3088b0302d4b38c63ef4fead57aa6049da2cc62bf9f4a5d9331552c84fe516e6

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-10-2024 08:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e926b28fc49f6259a70c032ae83cd14.exe
Size

26KB
MD5

0e926b28fc49f6259a70c032ae83cd14
SHA1

abb5856b3853cfe4ecc5e25ff1a7aa605afac007
SHA256

3088b0302d4b38c63ef4fead57aa6049da2cc62bf9f4a5d9331552c84fe516e6
SHA512

1f4306c38e6604f3945a4d1215576ee81514c34757318035d9220fb81da5bb4f39d23b8a22f404902fe3e67f0326a1f9ff45dc6ce8d3a41a69aab54de488fb77
SSDEEP

384:BvV0KF7OERZOTPx3hd/N7az/bCKQIRB1F7M9ekamfrqEjDEFCFUa0gW71JBr:B9LZOTPxNG5z7uTqVCFUa0gWR

Score

8^/10

discovery persistence spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Drops startup file 64 IoCs

Processes:

UUSIService.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d1f091046cae4444b98a6af68b456460.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_0327f7c05ff74caca7ee789370826e84.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_06aa08556def4611b68cd6e755ea52c8.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c1a4bd80622848eb99c764dba1e7033e.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3c4c005d5d5e46f58150a236e040e029.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_76e175f297624a669f3b118572f6e393.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fd13fb968a81474287b1797b4989519b.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f2cc8221b3514be9b047f14b39f87728.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_087e114b82aa42a18812ffab7ed116f9.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_161553f93176418e8ceb1b3f7bc1c4e1.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ee0895b0381b4b4a9609049780b394d4.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_0163268453ff409897d46364c7f93628.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ea492b05530c470b941137e3f4d4308d.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9e89cb8d8448467b8473e9e5539cd439.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_66f763c599384fbdbc56decb63f101bf.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a8503ded5abc46a4947678eef62a5cd3.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_61af5c33264a494d9fb0989eaf42c5c9.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9cd96412f4d149b883f805a7aca6a9e0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_57dcf5ca122d4f66ba0ec61186c0c9a7.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3737b3226e1d414b9aecbbac82b3cde1.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ef82216adaca4238b9f8cb13baeea73a.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_94e4d9a22fce4fb78ecf72ada019f14c.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6d10a054d5f148f4b79feb0084e97255.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e7a395ef61c74ff4bec8458efcae1846.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_020f0b615be24ff88f4433774336a7a0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_493b144dabd049dbbd8e0a633125408e.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_ce57ae73171f48198e0ad471ea33e341.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_b170b63a473647b08f6c25f1aad55dc8.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9e2f3da669c646dba21f1cb5177d0602.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e671e951e7224de3a42038ef891aea87.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_2f0acc0af1174a8b8f5216d5a95fee07.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_17c7ceb4148549a8af24076693e69c31.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_d70a4912b9904476a3fc333bb9dfd6c4.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_5eff724e3985402bb10b4574de6c5521.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_cca01676a0d6434d88b40387ae161ea5.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8a6eda1d14044a8c855e6a6dcfaee828.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4428513d586b41f79e726251317b25b0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6baeea7b1974434b8ef2335dab30c940.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_e1d993b7b7394bbba28b94efbace9dd8.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_60e63918f742491796b9dd8363efcbe0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_4c46f1b7e7ce45bb94a21c77002b7175.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6d2863e5742344a2904c6e66a7cf4da8.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6b0605dc891149a68ac63c119fca2063.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_6843374b2cc14fbaa261563e9cc2bef7.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_f61af2e396564c10a2760c5c4d77256a.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_47ec1a2fd8114a44bbe4c7236971796a.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_366c3e101ba04ef586cd5d6e569209f7.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_12364c955462478e8574a5095f5b7dd6.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_713c63f188984720aab6428d767efb4c.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_0617d2b8151d4e75b029f332e826efad.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_376cfca4417d4aafb8121575a5ca72e4.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_bb27e93cd0d84fdca970efc668dc61af.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_adcd103dd8004eb19348a2f5ae15f2c2.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_fe5184e1627e4c0ea629c6c34a756219.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_950e9b84cbca45ae81990cc5beb36a8f.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_9e3f4d4bef0d4349b95c1a4b07cb1a69.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8b36ee8929044987b87c165a588880a0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_75d4d0b0fc624f87ae84f23df7020efd.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a4c098ce3d66405ebdc79944ffebd904.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_613bfebaea07438eaaf8f296f23153b0.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7d645a0b800046ce9b8e89001dacc7bc.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8d50a6571aec4e599c29277206d7c70b.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_a1d819787ca2412b88eec6548461f2ea.lnk	UUSIService.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_c04fab2d267a44ab89059917f4aa8de0.lnk	UUSIService.exe

Executes dropped EXE 3 IoCs

Processes:

UUSIService.exeEdgeUpdaters.exe92c0875335b444c192f85a3c4580cbf7.exe

pid process

2780 UUSIService.exe
2548 EdgeUpdaters.exe
1424 92c0875335b444c192f85a3c4580cbf7.exe

Loads dropped DLL 64 IoCs

Processes:

0e926b28fc49f6259a70c032ae83cd14.exeUUSIService.exe

pid	process
2232	0e926b28fc49f6259a70c032ae83cd14.exe
2232	0e926b28fc49f6259a70c032ae83cd14.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe
2780	UUSIService.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

UUSIService.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_ca1ffc621c2440629a52038a1249e459 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_e382310a93d54a4dbaac18134c59224c = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_272348c9e9e1478a90a8a673164300f9 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_6c00919794c94e5cb148fc9b098571c3 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_d4b0987a59ac401fb813429c18de27c1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_0d9fb739baea4dc3853f6bd2c368c647 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_c9cb64f526b4408e85fa11daf0a83f91 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_0eadfabf601047e5bc757f26529c9fb4 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_5151ea739f4047029a378eea9fbc40f1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_927a95e971da4f8a9d9b7be2d009d690 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_71b256d7f4814de89ee872333e532ab7 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_c19b1f7a5390475a84347c141a1f4a2b = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_f21c45c026db41ff9ea1682b991fa4ff = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_58e15b2417024d3cbadbbdba4e3eac68 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_7e3edfecd6984ef5bb3ba2d12c7c7418 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_a24f9704f82e4f04a51ac4af4ce17be6 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_8d36163bed3348aabc6b2a6fc1c0f8fa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_5d573f9a55ae4d44acfb28c3418f9e96 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_74bcc7d9a09746649370fc8b9a8e3393 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_b8d4dc2ef26b4e8baf5d5572181ec0c4 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_077efa3045934fe29072ee8849f423d0 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_f31cb1de9e2a4e5f922add4640b0fecc = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_3b0dbcd0b7704e34ad9ee8e9eaa2855f = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_0764a8749b7648b79d5f651f961d7368 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_c292d1d2e51e4c8793bc450321077ce2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_9482f4eb2a2d4040a34e8008cb1b36bf = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_7dee119e6a5a4966956bf278a3adc763 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_3356d4e30d324f2bbfa30484fa83f3ff = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_1f88657029b9471f8ea4cf8f432fd546 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_23ff7a3cae3d41f5a22fcc49719a0f4f = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_47207e2ef5fd4442897b8e3e38663a9e = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_2ca07c50850a4601b6128e3a795c9f48 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_88c040673c0e40bf8888aa54a57fb753 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_e430e0d18a4e4f26a7ead4890d2a5620 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_0a5384b954e4488ebc7ab5ca581f181f = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_14154cd01ef84a3684cd73f475da0222 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_395b4d9235b445ee9bc67c6617816fa0 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_c8b79c92d2da47b89ad2de34ca55971e = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_dccd7ea559de48aa871d16e15d40a713 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_c040d2a8177248c6ac0197a8ab6b024f = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_30016c373587464d90100190fd3af7c9 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_6864ccba20664ca5850044d4ccfa29ae = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_94d1eac86ef5429eaaeecc3c5991f617 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_22dbe20b335f4a568837b18ac27d8467 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_53585f75312d423f998a9ed9eb651ba2 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_edf38198d50d44dfbc6d14d49e3c2a80 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_8e7541b7a2184600995af9839a70723a = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_192477b09e834b429da8e2c9f55e1dab = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_1fd68a7592db453799e69ca2e735e513 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_4873ebd4c2b54a418fae017ad9094b39 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_fed7ae6589b04320a56a41180719e9e3 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_0ebe6662a82743e7b55d5c768a163c7c = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_b85b081f98804b319d8165ae10d7d712 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_ae1531e042fe4a33b097776167de12fa = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_f227bd813bfe431294e19a571f116a00 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_63f3f8d100da400390f1c921a8a4de79 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_439d2f0fabea4cfda8b0c380fb8dbeca = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_9a932a180b7c4080a7b74b3489d1993d = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_b4ff502ba67c4dd585e0fa7b6caebe9f = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_23c1da1a54884ab0a26f1096ce332e54 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_18a0c37110d745089eee44c618b11188 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_2f794184011d4d58b73cc1b8d6999c75 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_77ce28bc8db3402eaa0b67a317a1827b = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2872745919-2748461613-2989606286-1000\Software\Microsoft\Windows\CurrentVersion\Run\UUSIService_a895460c67604521924a5e8b8f7ea135 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\EdgeUpdater\\UUSIService.exe"	UUSIService.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

4 api.ipify.org
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

flow	ioc
4	api.ipify.org

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

0e926b28fc49f6259a70c032ae83cd14.exeUUSIService.exeEdgeUpdaters.exe92c0875335b444c192f85a3c4580cbf7.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	0e926b28fc49f6259a70c032ae83cd14.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	UUSIService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	EdgeUpdaters.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	92c0875335b444c192f85a3c4580cbf7.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

UUSIService.exeEdgeUpdaters.exe92c0875335b444c192f85a3c4580cbf7.exe

pid	process
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
1424	92c0875335b444c192f85a3c4580cbf7.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe
2548	EdgeUpdaters.exe
2780	UUSIService.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

UUSIService.exeEdgeUpdaters.exe

description pid process

Token: SeDebugPrivilege 2780 UUSIService.exe
Token: SeDebugPrivilege 2548 EdgeUpdaters.exe

description	pid	process
Token: SeDebugPrivilege	2780	UUSIService.exe
Token: SeDebugPrivilege	2548	EdgeUpdaters.exe

Suspicious use of WriteProcessMemory 15 IoCs

Processes:

0e926b28fc49f6259a70c032ae83cd14.exeUUSIService.exe

description	pid	process	target process
PID 2232 wrote to memory of 2780	2232	0e926b28fc49f6259a70c032ae83cd14.exe	UUSIService.exe
PID 2232 wrote to memory of 2780	2232	0e926b28fc49f6259a70c032ae83cd14.exe	UUSIService.exe
PID 2232 wrote to memory of 2780	2232	0e926b28fc49f6259a70c032ae83cd14.exe	UUSIService.exe
PID 2232 wrote to memory of 2780	2232	0e926b28fc49f6259a70c032ae83cd14.exe	UUSIService.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 2548	2780	UUSIService.exe	EdgeUpdaters.exe
PID 2780 wrote to memory of 1424	2780	UUSIService.exe	92c0875335b444c192f85a3c4580cbf7.exe
PID 2780 wrote to memory of 1424	2780	UUSIService.exe	92c0875335b444c192f85a3c4580cbf7.exe
PID 2780 wrote to memory of 1424	2780	UUSIService.exe	92c0875335b444c192f85a3c4580cbf7.exe
PID 2780 wrote to memory of 1424	2780	UUSIService.exe	92c0875335b444c192f85a3c4580cbf7.exe

C:\Users\Admin\AppData\Local\Temp\0e926b28fc49f6259a70c032ae83cd14.exe
"C:\Users\Admin\AppData\Local\Temp\0e926b28fc49f6259a70c032ae83cd14.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2232

C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\UUSIService.exe
"C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\UUSIService.exe"
2⤵
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe
"C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\EdgeUpdaters.exe" --checker
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\92c0875335b444c192f85a3c4580cbf7.exe
"C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\92c0875335b444c192f85a3c4580cbf7.exe"
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EdgeUpdater\92c0875335b444c192f85a3c4580cbf7.exe

Filesize
8.6MB

MD5
54e6bcf9be550a5b8e5cd7b83318942d

SHA1
0c9084c04d5dd833867a60376c0809e8276fd869

SHA256
b5eaf10fcee125295402478e086f6e3c441024daec47dde0170ba528525f1eb2

SHA512
afed87e898d00a146c42f4c81b86fe5c243c205fabb3296d757915bc427bfa8fe91d7cad48a4d36f427168b90011d8ce05e8b3003ccf47f0a3e3ab5151eefd1f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_3aa6f54166c04b069cfd7c01e0cf0b4c.lnk

Filesize
1KB

MD5
4c817f2e7eba17c23698501443f40e5e

SHA1
6ee935fd6fb11ff4fb5c331d4b29eadfaf28c5ee

SHA256
dcb2dedeab97c99eac0ea67610b93aeb0c4e510f2981b551bc0a8c3b7cc0774a

SHA512
ec8b8155531ad3d684e75aef17d7ad0908cbb800451904ed104bf39029135cb5d8d9a4766c99f9c345b2d5e5df1a578ff057443e68543e5299c43044832adc5b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_7f4e58bfa2194e9f8f9a7f13bfcf35bd.lnk

Filesize
1KB

MD5
f0bfaaa8d19936e6bdc7217997c14e86

SHA1
ed9a5635c78333348828ef5ad64167e3d2ce3623

SHA256
dba27a330eb5eb6b62457616329e62ed3e52f95dd78c5e319571962f163e404a

SHA512
e4f2489dc19aced133ec5a505cbb36b963ebf812c90ea8e78843f9f061276ffe88543bfc6fe26738181dfa3c711f98f6c7fcc1b402372003e0792002705f9b57

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\UUSIService_8a6eda1d14044a8c855e6a6dcfaee828.lnk

Filesize
1KB

MD5
59294d4c4bf5d49c9491995c189de78b

SHA1
b7e626aed0e756b6031907722448965d2534aad5

SHA256
a301387320a4648f859f028f01a207c00f67d9d2c309b5fbf50f15cc250e4f2c

SHA512
1fc24c796bef530401b02a86a05a2ba86d8a826f4e28e1d35aed521da0c0d0f3e4e7ea14e7a20dd8cbbc17aba96064f80c073dd7ba9a19bc89ea09653b30296a

Download Submit
\Users\Admin\AppData\Local\Temp\EdgeUpdater\UUSIService.exe

Filesize
26KB

MD5
0e926b28fc49f6259a70c032ae83cd14

SHA1
abb5856b3853cfe4ecc5e25ff1a7aa605afac007

SHA256
3088b0302d4b38c63ef4fead57aa6049da2cc62bf9f4a5d9331552c84fe516e6

SHA512
1f4306c38e6604f3945a4d1215576ee81514c34757318035d9220fb81da5bb4f39d23b8a22f404902fe3e67f0326a1f9ff45dc6ce8d3a41a69aab54de488fb77

Download Submit
memory/1424-102-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1424-112-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1424-83-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1424-85-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1424-87-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/1424-88-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1424-121-0x0000000000B90000-0x0000000001B76000-memory.dmp

Filesize
15.9MB

Download
memory/1424-107-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1424-105-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/1424-90-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1424-110-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1424-117-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1424-115-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/1424-92-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1424-100-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/1424-97-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1424-95-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/1424-93-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2232-0-0x0000000074E1E000-0x0000000074E1F000-memory.dmp

Filesize
4KB

Download
memory/2232-1-0x0000000000EC0000-0x0000000000ECC000-memory.dmp

Filesize
48KB

Download
memory/2548-28-0x0000000000B30000-0x0000000000B3C000-memory.dmp

Filesize
48KB

Download
memory/2780-29-0x0000000074E10000-0x00000000754FE000-memory.dmp

Filesize
6.9MB

Download
memory/2780-14-0x00000000011A0000-0x00000000011AC000-memory.dmp

Filesize
48KB

Download
memory/2780-62-0x0000000074E10000-0x00000000754FE000-memory.dmp

Filesize
6.9MB

Download
memory/2780-58-0x0000000074E10000-0x00000000754FE000-memory.dmp

Filesize
6.9MB

Download
memory/2780-17-0x0000000074E10000-0x00000000754FE000-memory.dmp

Filesize
6.9MB

Download