hxxps://download[.]cnet[.]com/slackers-carts-of-glory/3000-windows-slackers-carts-of-glory[.]html

Resubmissions

11-10-2024 17:51

241011-wfemvavera 5

11-10-2024 17:47

241011-wc44bszdmj 3

Analysis

max time kernel
38s
max time network
36s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11-10-2024 17:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.cnet.com/slackers-carts-of-glory/3000-windows-slackers-carts-of-glory.html

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exe

pid process

3896 msedge.exe
3896 msedge.exe
3492 msedge.exe
3492 msedge.exe
2796 msedge.exe
2796 msedge.exe
4860 identity_helper.exe
4860 identity_helper.exe

pid	process
3896	msedge.exe
3896	msedge.exe
3492	msedge.exe
3492	msedge.exe
2796	msedge.exe
2796	msedge.exe
4860	identity_helper.exe
4860	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3492 wrote to memory of 3552	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3552	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 4608	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3896	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3896	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe
PID 3492 wrote to memory of 3276	3492	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.cnet.com/slackers-carts-of-glory/3000-windows-slackers-carts-of-glory.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff1e013cb8,0x7fff1e013cc8,0x7fff1e013cd8
2⤵
PID:3552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
2⤵
PID:4608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
2⤵
PID:3276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:3200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3488 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2796

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
2⤵
PID:4592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
2⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
2⤵
PID:1128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
2⤵
PID:2120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
2⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
2⤵
PID:3288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
2⤵
PID:4452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5884 /prefetch:8
2⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,18056375788496848344,11378135344821249164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
2⤵
PID:1884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2296

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x0000000000000478 0x00000000000004E8
1⤵
PID:3192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c0a1774f8079fe496e694f35dfdcf8bc

SHA1
da3b4b9fca9a3f81b6be5b0cd6dd700603d448d3

SHA256
c041da0b90a5343ede7364ccf0428852103832c4efa8065a0cd1e8ce1ff181cb

SHA512
60d9e87f8383fe3afa2c8935f0e5a842624bb24b03b2d8057e0da342b08df18cf70bf55e41fa3ae54f73bc40a274cf6393d79ae01f6a1784273a25fa2761728b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e11c77d0fa99af6b1b282a22dcb1cf4a

SHA1
2593a41a6a63143d837700d01aa27b1817d17a4d

SHA256
d96f9bfcc81ba66db49a3385266a631899a919ed802835e6fb6b9f7759476ea0

SHA512
c8f69f503ab070a758e8e3ae57945c0172ead1894fdbfa2d853e5bb976ed3817ecc8f188eefd5092481effd4ef650788c8ff9a8d9a5ee4526f090952d7c859f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
79KB

MD5
f22fc5850a05b8c3f3ea1d2e07ee52d4

SHA1
1ab1d80e508cdf5214763eaefdad3adf073ab807

SHA256
d032e15310379a5158a61aff62c4fc612b9ff1f58138b53c9a9f7ae458ca4ce5

SHA512
2716ec34bc9c42908b69db863f7e81321d7edcb839adb4f46635bef75166c6bdf639df8c241b34508e822020b520e6ee100fc7c4acf6e031d200b06b97a5cb03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
98KB

MD5
587bedf2ee8c13dc90ac29b284a80521

SHA1
9c639041f880ab0308c9ff9a35d5be3fb866cf77

SHA256
2b9beba09e49cdbeb1f0fa54cf2d5e5d299513c6f7da4ddf6fed0e40785cdf12

SHA512
f4554c7de5c39b7a760c0cfc0499eabd34b7f3f89c8ce33bdb895f6f8dd14311dc8d19ccbfbebe30d560be377877ea7502f8d593e22daf9c93e08419d65880e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
32KB

MD5
b8e30d978d1ffd84957eb2152a830a8d

SHA1
61fd8c92e22e9df7d7f9f6f0ad33c394ff982164

SHA256
95b29ca6fd8b01f21779a1040b1febe3e07feadc77da38e877f1efde87dcd4f8

SHA512
ee47f1ce6665304dc15c8092026d7c18f2a776e743fc9183883deb109bfdc3821a6630f4705ed1c3274db1be3cb597f378e5f316dec3803f3ebf7c5cb65a3ec0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
74KB

MD5
8701f14f8fae8f34cb0fbe7c8a88aad7

SHA1
f918a6b2922302936678e381895091c534c6f4d6

SHA256
122ba8fd65f08c8392364d0fa54ca9439190d9fbf8f4a97463eeab1f79704038

SHA512
3c21602dab0c5f5b2c7999aab43ff16c340befa8f29d2c60eb22775f46ca4080d7c22ea78b857055f95c12f76f4c2f2a37e1a3d5b77de7f0043b57877ea7a9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
33KB

MD5
42f59bc742f6b866775f3fcc0ec49416

SHA1
5614b8e4067223a39caed2370095e027f0380b97

SHA256
ca306ad04e6f1d4c0781ef075bebfac3c0271d2ba568bfa45462c72f704eadd2

SHA512
fdbef38686345c9afa1549ffdf8001c1dc534a4ff9a6acebdead1ea734e32ffb74ee53f3b3921aee520e3400fd7f41011fafec15533a93468567413bb4eaf249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
52KB

MD5
7ab138d20ede3cc371edc7b71b1aca79

SHA1
56e970a2e783ab8af87f66a687438fe8a919a789

SHA256
fce8e94afafb852c433fcc0fe5a4ae4fba5df5d977e67779d4110b4459539c0a

SHA512
e59370cdf2e84e02f0b229de4b02a14016635521d2304b408d2c91383f2caf20161a8539d31532ec31b6e50b628ceb3d0e875642c3d2da314e05a8e0dde4171f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
149KB

MD5
2e5422d6125eec1319bcff9e46c7dfee

SHA1
b04bc0dc327207593054dae6f8dd514079dba08b

SHA256
9e960c1fefa047b528c9e68fc7f1a98caab6e69071c90811df85a7651974ac44

SHA512
8a3dc495e44bef181382e3534b2e8e3b6f933de3f9b7f1bbbb1255fabea6d8643a96976dcfa652118e79df8563cc642019b03483feebeea76e35ced6aa63e3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
97KB

MD5
1cff6d1b78de1a7818375a7e8b95584c

SHA1
59457c0aed9581ed1f16c8f87fde71caf2e51621

SHA256
6ba535b379dd2950d41b65349865fedc1c8d91a12dad342f1aec42b2a2d211d7

SHA512
633efe141e975d6e9ebb5423dae54f9ff9cf4097ea748982f06b97d1c7c15b288aa34362ac1edf46a968c81d872526b0880837e6d350fda3d1577c2a5b56a5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
108KB

MD5
16f261387900bf813d15100d608aa5e2

SHA1
a294278b1ac34cd39795aff1b31008b2e23ab478

SHA256
bb7e85b47be3f05992515e3c3e00a17707c843485ebd4080186319bad217bd69

SHA512
25085994f78119274e0bca9cebd6c4ccee60587afa6daff6b7a16ad064c616e8e7c913a1d2c1798dc825a02b41126cf74ddebd881ba3c014f5565b7d1cc39765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
16KB

MD5
99ac54e688b81b831b06451149f3b1f4

SHA1
4a800f3136affb7e60c0104a29d67347d8b201de

SHA256
9e85920411174aff0d97e3088cb1505fc9733af29bb717917b9cd5253c2f93d6

SHA512
383151b5725394b39ac0c6966107d90d915b32c3e3d106a06ca51253916ae97628b8760371986cebd46667e7024e5c5d7da50dd355d641d28998f51f4cda8917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
19KB

MD5
3e2ad8620482982cb321a94f0c4f6c21

SHA1
3cd55205cf00fe738a4c2f4ad763d41283015b11

SHA256
63b42693b34d291ec37ff3339e787c11cece21afb1c89abd299b586d2e591eab

SHA512
88bd039f569827f39d0ff9443c6c1f246d07feb5b5c44aa1b370e1fb4a550afe7799dbb08232fc3b1a043e812e5f22bac1297d56adc7e5b59f6309e99ffcd0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
76KB

MD5
bee3b5be17eee304b98db277bf9fd2b2

SHA1
3a007fc3889696d786c735f0d785d157a22ecfd5

SHA256
907026fb8266370de5c10ce9c92af6bef0f0dd9b1691c4c2ef4fc1948a00cc52

SHA512
37be5b7b65ee46fdfc2585b495f3aaf94615b3b8a797a32b9372ff0d4d7c02cfacb75bbd1738ee146db250d479b0f12cd45a8e451282d9a91e70079341ba1156

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
c115e615bb3c2709322079e46d6719a8

SHA1
d5066fc2d54f99dd607345e582412178b1ec691f

SHA256
394a642a0e6a19db28018f3622fe129aca7bfaf0f63cbe294b51b71841eb1d3e

SHA512
30c5cf95acf5322ed6ae12df4e8b74396b56a4cbea30ea6334b50a362aa13bf94019c1d9ba69215b30aa34609d0a996d372472e90a7909aa63ec2e7e02ee4d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
63KB

MD5
49cbefd08639aca7f6921c43a85d9905

SHA1
8ab5b92fb186f50cfdb124fa9631d4b59ccada78

SHA256
3cd2609cb9fc79af0d14a44ba31b2dd33ee28c64d6c108c06d27c61366b6b020

SHA512
c57894a7c80df7e7a5add407f52587d7f6d001237c5d8e90761237d7c6497adfba010ca0b64d3f80829aa010a6eaa6e38b5ab374c51f9db9013d09949f09fdf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcfeeefa996fbda6b9de7bb49ad67e37

SHA1
90397e2e580e91e4ef72e579ef858f5458905f32

SHA256
9fc602eebe3c7b443d380e76f13dc0cc7306df4ade7296d7b9e108a656fdfd3e

SHA512
aa2016fb34634f6879ccf0a385551256a7a6e06c93254af93dae0f88b322f39d872770bb43bf9e90364708092210b24d09878f747a31510239af4fec27cfe32d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
453d32f2b8028abe151871c974e57b1b

SHA1
9b42be3ffefcc5f193be99792ac99f6c1cb1e840

SHA256
922e7750b2ed7c8f659c6f28572e1b05a09c2fb642909050643165c9a3bb125f

SHA512
7ae6b9783c7db64541c376182ecf6905c157a161c25f7ade99274d7e931e1334117abced8ee8ebb805117c290cb63eca844f85cb77fb41ace1e54737a8a56319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de185528c7ab0453c184e34b186c7a43

SHA1
6ca8846499bf09b7348e580132c3d2ff44835990

SHA256
3149dfc394932b7c9c7c534d8cd14a143d4f8890f523625c72cd87a16044a0a5

SHA512
2fcbbe6adff62b55d8395be64c2889a0760b9d9940095fc580fb8ba549cdd8ee31661f2dbdacd4398d4c2d2afb5e6896954cf86e48bd6078191801a2321d4404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f16b9c6c5fb5f746d68617d90b2bb9c

SHA1
0973ad508496df865f7516a2019474f9a2c330fe

SHA256
8c7e54fe6398583e4202cf3e99d182cd4a258f46e84f8d53583a27f156885c41

SHA512
da8c87888c91990488f8030e586eceed946ba80630e9537d35670d518202a0f09f8196063c73128cbb620c0e07b1b00c7b4e7ceea0372e58be764aaae9cfe110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b44ef3ed8da4b0fb851d8226d65354dc

SHA1
d71280d0ffe2492ecf08c708be7da79ca4c09221

SHA256
9be3ea694a1689eac2b2eb2dea96768f018b783e6e354e48214df89c2957b466

SHA512
f6a4ba20e7127a27844deb03777d6aef6c94a810ff3364926858e79405a7f23cf77699c0e9d4a0699ac470fa94e6de20aa8f3ee7391f8255786c997d9522c8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9f488fe782022d57974d094e682e600d

SHA1
26772d90060a43644094158e8097e5f8847398b8

SHA256
d15db06c7674c797455d30291c49c79c0d50fddd3f05048f39aba1839d156fdb

SHA512
57645ac62a5edb5d535ec95d0e23f76c41308c7b4224b25b92f244482e7faea15d7681d30a26f6dbf9a97a2a3cf22375ff876c2d7ad1f145387f497b17f48485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580182.TMP

Filesize
1KB

MD5
0b7839a15dc9e583bab7f0356e6cdfcd

SHA1
a2d63d7267cb53270cfce358c805c0c9bebf0fcc

SHA256
53b15c4465acc846d8867526d43386f0dc1c9d4aeb125dfe7d48bacb79c88961

SHA512
5a007815fdde3e78eb1dd46eb721c407bacd5a6abe0b4043ef29b24036e2833a521db14da7b62009bd4a7e0436368243bf0674dc2f1ebd92aa320e97a3961791

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6caa6f3c2d3ccde2fc9bc5fbcb052b6f

SHA1
f38efc0f154af77903f8dc81ffa30969d93ed28e

SHA256
71bf2778020212f39a4bb7aeb12f105a2f47e243c53b8b56dfdfef60c2a0425b

SHA512
9b7aa8ab33418639bf8ef6599bcf9244f1d212f35132a65664545e68342678c24ca5efcbbcafdfd4bf84342a84d1df63bdcb55fd1bd2790cf3e1eb0986e7ebb9

Download Submit
\??\pipe\LOCAL\crashpad_3492_NVSHMHPRBTFFEDWX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit