hxxp://google[.]com

Resubmissions

30/09/2024, 16:50

240930-vclrbazbna 3

29/09/2024, 01:54

240929-cbtresyblf 4

Analysis

max time kernel
993s
max time network
969s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30/09/2024, 16:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{C2D32811-78AC-4899-8FD4-D911A14ED096}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
2300	msedge.exe
2300	msedge.exe
2096	identity_helper.exe
2096	identity_helper.exe
5108	msedge.exe
5116	msedge.exe
5116	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe
2300	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 4828	2300	msedge.exe	82
PID 2300 wrote to memory of 4828	2300	msedge.exe	82
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 1004	2300	msedge.exe	83
PID 2300 wrote to memory of 3524	2300	msedge.exe	84
PID 2300 wrote to memory of 3524	2300	msedge.exe	84
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85
PID 2300 wrote to memory of 1772	2300	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6140 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,18309632133571965014,6027623773684730001,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
89KB

MD5
3440136c255abe7d8a9b76b29556de51

SHA1
3b99329e1cac336cfa9541fbc951883f10320a1a

SHA256
6dc8890a49fcf0f374ce4b7305bae055c3f3c8d5a53643a3c41836dba11e9b8e

SHA512
89e97e9f82bde906ae267bf0e908a999a1ff4e2f0cd0e49eda9ac639eb801b378b8f0239e3a5ba27577f34e8c2d10c3f0d318b736cf22f72f7ad34289e96bc94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
e8f8a8d3cf4fff78076320e18bb0428c

SHA1
ed521b538c037610e337fdadb91e05294d8e0370

SHA256
e055a66ef5d7b40080cf5fb0cfa3db2804c7fb75d9554761e22170e981e9aeed

SHA512
9fefe99f1cd95246388224974010f2bae2cb8bea805a6a0cf08afbae7ee7f41926d39a442313d128507e055c1efc7fc5f71217e62ae621498d731ef4ca41ef7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
181a0ce8ce6d8d85376e1465d4726689

SHA1
f65060ed6caa488f50e3a5c3c921d9e511bac4cb

SHA256
6ed858014dffae612bfcdc5dd759d2a3eedeb0800d5a9d685a3617fff5575b9b

SHA512
1d89bdf4678a38b3c03c316e0fef3d261faeb34cf6613bb3ea998093e252251278d8da1d98238cdaa7da186c2d3de5240b4bf1dff5ba399c5bb318bd4b7eeefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
120ca285fb3b63f3ae4aaf166ded472d

SHA1
3896ead5c712f4ea0a4c31e65d81216f036bc70c

SHA256
e4e89a3a46b5cfef710fb333de8271331ec9315b0be58ae1c68b8df95f7e0569

SHA512
3449b2da0da8f3ad25b6ce4868f20eb2c67976989474671d8878e59ae837dd7009b02dcbe40c6b5f8bbdc3cd7faf2cbca8c00433ad77737f12ae08fb1a720780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
269b9ef6c500b73d2e2559909e6f7493

SHA1
36d58dc06728711933707afc0ba301ac6386ff6a

SHA256
6a95ade0870aa9cfde3faf83a19d2c9512615e6a981e75ef97fc33b655fc8d9d

SHA512
260bdd1e961e331d55719907c751ee48fd9cb2c3c75d6b8be4391fa305b79299d47d97b6f5aa8c01f0fc512c110e328bac4e436021f0759183514424a7f4aafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d0c725d9d6aa5c19ca8b77bad146b14a

SHA1
72b53fe8d5b9ddfe2e35bba26e8e2bcdacf1983c

SHA256
feed60dc19287e239f307585704409641ae7e9085f1c67fa5f6ba7af63a24a24

SHA512
39488ece765d3697af1d4c8c95e0ee2a6a8f2b6a77bf20ab5200adefed7daf64b819a1f621b446e84b1695409168256566148196f258676fa808efe7ce77e4d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a009d4f8531ab436cce144062a989c14

SHA1
e97ab0040690a3482e5ed89f64bebe03092866a8

SHA256
3a60229a164c33da34770226da5af28af441147f8ad2d9ce9bbf3fe1eef3842e

SHA512
424a3db1f1701f8dd1eceda4ffb8e85e1ab13e05f435e6374503d6f312d56081a2a464615ae7bf4e38328e74c0ef38fb64c0f47c4198270718ec6c37bd91fe94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5475609f2a48e6e21087dde3bce059c6

SHA1
4deacda36e2a6eb2a887dfccc1f69757b16cbdb8

SHA256
0c8bc8ee4c98348b37c5f6aa8c5afb48a777493099d7fb355b4b70fc9355776e

SHA512
7b5cf9ff2634c3db1d44e6228e539fe18c5ce316f230070b60f92125aa1f6183fbcde65ef1c1a6f9869a5f0cd69ac003c2b62f8c018448ba6d76b0ea880daa35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3bfb49206b1ddb36405d7840709cca09

SHA1
3df2f526d185f3fc0615d8d5fb58cab6e90875f4

SHA256
3171a2ae3c32691945ff7739a0c857da63fb34f084eae74943217ab323fdafb4

SHA512
c6d77c44d387f614b4980d6e3011c4c43afbf07c4fa4c872abd75b9ad9165646e89462db9103737cae67d47a458db49f8db1bd5a6dff07c779de8f87f1a864ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f2e709c1d8805c787ec67c0df315fcf4

SHA1
4ab06ac7fdb0df785ca9be3db97e8e0dd7efcad3

SHA256
86ad4078e0cc6509d9c4f6f88b4375830bd8686a8959a8dc745dfb2f17222388

SHA512
1b0051035f9ac7e993ab7a2cb736354aa9809c627a9abfc45061cbf7a7263b09cac4dc6d428e089135c178a08bd5f3df6937287320089da598039822a1e6e74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
b98330b75a81db51b6bb31576372cf28

SHA1
677344351969b04e7581761c11119eeedee8fff0

SHA256
92eb0b90ed1f65c3fd92186543195a9430ae050192a66dde5ec20981df896526

SHA512
1715432b46c8d1373f12df56a434994f0c05588bece2285408939a17e7aa42ad46e2a8910bae0021a19fd18b29142f32e5274754d35e0edb24b589696cb3f266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
342426976b211cf3b02b5114a2cd6058

SHA1
e797d7e25857113423346c3181d5349a603fc2ec

SHA256
5d4273642b980c8cc552ee810fc917b630279ef4f6870cd92e154ef90ab6a535

SHA512
4535a4f765f2c318c03cab3b3bfb46e05f9ed5fb67aca05114421b71d80578cbeede43b0877f8714c721f493015f899d6e6877c8e2524fe02f7faf968b9817a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
99eab06c67a3c261d24336ec91fb163d

SHA1
19f2135436115bd1d8eb1b94bf507ab4c0157b55

SHA256
8990cb498c0d1097faa5f42cd3b02b4473b1525315167a32dd79efa0b84620fd

SHA512
13698a326a3ed8e2a58d8b0ae5d3e6b685a89aa03ed10da963d69639855308b22da165f8e7dca0a6102aed562312191761588d4e59422b50adae98880f70cdd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2971094e7bc72848c7e16bca2b4833d2

SHA1
e1473e9e3e9c9395fba6ed10f877e8726bcf9e27

SHA256
8b693c2a6a301150107e7f70a45764961e4b763bc8822fa3e98aaa4c7369f360

SHA512
605a47f522e3af8f4926459d45656c558a2ab46a2f30a7455902690c50bf72a9cd0e6ff5c960b00b27c8faab53886d529d3b34a6c923e26a35e9ab0440fd013c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6dbede686ea33098116184c47c9e1bc8

SHA1
3142b9743f74eef223a47c114a7377dae8bb5802

SHA256
d1346b4da6581d9f3bea54ebba5f8b4b6d103598486e39c60189b30035fa0236

SHA512
baca65b9f8d0234ad8dd87d0cd00f0b649df8a58c3869acccade99dc552a4154b67eed6af4be9555dd6ac6f40b197a44bef44a8fe0e7aec48cc1665d55428d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8bcd0931bb242525321d240f51f56860

SHA1
aaffd4d5ddd4d519ef3937ffa8088297adab96c3

SHA256
e939c552892cdf36628a9571796356dc1e1ccde9f57ec1a7c0e35111bf61bad1

SHA512
1c73a79cfed9cacadc28e97aacbb62563b73c5b447bf3141b436b38029141eef9955cc1d1d9604187444f680e1d89767ce6f3937ac4819d089ffc6807e88e544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
663812c9575b8051df12b30174370835

SHA1
7775c41fbf9ab2e95e2c68eb609403bf2b8198f4

SHA256
84be58b6a2fc3fc7c2f2b3bcbf4a06d3a9f9f304158121cbb6a3fd1ce8b89da1

SHA512
ee576b981e728126906ba37f14f195d66a3307d98c6c003251f96d617a3c47f4e58c343f736c81dbc1fb1ee73cc0e1397adc2c4ed068eabd2ec46b4950ce8afe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6f80fe2e2880c652c43599f7c8e5d769

SHA1
fbbe172eef3edb3e9926b4c1a8fa54200c842f90

SHA256
3b916e29f22f98417f1ae0b08c1c035d4879612a707065cd693f8cadae879ab5

SHA512
8064b604628ece304fc2305478f367c148cace4eb14db1fdad025ce1e07c2eb9ddf087c1c99b985b2e776900f2e0bac0a668c1c5e00fd93314af6cc13cf44fdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f0e.TMP

Filesize
1KB

MD5
341ae8580f2c618fe245c20e473677f9

SHA1
4cb0b2fe7bc7f0db487b4784613112e93f2a2803

SHA256
21d003e84899630b11808970a46c95cfa16b661712bb7b569f83e5a38674e584

SHA512
5dab968c17924ae41e4520e5ddb62896336c48a966d8d3de0bf9ba8d8c8559abf7691ed13b11b72915652e16bc9fb1979b628e04b8cdd7b09bb87de87d37677d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c7d22069-2f95-46db-a48e-d3cf09866de9.tmp

Filesize
2KB

MD5
6530c01fe94fd44010b69b01755b35c9

SHA1
8fb3e68339deb23dab2a4e5b372effdbfabb8306

SHA256
ea329ec7ed4fcce8a09e5ed340710c53550449422da3f93e7ab0a007be1c323e

SHA512
931ed4464f5cd98c3f2879802560429b9956c3b4fd39b54d33d8914f42db12b8cd7bb24dafe3100152d9e9fb1a168a72d59f8bd4ae37d2ce9d66a52b9acd48c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d31a96d7-433b-442a-81bd-1082c5a90d0c.tmp

Filesize
10KB

MD5
812b765a96028981a4f053a0a611d3a1

SHA1
f3f0f59bbf45e197665eaa38cffe9f697c682927

SHA256
531726606a4729efd09be158f21c06c3d919c878bed1e8ee7633846286948499

SHA512
c05b90336914609ff806b7fc204cdd5fabb393ee54d9a0ce7e55da3e16a884ec1f18d526148c9cb13d552152f03bd7b1c932a3763ce84a8d8766413014d4ba7d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit