733cf6a203352
SHA1

0c840012d68ffe99ff51a243c87dcf212e45bedc
SHA256

9e9aacf4e8a0aa1a3d9aa520ebe97aaa7be06a60ee8b13f4da5fedc2d08d292e
SHA512

c10f32cd03ec1e7161591e6229374e5d68e94627cee154b73df475b026d651f5b178ac8ab0f3791cb599ad5ec978ee7499c0d5e57ce8b0a0cd9ab8679c44fb35
SSDEEP

12288:QJjax+vRN9CywSsjjhYbM/i9t5PXh0aQ8svwRstKLNrU:+ja4vf9CrhYg/6t5PxN7KwytKLNrU

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	53	https://oguser.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8aead6b6fc7a53a0	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4364	msedge.exe
4364	msedge.exe
2920	msedge.exe
2920	msedge.exe
5084	identity_helper.exe
5084	identity_helper.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe
2920	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 1788	2920	msedge.exe	90
PID 2920 wrote to memory of 1788	2920	msedge.exe	90
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4356	2920	msedge.exe	91
PID 2920 wrote to memory of 4364	2920	msedge.exe	92
PID 2920 wrote to memory of 4364	2920	msedge.exe	92
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93
PID 2920 wrote to memory of 4880	2920	msedge.exe	93

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2024-06-29 160912.png"
1⤵
PID:2656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffed0c646f8,0x7ffed0c64708,0x7ffed0c64718
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,2735798028912388260,6352643039404611427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5320 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4264

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6a06e137-fb1e-4bfc-9e8d-765260cc4cf7.tmp

Filesize
6KB

MD5
b5e6e5a45ddc0da444ca24d90cf859a9

SHA1
816cc46a96d18139f6675cf8eb9583a07761e696

SHA256
2e381b07bf2f422b4e7e084be0eb25828270801747bcb9d29b0eff108c3ebbd9

SHA512
0f664ddb61ca4fc333623e4fd3f8d0e9a27ef2fc935672aedac29fdda5e558bdafc50eb9b64609f4909afa4d2e8c84727def6e2172e83db8a66d78913fcfe476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
23KB

MD5
494d2bc3820ba0d8be0a38e78123c4a1

SHA1
d1452a91e1cf6d2c643a462216ccf55e75cc892d

SHA256
edfe39c2ce37f913a4cac089ccdc096dc7a6899ffa4d82f99a48bdeeb7ad914d

SHA512
dac55a70dfc13837b8bf7cf97fd2658d6c5bdf116dffb7e3dce5f5b407efc55bd811cd9354ffbf014347228fe00535507165fa8730f77a9c0c3e2a8b1f925e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
b5b7402eaa73b1e765157c5fdfafa458

SHA1
35f80c616def35951c498a9c85ae938dbf02755c

SHA256
f3cde80e9483e2d7f278a581e0e18063b4bd9e9f9beacd144410ef1c9c117f90

SHA512
2f345f3687d1233a08adcc3175151c4346e094c3f7db9d7faa6bea48defa392bd613f20d6be1dfba1f901080920014c109ebc45423eddbe50fde720cb2f2a4b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
18KB

MD5
95d49e491b46f526854d624e40d8af76

SHA1
5b145ab428cc484ecead4666e01cca7ce6b4dff4

SHA256
f897fc168379623a0e92c3bb80ff02bc4742ccb555fb094e87dc9b60697a481c

SHA512
8f3c0161503b21d68f3b430fafc1c5408d91218c3ccfb2cd62e7b40bd6de113b5f6a7674cddd3b5b6518ce5d84879b129eb9c29a72969a696af6190b9c3af2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
47KB

MD5
1b41de287931f25dcfdb32b449b62dce

SHA1
e457bbc7784ceacbb11cfa3ff65571de5c0ff227

SHA256
c1fe59b2b1995ef9709e1dcc147a96774f04c95374ca1c4df0c41e1cfbaeb8e0

SHA512
4d1de63bd0e1d61375a72252f41be91a61d766b3b204a0e72bf6530195a3f26d89c8aecd75e175281287b3b3b56a71f964ced207a0037641ba8c893d2ef75c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
19KB

MD5
86c7c2599947ebe876f120feb84db30c

SHA1
09e26d3bba377fb749074f58d404e5b353b2835b

SHA256
4aa94462cb182814f3bb98a332481bd021d8252a3ae46e325a1d93c64511e661

SHA512
345efd0669da41af8239916545ebdabf5cbe36b83de0374717d3d1d2c4b5566824834b30cbd0bfd7ca3211fe13c2df6e17fd8bd7fe96215d4296a99fbf2c235c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
96KB

MD5
a9d490fd6182ac4a93cc628b536eedee

SHA1
dc9f38f03b2108b3ec464b17ea697ca324a67068

SHA256
c4592de40ab82c8748599bdd881f93ebac3ba0d2528b626822c6ab315b6386b5

SHA512
bc5fcb24a2eadc3112e49308614ef654c912a08181e118be629a0b2437c4e45241eca840a2e493c3dd978a5149592ea24b8e7619162624a4b71ac2a91d74198d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
745KB

MD5
08b0df0b0aaeaf2d3e9471cc45c3efbe

SHA1
6b63cbb2c03c59e452530fa3bd92a18c1d1e7f73

SHA256
360998da7173df076018d2e8878c8297064edc790482b919c9fa15772beaf366

SHA512
e5d7cd8dc70043f95edec4043cc395cdeafbdfec78f65a1fe07259bec81a5b52c4086ab4eabe1bde3f3e25652a10cb63f6adb7a811b4c50aaabd5e4738b53f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
32KB

MD5
9c14da42e50b2e167bec77d3ea93350b

SHA1
3134a533899708740220acb3108c47872e792a2c

SHA256
32836c50b4c42baaddb764ee10a9a895865ccebc9eebc66a3f0d47ee09131b4e

SHA512
f93dbf35d425a25ff4285228eeae0b43dfcd93a368d5a27cc8f4bb80759da8ecdcd26facc2d00722c8b3131051558747fbb9625113b161cc6253a7fa9fb8b3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
52KB

MD5
4298f7bb4f0ba817677f3f6cf3fc9e36

SHA1
266c41c6d60bab0aed52754539fc538e19befe04

SHA256
20bb47ec008e7cff86b547c20e2e04d3a01b79e6ec9a06c4f7f916b986d63d7d

SHA512
cc39afdcaaa6573134580929b1828ed7a79435478a99e96d1c78475e5ee75bb85e5c9287450ce832aca7bc681a91630a90edf70633868f5630173e6b3623fef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
644f2b0ee81b56ac7303031ab3ca10e4

SHA1
7ca67423f0ded5ff534f0a0d42df416b44d36805

SHA256
dda33f363084c0f939d6daf5e648ede370fe5be24bd408a6ea0e6bfa1042e6cc

SHA512
461b910c1c3d43d5e62ca18d8a2ec7c9a3db196d649c08ca56d92a8a5e39a991fa5dc53ee20572ecb93b3315b0ba2e2a0ba9f5644c61b2d2c81ef74c05abc39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
3cfae8653d8d35870d49ac0f8c5382a1

SHA1
aed5b397725000a6de88085bf33d5b1c64676fc4

SHA256
8bafa428c25c854ae9e6aa22ac6ec565ac1772f61ea1e21c514625cec3d739ad

SHA512
ea0420aea4855228ad8fe9bbaad100fb7cdf2ae2780c77767ce14c7729dd72ab8e5701024b14243637c5a322a283dc32b43a3491f705ac63e419c9e1dc154c79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
8fde35ba9a3703ae2f56ecdef7efae11

SHA1
1c4d39d67d2277646390a6a2e6261198b1384113

SHA256
c37c4cc5deb72c5c19cca23233ca00473fe0276d66d90315015896f58613b7ef

SHA512
1e3b43b4bd208ef5f3f8140c86282d00426c5f1d8fa79b2670116ee2bfbc94708e71f23800a23544fe321c963d0f24e862687898165f29ab93b8bb23ac53996a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e2bf9069d831062940fcf30be3871c8e

SHA1
b87e5bff331ba5b84b2279bf77ff350f2d00b104

SHA256
0572d921882a4967badeeeacd4b3b3deef0073d0424f18dd0ad0500e1d6cb5f5

SHA512
59e72929bbe95bae2b87e392bdad8214d9b4465f1639c0fc88ff8201e12f4042fc425f38f5cf52cdeabcd4ad8064a09bf455a8fc57239bcc5db10fda4d6586ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7c2007037d33f2d45b1ffc4cb4a8525

SHA1
f5abbf7123144fc79a40ed6f2c1e143d1487b74b

SHA256
595e0788b7478dc7734ecd41aebde1ac28dcd277ca97049777573038ef47a427

SHA512
400de5caa42b79dc71bed62ac734fd7a161238f1b4fbd06b8cc83f12ebb55931103b9f1a97df2e9f975f09cc828c29080f508cadb84d6a367b433ddc963123d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4cca75f571fb20e183a6c9309ae872df

SHA1
cb2169fc63265f41a9913271ad68ad04bf7f2e0c

SHA256
e9c535802cec713f050ff07bb0cb8f094a46483881bbaebfb1aa547ffd3f1fce

SHA512
a1c9b42d23bb6607525cc73519921e21b37369e28e7a76899865f6468523cbfb9b3fcefa61d19c9a624a4ff5028d966f75f1a282b6784f62acbb6d64d8fea017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5a90c565c29e7b4d75b56e9128747379

SHA1
4176f9dde143b74c6768cbf34eea2727dbdaa4e4

SHA256
147c5e72195e9fa11ee1f8505f4e452d1f06ee4c78ab1ffcd48aeb3565c6c675

SHA512
caadedd75456ccc6d592217ff6772dca08974ea99b48479c3a6172bbf60997acef1ce1eed7b134aef838512924271688ba4f7da1ecc9624c470c729c43958f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7710c3e1b8b25d31db37ccb4a59e477d

SHA1
bfe1e50145ba24a1ecf7cc91b66fd894dc9c84a2

SHA256
c11c1727ffc8469c7ba1a62405e245546c01d6f1dec7c077dd9a2e75b998b9bf

SHA512
d8f3383feda5ce58c6e9a2e8ea1f9ad327062bdb7fe0dfb5abca5bda3f414ec9ec4b12924b8c2942909a4aea620c94b9eddda456c58bcf494524c4304470fa5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de51c300e80701f2bf1983474ef51b06

SHA1
37ed5008b06e4ba51ebe790b5a815898bca35c88

SHA256
0e26eb32a268478ce731506fc60bb744f178173277df945eeef0df25aefd4405

SHA512
6b457ca3e83f4534cfff8bb1c2ed2026647d025403835c1f285f0b33f50b7479f0030c9fb10e61965c3d4d541a2d40dbf3d1d0353d2180c35a888f15acd6947b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4ddacf0115905f8a6093c69fc2b27c1f

SHA1
69bacd528fb29cdefb1513e7bebab21e2ee5e1d1

SHA256
0cd8ee6f66e32e691c22f2fd343e155e80eb248ad0b7a95dd1dc4df619049c97

SHA512
8a0f4ee26a046cafd6d3efe8d4783b6fd7f601c7b0ed5851ecf3ea38fc0634e92bf86210b4e0af71c86625a2201c49b74770c071c027b7dd45ea07506a68c531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592e59.TMP

Filesize
540B

MD5
92a75a5e1caebfe9b439a450da89de03

SHA1
486302222cd48547c4ab9e8ab2767f6785ab7e7c

SHA256
396a553d8d255763d3beff00d1fefdff497d2b11215b9713ad9ccd52f7826fac

SHA512
d8de18df3ddaafe1444f4babc971a7961cfc990bec2728fd8af561e3a3aff216153d58be5950868d675c16634caab635e58efcbea4c412e9c7ea861746aa30c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
580b3a461dcccab6a0d75c6ea5f1fa97

SHA1
0cb2619e754bff47ec6c01d00e65ee0a541201f7

SHA256
9e9985de01686c5ff9242755439d0e55a0559ad17cfd1585fbffcf8af0aed337

SHA512
b4bb3633d1b7bbbd709a7a8a921f5f31e978024895ceaa8ce960874756fabf2441021c9f2e2ca4122a9871e8e269759751941454bd5c898870e1b56886e97f7a

Download Submit