hxxps://www[.]mediafire[.]com/file/kydby9iy7ks7pfc/KASU+V5[.]rar/file

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 08:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2640	msedge.exe
2640	msedge.exe
1840	msedge.exe
1840	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
5264	msedge.exe
5264	msedge.exe
4400	msedge.exe
4400	msedge.exe
864	msedge.exe
864	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe
4348	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe
1840	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1840 wrote to memory of 4444	1840	msedge.exe	84
PID 1840 wrote to memory of 4444	1840	msedge.exe	84
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 1288	1840	msedge.exe	85
PID 1840 wrote to memory of 2640	1840	msedge.exe	86
PID 1840 wrote to memory of 2640	1840	msedge.exe	86
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87
PID 1840 wrote to memory of 3448	1840	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/kydby9iy7ks7pfc/KASU+V5.rar/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2db746f8,0x7ffd2db74708,0x7ffd2db74718
  2⤵
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6324 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,11716634931740683512,1280737294151522967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6416 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
ec6caf7d4a58115c689851ba5d28cd9d

SHA1
392373a22526eeaa58a48de45878426907378ef6

SHA256
ef29b90ad9e3e334348e3aacf9e3fabb3fe3b6846a5bea4cb6df3f66f6cc0894

SHA512
de93cfe569998703d51d4f8eaabcffc7977068c674724dc68245922a027920319648f86c786c0d3d084b33eeffd1b8993bc48bb2b51886cb91f0f8d609bad980

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0402954c169dab575671e211ff1c582c

SHA1
798329ecc2211f738de291def7f6ad1b5d27d575

SHA256
3a6ce0bdf34727b7434d3af015f90f8dbde75822c6d3dc339a5f40fd89731263

SHA512
29bc9b2e461e67c1d8cd761701bad854a8530b4026840781e4441e4c899213dc62cf0c097cedd591eb741fc5f1bdf1ff52474e6362238462d4d636b3dd82d7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc30077e0a1531c475029c9997245e7e

SHA1
2b9d24fb54da4125421aa4a547c1a6760dbe0429

SHA256
906cc6ee7ac7cbd964a8e566a9b34e3a629e8e5e8da631339e83166fb7b63dd9

SHA512
28f56d48985a2d30747722c867bd5f1078153d9b3860750feee484473dbe0daca4faa566e5258b8783c21d51668c254fd0ce6b9fa6814089f6f8b8a14c9bf904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f78c7121254ec2eeb1247927e3c14494

SHA1
b4efef67c23f103e86f1b25e368369a31ef1aa76

SHA256
0dbcf8d1ef3f32f1563af2d7eea6516349577831bb3a3fb72fdadeead0f700c2

SHA512
4fcb4a91b61319037bbbb2ee59a5980bf936f6278ed1582b79473004af082f2e60856bd3cf36e3c4be490a88ffeebe5c17959f5ff4498ef5358bc73d98b365c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e036e56ec5bc6ffa40e2018073f3a9c

SHA1
965d5a5ac082b308b582bff137fdb9f7af5096e5

SHA256
71c50f9c3f2125c5502eb5f8a0affa15401013fcbf9c57160ca9321b87c50377

SHA512
226c5db0a303afc32241aafbc79c9dbfe7e2c33aade3624db2dbf232901d368ee46484f0945d3550c360b4f4320f04d471b45854731c797bc507bad440772bd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f8d66a8fb1d1e45ab88ea3a3e0ed8c87

SHA1
a8b6b5e43ec7159f520d3f2c2c4876500aeb14ac

SHA256
d4f513a7683d88df4728569d7d803c2e76a32248e87edd658ac160fd9fe5f4f9

SHA512
638db84f1b1de405437b81d32e90b6f016833734cbe754212221425190f0e92203655a6776b77602af0e146bd314942299fc3ca0d75ec4bf6ec48b4ad7837612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec33866dd392992d9a76c5e9f7b67d1e

SHA1
48c7cead573dd76d532e0b027b2118ec47172cf6

SHA256
e6a16b1c0cb648e6c786838abf9aa00a1be6c2808008bbb80b906e628171a64c

SHA512
97d4b62bd2772a50e6438d714390a3a83bd8771db6df10dc7272194ea843a39258ee6eaeb2691b191b9f9a76de4dd9c5eeec052368b5e025c517f9d7529e9021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a5824561e544d2e99e9a2113a6e514ae

SHA1
bf0dfbe75f13bba1fe37e46f4e74ce8086afd642

SHA256
24b343efd219b4617208378890e6ba802ae332bf145974ea10a07e67561dba9a

SHA512
8eec8b2ac4a455d71bd652d4d93e34022ff3f79d758db641faad5600c2637f143e7d78f4c263d256de2b2fbc92069e917bd6772d0fc7c67452e3ceab889a82a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
52a805793f54aa3bc728505e30edad91

SHA1
6450d777d779274c52bdf2a85be485af556d52de

SHA256
6843215b280b22cf6e56269fdee5bb02a159920d815c0883d5385b4fe9ea881e

SHA512
d27481a202b8be25817d86eefd5f99d7d8a481fae7e42a842581aadd6be02578f789e5d27375ffa81d16e9e9d802bfe08357cf3a57bdd78ab0555e1305cda319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f42ae09ee0bcacef517ed030708b7270

SHA1
1252888ac949ff78848b4659adfb393b5fd309a4

SHA256
3523d135f56d5bf497a5f2d25d83c04aa384174fcc22c0664e1925099b951630

SHA512
ee6c968cec3b27c3b49e0878ddf362c231900b08676852e50128c79fc4124b2ad4058218e9fde12165f1b603ec147936557cf12eb844d32a8dfcb985b782670f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5fe0d823f0b141bda13c3c8ecee1f54e

SHA1
ec716e1903eb01fccbb996d59e9a8cc337a27f35

SHA256
ec09561a44bba0fc0472da82f7604cab315abcd0ce26000c9641fc5af20011ba

SHA512
4714d9f5ed45eb230044525ea66a2a9bce8eeac6e6ec1d0eaa16c9fc9d68f911a704061870e10009c6dff39b910a9fe3b8ed58dbf4bd149ab7b9496922b7b682

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bc2d0cb5-3b72-4067-895e-d40ab11880d2.tmp

Filesize
11KB

MD5
4d9c0db64ed2e5af28c9b04f129ebbea

SHA1
6a3dcc97230db9374bc78d7d31d6068bf6faec10

SHA256
9258a635e17dc4556f5d285ea8374d3b183617f8e0202bcec8ac3a9e9a607c46

SHA512
706ce6171aed47430a7663a27dade9b58a224304f02144801d512f2a5b095b0366073af412796281317e22a24e483fa0632d5f66d876563987942b325ff6d176

Download Submit
C:\Users\Admin\Downloads\6a84d189-8039-4629-ad3b-f89b9b9a91d8.tmp

Filesize
192KB

MD5
c31a3bc6979c8444611f62f030197cf7

SHA1
8018a24c6dc00f9a272fb90b6e45d21e1f3824d4

SHA256
cc917bd07afbc560fbdf5f5a4e054c03c830f234d377f4bf86da2c3055f7415b

SHA512
e29e911545ef2f6c680a43788165147c29b6c7e05aba5607ae78bdda21a965b006417b84f6f9ab1f83c03c612eed8fbe46cc5085c41f85ef17bda323dcd6ee3c

Download Submit
C:\Users\Admin\Downloads\KASU V5.rar

Filesize
21.5MB

MD5
522d76cad51e0e6eba24fb2556cdd506

SHA1
503b1bf9251af41e946069760ebee7ada28c6f02

SHA256
f8afb32af7d2f0c4e60aafad88e046c10d21d8162a81b84a55066993cf443e00

SHA512
d36823c2543d18b6bb628c62b64ddb21c7d3fb30ff0c75303fe94eb397e0bc35a6d99e68762c0d4ee16d7696fa5b370f2a890b1b06af05503bdf53c16011bec1

Download Submit