3484c921723a32bd5f63a7ee2107f698a485ca792683cfd6a7db6f27a3bd3f19

Analysis

max time kernel
2700s
max time network
2645s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Copy of EaglercraftX_1.8_u29_Offline_Signed.html
Size

14.6MB
MD5

808156e7ec8daa3b2048e11026972566
SHA1

d7b87a018d142f296ac37c830d048be2b20bad33
SHA256

3484c921723a32bd5f63a7ee2107f698a485ca792683cfd6a7db6f27a3bd3f19
SHA512

f5eb181ebc672796e1f03941128c18185fee20be96033c3f653a018dc15f496d08c17508602768baec6cb3f963cc1f56a5e4aab5495c93cda2eed0397ac84e91
SSDEEP

49152:63ubokvsHdffEZPqFXQNCSveZ7PwFb5GJbheDNGTuAYi7Qw7dTyJ2pI9ir//Mtj3:H

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
5004	msedge.exe
5004	msedge.exe
4072	identity_helper.exe
4072	identity_helper.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 3800	5004	msedge.exe	82
PID 5004 wrote to memory of 3800	5004	msedge.exe	82
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 1044	5004	msedge.exe	83
PID 5004 wrote to memory of 4908	5004	msedge.exe	84
PID 5004 wrote to memory of 4908	5004	msedge.exe	84
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85
PID 5004 wrote to memory of 4108	5004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Copy of EaglercraftX_1.8_u29_Offline_Signed.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc86946f8,0x7fffc8694708,0x7fffc8694718
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2700 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6925513964418647677,2540859550863008164,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4140 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8a046371225e8960304e2222dc7ce98a

SHA1
e869b69be9423e22aa529e8836e0e27b4091bcd4

SHA256
6fa6b627ff2f13660927b57e55278441a268d0d84db37121a4224ed27bd15411

SHA512
eb151d099ef6df53fe4bc7ae8a24e83aea2c77d5eb0926f06229161594cc365559ec97f6dc96cea2148dfd121c0f4d39b3b75a552b48b6c71c3cf9ceb884c5bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d68d6ada4a801306ff2fad215a36541a

SHA1
2f564d5c05d96bb7ce89ca113954cad805308e98

SHA256
ca7f807213531bbab8f4d991e9c31717dbbe90e7ace36498692373f8f4e2914b

SHA512
4952af069903f40e4eb5b355eea8fbf6bf66f54df9ad9e01b93b7f12420221f14b5cb454848dab4bcb65f9c2e39a81ff0e5a9f371703b35d99d04565722c6590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d37fcdb84980aabbaee64c4bc2042637

SHA1
1cbb5949895e0f7c27a1be45a8b25909312e5d3b

SHA256
27559f06037159fe2b60951cd9b5ac99cfaf1b0c68f4517df4c046a00894998e

SHA512
c095e2be7d4ccfd753a032e7bc6100525f17ff2b15670c236aff28bd5b22da74d456393dae141619814193b0ea9ce2c0b318116b56d71bcaaddafe2daf04950e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fc8321baee5e0a9be527563d19167635

SHA1
ada28ffbf256fbc4f733e11544acd8a37641fdf2

SHA256
6181304b6edb739775c8e69def63322c9a65dbf9675bdf74ad11f364dad8d881

SHA512
3d479da6ba02701b5bfa26c1e785e4a0f06255398d3bb7ac29a71f40c8da437ff7e8009ef64fc1e37617ceffeed8e9e010998f5b0f608966e67d9b720bc6da58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0959f7af336872b768aa00f563754a20

SHA1
6aeb610152a6a576dd8adea4e8fb3255f14592ba

SHA256
82093e1676412686835b067bcd9c70832ae0fd58f58f6468dcb676d371bbd438

SHA512
e77bfc10dc16bd66c26fd7971ed2a8882ec77881529fd88aed0d6e3627274c84863d864f25284771d2f234b9133df24bf0d4214d48cee79ac77a3ec982efab67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
231e74fd6c3de890fcae3bfb4bd71775

SHA1
2f79830bd3a45d63de7b6af8080643825758d3d5

SHA256
5253a54a67697c5555109423a523292c7ab14c9d7f18a5c791a55ec498c4f478

SHA512
5c16a40f3d031693f8a8c73f040b0a644b26dddfd0b849b28115be52fc0640bd99e67bc2a0bcba5160a7c3ce94fb6acf01076c002f37df319fdcf6c39d2a0a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b9a17351a69595fe9c38c91ef428c2d5

SHA1
4d3632b783c2472e2f8558586740288f92ea7825

SHA256
4980a4498011d95607951573de3c1660ea4f4431868d55695dc0c132830d4bce

SHA512
e89a38d31848d4c50581c26c9f8994efa58c29eb349c025c7e4b7f93e6409c5c320a61f69ba11940f827257e0d1c0b0bdff6abe7aa90103f2660fadb8f4f11a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\49454189c033af283877e70b3567efa484a0da63\f42e11df-4228-40c4-93d7-000e239cb689\index-dir\the-real-index

Filesize
72B

MD5
77bd081e66680c4e0dd6eab49415309d

SHA1
4a711b59750fdf5b4f625e22e5fcc7457847e193

SHA256
ea01705b7fd8c653b30e15e3fb4dd94b7d1d24b22cdb524f1a6f1f1278768598

SHA512
a464bac3b5c91890eef368a963a678a03a335fd11c98a54f3299b70deaef94079a7e53ccf4dd5255f948ad6f6b544a4ee0c7f4f0647d9f6c89aa934ee07b291e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\49454189c033af283877e70b3567efa484a0da63\f42e11df-4228-40c4-93d7-000e239cb689\index-dir\the-real-index~RFe5880f3.TMP

Filesize
48B

MD5
1c97dcd29c4877ce06cfacf0034a35f9

SHA1
709800856500d9087a594a134cd56732e7cdfb9e

SHA256
fd2d13d8d22649c808d1110339e399df0bef1941b5322a7b1f789427cc7fe800

SHA512
98c14c853a2d68ab6e1586cdd02869f8446bd7173fcfe4d024d35e63c333dedd8d926bfa681103dbc66fbfbc59a99be928d0b92494b39556921bf10679646460

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\49454189c033af283877e70b3567efa484a0da63\index.txt

Filesize
105B

MD5
8f1af89625510a51c3483a96fb94b5b6

SHA1
9b0b2bd828d30d71417a48bd79b4ceffa581dc19

SHA256
b52e4819c660d16164ea5d2cf6e049cbea0c2434c9d33eb3dc6938cad29983a4

SHA512
1118424caaf6b61eb22772582c870c530a2ab9c7dc04af72712b1f4782e76954d76817f909c1e37ac1d1eac75fa685dad919080c2e8c71afcbc6f22c26c7aca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\49454189c033af283877e70b3567efa484a0da63\index.txt

Filesize
100B

MD5
a41f8e2fecc9301b258bfb531b43b918

SHA1
b5d5b7f026557f0e9c9f6a6ee5111220923d5f3a

SHA256
d6c528e347da4878176940d53d954022fe28e71b9ad8cba8dba2d468de4f0a26

SHA512
5faa23b23ff2cfa01bbaaf65335568ff9eb76be7dd79f330ead4aff0153de2253860b1804c19482f44edf4514125aaa4b78e4c4568fbf7d1d6f832e67b434a41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
8bdf11f1c1ea8bb3651862249967dd6c

SHA1
226c30b2e3a2ab9ef8f19a511562646bd8a96987

SHA256
d2709241ad568eefb4a82f2df2b7711a265a705fd5d4cd390d0a7477174cc1ee

SHA512
a20d3e8bdb3de6460f3683de894d3ec057655348fa3939c36a3f9f3ffe1f26d54b12d1686793cfef76544f057035a892bf3594846fe431831adf41229e80ebb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5880d3.TMP

Filesize
48B

MD5
27bc9c7ddf5dfedc753b0aaa0d416af0

SHA1
88f92a8f858abc5212076376d168a5ddb78d424a

SHA256
889e8293e37e0e1768d3d1ba39c81eaf45a8571a94094b79a5b33c84f285a7a2

SHA512
8376e37a0abe1d29142004c96acfdc22f19673e01aa05bfbe4e45f1e71fc2b16e9bac8f24e392679b8e9d43ac7ff60140af5f4b1b11f45e07e60599fdf80c365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50c1f16dff6120e8a9374482ed9aa4b1

SHA1
b4a03e268d0d21faf4a540529081cfd2039c98c4

SHA256
3a7ca865ede882dc8236df27d754d1c3c683ba00ea4d11bcbd5817cb0c1084ad

SHA512
7e278f2d7ca187045357879b6e5e9907b2c6cf976df600f84cd3e8b65161e78433fc86f6605ba7d17a080b7dee64edc019278e4cdb75fa6527102f688ad2b1ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c71b038dcc94bc716c813394464d4c3

SHA1
014e9e704acebd09f2a036323d37f037728988df

SHA256
96091e7d5b05a4beffd543e74a083ad9098b9082c93721924d5f6ec86e0b37ea

SHA512
b5f46ff214b044b509513c969403aacb5c9c4b86aa432274d40a1fc7dce149d84b0d728428f984162e6b18e3fd01edf77dd8f1c341c376aa28d049b61341e2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5860c8.TMP

Filesize
1KB

MD5
f4c90ff6b45bb6c0d10fa8c6e5b2ae03

SHA1
a11e0c1c5db07311aa48f29a48d15464a8cc93ad

SHA256
02b8896470ce637a35ba7e9f5eed0fa6e9e5f1df48d6b45a9410847f51da3224

SHA512
179bd55ceed686d83e24ddab8ec32ed0f45e1a43dfe53c712708b92dffc2233b6713944ca0946881159f20c72a1b8982a12adea1c2b61e6beb2440138a91b666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c40223ffcfa05b137dddf8fda9ba669a

SHA1
37f0925c58fca96f024871aa6e605ac661a0630a

SHA256
12065c53016d6ac646a6aad8909f4918c96e1a9784b3d4e563a00ade83079fca

SHA512
e3712d1a56c45789df801cdd0466bed32faf35605cf11992e617dd4503c915c12290f4e3c3dca7a30c15f34c7295dfb0490cbd43f78a511b82e784a1e546e5c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f9c32af25e5e250045ce97ee5a42739b

SHA1
9362448d9f56a8587312d774e76d89680cfdfc7d

SHA256
0d4f2a2711763a6b6b5355bfc2c071fdfd3bde2bec78fca8540ba133cf53519b

SHA512
642edf213957f3f7a7ef727b730d234ba6ae08cdcd33f38e01b05452fe98302ce6f5971d76de2fc73e65dc804499f09647a2747d2f2802c4488142e400b0f175

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
15d584ab64ff7c7ef104bda636f59a87

SHA1
5f9066f9e8b2e4fbc2a4795419016d2feeed5704

SHA256
308193525b768a30e7171a12d4c22d78d79692d9d46a3f3991de85a9ef7a8515

SHA512
4c5caa9b601cf540a1b54d5f32e7c6ec7bdd383063f914ce3dc081792bb94a433a9d5ccf7d2a2506df94b784fd141e529f5fd0e116ae93e5d84566572e468578

Download Submit