hxxp://deledo[.]com

Analysis

max time kernel
134s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
22/08/2024, 13:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://deledo.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2718105630-359604950-2820636825-1000\{588286D4-3D23-481D-9D26-1DFEC9DFB9D7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1020	msedge.exe
1020	msedge.exe
4016	msedge.exe
4016	msedge.exe
972	identity_helper.exe
972	identity_helper.exe
5936	msedge.exe
5936	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe
3312	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 2764	4016	msedge.exe	88
PID 4016 wrote to memory of 2764	4016	msedge.exe	88
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 3060	4016	msedge.exe	89
PID 4016 wrote to memory of 1020	4016	msedge.exe	90
PID 4016 wrote to memory of 1020	4016	msedge.exe	90
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91
PID 4016 wrote to memory of 5116	4016	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://deledo.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb271d46f8,0x7ffb271d4708,0x7ffb271d4718
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2484 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3084 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1704 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,18138772546154932980,6917455365434357070,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
1034cdc960ab8030bda58096a00085ec

SHA1
cb0f92928f0dda99c2f397ac16aed2ab90b94ad1

SHA256
ab6d19a2fa3b7937fb7baa7a9da0521c03f1aabea978e90a04f63b4a1ee41849

SHA512
d67a6a1f06e2caddf7f6acd735cd43fa483cfe84d078fb6daa0837693390deba991bccab2d5ce6b1908fb651ca582a5d68e5bd02d4c5e826c01feb6dded2e3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
46KB

MD5
449b30bb49e623521a2b867362e7bc47

SHA1
be2e57a59772ae53d9b4884846a65de530f65c98

SHA256
46fa082c5ac3e377c83674e8bfa2dcb5244e60bd78686d24bd8333968e78d782

SHA512
d0dbe79103c17f6e2119f95a45c5bd37d4cce4cb535215e43ac75c2c4b98417077adccdfce1db2fdd149e68108bd02e227ce0766fea90b8c9feeeec931b6b0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
67KB

MD5
ed124bdf39bbd5902bd2529a0a4114ea

SHA1
b7dd9d364099ccd4e09fd45f4180d38df6590524

SHA256
48232550940208c572ebe487aa64ddee26e304ba3e310407e1fc31a5c9deed44

SHA512
c4d180292afa484ef9556d15db1d3850416a85ad581f6f4d5eb66654991fa90f414029b4ce13ed142271a585b46b3e53701735ee3e0f45a78b67baa9122ba532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
41KB

MD5
60f8cd04587a51e31b51d1570d6f889a

SHA1
88574c41d0ab81721b275252464da5c7927a4835

SHA256
27cb4390e32a97375dd4987ae000406933bceba5199f17893711e782333b81cb

SHA512
84c12448ac55dd819749fef9be9919111a3df4bc51e66d2fa9f7376c11c101ed1349cb36aa119aa873cdd6c0c91027e201fbe23c2c83b89bc900a4d9077bcc52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
1.2MB

MD5
2049c79ddc0ba3375dfe1832624bba4c

SHA1
aec0cf9ae1738391d630681d653b08625b276bc3

SHA256
e9cff2115e36f340c8a7cee5f24c5392259cd2c440fc9890b265551e4badf572

SHA512
4fd7488e94e8c9c990439a9200e9317eb7dc50eed35d32d17f13292d4d468949d990afadf4c654e8abadb638aced83cdd868dd6b68d4efe5aeec2670573da0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
27KB

MD5
f930621607e050dff86f94bbf4806b73

SHA1
d06bdf16d5794550b78713955629c465b6970676

SHA256
fe97ff9a43f7f196dcd9088da3818e6f80ecdc2ad8937a5bd4a52c8b3979a09e

SHA512
df4c634c95cbc63c44c0f884817333fdb3965d225fbcf008d134a12ea99d05965b043c4f74bbe57f8356fd7f698fde30fe34638387ffcb8ca1226fe7c8b00cb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
24KB

MD5
9661f391f69ddbf1e8bbf879c1c69660

SHA1
60e78567cd82d5dec158be4ae4d365f45412fb36

SHA256
59fe3fa5daacb2b18c734a563d4e8e9df1f51eb24672249ca4962f3132149191

SHA512
dd61b2a9827be092d779b36dc1c4f3983e78cd42f3b6bb07d61758502ef0eedc2fa562ec028374d072e1ace9d82c2c816d2bbb742523f43cf5a6371b79064722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005e

Filesize
35KB

MD5
ab412784919b288323d62a779b8617bf

SHA1
f59fbb08df71ea19a435d5aaa34b60b2ea83247a

SHA256
063517e0975f657e7c0a8b80fff85c5ba4a5a1860a97e49130ae0b2e8bda33ce

SHA512
74aaaa4fb65cb11ae89eb74b983f0c4ef53a9ced45697392327c2f443a851ba57ca483d56cd94d76a6e4db3e043b795d2bf7603cff03f2cb860b6bc660aa3e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
47b1ae0c54bc43f9f3b281ba06e48a7b

SHA1
776716deb5b6b9ee166709899848de643f355ace

SHA256
6d22be736e1128b0fa42593719367ffab021880c8331f3c5eb1c98215435f37e

SHA512
9459cf039ad0ca40819fa2cba189da90e199aa9bb32af53e44d410c05763534da99647136863eb8895d65dbc59450d14854241ea46faa59a340e58d2c2ae289c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
f7679b3d72e92a77b34bea394fbb9f66

SHA1
b7a9373ada4ef7251716833f6c2d9f88a1a0ee48

SHA256
c731c158b4a5fa47fbb882523555d7425703a9745b648c6acc9ae9aac95ac46d

SHA512
b1a12aef9260b5d77d9817119a747b69d83e328955a7a44c10150c3274febe4656586595f15893257aa7bfa031c078439843b90f1a139380fd4a348b5da584b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
ae3792f03f9518f3ef70172dad10e552

SHA1
f0564f652e437bc5fc0cf304323c037d6dca9d65

SHA256
e189969582b89367a2e3570196872eaca565526f2231184b8195d4df6d58ca7c

SHA512
e4c9971af9dee00713cf605a06ca10d1f4df8a2ef8687fa514191c08211cfc76693934490426a9dc7ffd05642e0f868a4e76795b2543a2fa422d10bee69ce531

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
1deeeb5781e0297dcfb6951193e14de0

SHA1
a7e0a21b86ce3486614de1b14905adf31f74fc59

SHA256
eb2a52e514717d375819d81b9dfed4b792904b5a5423c8a868f10329705d73ea

SHA512
c05e79e32d831738f1c135d21fe1dc4e511e0439019243ed7fdab8ab26349d76edbf2987102f2d5bba4c2db04808201202c9a4a1f06368b3e1a4fcbdf7aff4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
d56a2aa3df288a2f8aeea0e892065a7f

SHA1
274c02a8fb60842295fa58b1e5dc11d6c5c45955

SHA256
a15626b54d935ee77e3fbe9af221e1024d21cdfbc706ef842f2cc86d25b1d313

SHA512
dfcdeebca7f5c61a0ca996d53b91afb440206bfbe947faef0be5b40445731f1a5114d7a2dd9d3be62d498d744f1ef03c619fcb1d3751e303024e9456e48ba446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8d9c27358c64f3543370573fe723a155

SHA1
99f228d7a7ded25c0971b0a34b17191331818a7f

SHA256
968891de8388cd8d15f69fdedb98769e38fbcf8521de5534dd470598882b589e

SHA512
c93c347075b360a9b8e6445229b9a229a37b669fe5b74251edc7bbba9877f7d08f76630c6dab1dcf92d0594297120201ea04d1b47edc2bed5f6575454bfc98cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5dd31d76c6df997feb42e15bd90104b9

SHA1
1b5b1da202bcc0f9dfd0b846035aab30b7dec006

SHA256
88161b4f28e70a95070d7e65919a98f2635ad2c6c4d3a3f45c5a810515bc213a

SHA512
8bc748f8b210c92ed05a8c247c7ba5e8e5bd7f34ec29df804b4b8e79968ee461b353fc18734fa6021d60448d2d13ae929fd5a0e46c045987d882779b9a5f220f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
182a8166980cdee36c9172774e462c23

SHA1
c0d73afe51ca69291336d71dfd26315984f3ffe7

SHA256
69dec4ed97ef28f5dbf51e94c63de90a17258545c8f1d7e98799a0bb6b79965f

SHA512
a60001c13b3228b6acc26b8f68e3e4e8fcac5830231302e7fec38f177c57df17f6aeda1436c67962c743bda6414411d20eb7fc49d76c400ee520d4d908baaddf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e6f44f30a50a7f959cb4af5c06337b6f

SHA1
3b72334347aacf1106804421c3823a75d8c9fd8f

SHA256
5b305cd0127d8b9d4a2fb3f13b4cc32a8f811c6d5f797d1c537489997a26fb53

SHA512
89d5dca7fb973c7eac2bde24b23c8a94c4d7090e28e5c6053b4762915a5afcd3b188aade6bd46daebf035c1a84b745eba71539bc5ed207891958f43969794695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a6788e31d338ed326313338a7ff1bebc

SHA1
3ed7f0d4465a5c4657037588964a17574820635a

SHA256
1d8e2ef684b492540d793ac843721786b41e8c486ebbc310f66f53290dbdbe5d

SHA512
4fb60e153815c81e4892e3732a8c079c98b3f47a8b219c122f893b7fa75187a16f934257ced930e4ba489e34a89240305d3e0750ef3f87b81113df54c17c8e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
336d885036e0bf52ed641d50ea93e34b

SHA1
6885b133d09cb261da7fdaeced2a868340737368

SHA256
c0381cbd81f0e56f997eb32fc9b39bfe85d7b64b928c401fbc58da09dfb5d465

SHA512
593c514617afb81ebb45d43bf31a2f20f5497c0810e90f12379dad5e5c111979e931526843e19d1abcd8d2b16fc39d5abc92cacf76b07704e9e7b0132af1fe56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
86a7a58834697bdc4028f62adedca347

SHA1
085f8046002a32e1c5f843bf2eb6b282fb473852

SHA256
30757c8826b6a80fd6497b6e7ec42a48730462c68ace7ff16eb18da4fe49a9d5

SHA512
951dad8aa5ac8fa74e798920810cada01e17d5d06715450f8e1eb62e68273ddd87718424eef6aaec2317cb5b32b8ddd23bb2c5ea2262427e3f763f402669b153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8a366048ed2e9436aaec7e78a0c90e0e

SHA1
77aae0817c3abae47d9192952cd5c230a73cc3f8

SHA256
98b31cf1d593b1b9996808995096a2ab9220c735d954f4ce58ec4f5ef7b4bf10

SHA512
5754de91eba76b6a7488312cbdced0686e42babd216e8b3c48bc5fc0e1126d9d615214dc3c040fa458e1ac45827e194ddae066d86447700e5857822ce0f948c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9fa9287e0c103440500e0df2ba29881e

SHA1
117e7f8052856f6a24a6942255e8c6e5d95473f2

SHA256
df3324c22a04ab15c1105d5cd21b47ab0ee6a66c4111b3a7e0d93a92cc754305

SHA512
c426af5c32b1d8d4b3e1d8e80627686a74c3572646b80cafa93d207066c3723c3d1965efe4f47af75d3575771d7b29d6b1cc2121cfed34855b9a9ef202885578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585fde.TMP

Filesize
701B

MD5
a9ef067662e402e166bb75bf08845e69

SHA1
1cc7b8aaf70226ee50defdf917ad1f8fbdcb83da

SHA256
ab20785dfe3715e1eaf74f28057b4f08a330ac92f477bb7be7fbcc36151b5032

SHA512
88341772aa8a68d6409a03bd7d972745aaf4cdabcbbfda19375c239881b0a052bc66a86f6bec217e3036ee06cb5f51f509d87b696cfb3e5b7d74ad1a23511155

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebfb032a09a96319a3a6b3cd3727b38d

SHA1
bc9c43983d6245716a201626c1548ed7a7177356

SHA256
9f5060ac3ab62cffce93a9ce32511abed228061d02f6d428c01c1081a9a6a77a

SHA512
d89ea152acb2a470a1ce49b313505b3fd1a23d8699ea7d981342aec878ae36ba4d6122b9ba71150643959072689ca565ba4135f3c17953ed81aebec21c719259

Download Submit