e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-12-2024 08:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SKlauncher-3.2.10.exe
Size

1.6MB
MD5

ebb40145a6bfbed88859e41689315d82
SHA1

7bb2c82ef24ef919d04592930bceae039f78aebf
SHA256

e4baeaa3c58628acfd7058b9d434ab2e6a7400445f55685169a79f045810298c
SHA512

67c6601bed14363e6850d93cf2b90c1e4f69c7cd5098d548aa0f378fb42dc6e32fe52cb81aeb232a365a3edb24fdc6ef46f6400cf1709e1d5ee22fa4ac4e07ae
SSDEEP

49152:HIBc3nmd69QkYtO9Kgl/+e6k4F57YyAzlzHsrviO5:oBhHtRSWet2YyidsR5

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4108	SKlauncher-3.2.10.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-940901362-3608833189-1915618603-1000\{17A70A3B-94C5-4E2C-807E-B5A42B6B80E1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
2044	msedge.exe
2044	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
5904	msedge.exe
6016	msedge.exe
6016	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4108	SKlauncher-3.2.10.exe
4108	SKlauncher-3.2.10.exe
4108	SKlauncher-3.2.10.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 1168	4108	SKlauncher-3.2.10.exe	85
PID 4108 wrote to memory of 1168	4108	SKlauncher-3.2.10.exe	85
PID 4108 wrote to memory of 5032	4108	SKlauncher-3.2.10.exe	87
PID 4108 wrote to memory of 5032	4108	SKlauncher-3.2.10.exe	87
PID 4108 wrote to memory of 1544	4108	SKlauncher-3.2.10.exe	91
PID 4108 wrote to memory of 1544	4108	SKlauncher-3.2.10.exe	91
PID 4108 wrote to memory of 1996	4108	SKlauncher-3.2.10.exe	108
PID 4108 wrote to memory of 1996	4108	SKlauncher-3.2.10.exe	108
PID 1996 wrote to memory of 2044	1996	rundll32.exe	109
PID 1996 wrote to memory of 2044	1996	rundll32.exe	109
PID 2044 wrote to memory of 2616	2044	msedge.exe	110
PID 2044 wrote to memory of 2616	2044	msedge.exe	110
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4344	2044	msedge.exe	111
PID 2044 wrote to memory of 4120	2044	msedge.exe	112
PID 2044 wrote to memory of 4120	2044	msedge.exe	112
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113
PID 2044 wrote to memory of 5044	2044	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe
"C:\Users\Admin\AppData\Local\Temp\SKlauncher-3.2.10.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4108
- \??\c:\PROGRA~1\java\jre-1.8\bin\java.exe
  "c:\PROGRA~1\java\jre-1.8\bin\java.exe" -version
  2⤵
  PID:1168
- \??\c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe
  "c:\PROGRA~1\java\jdk-1.8\jre\bin\java.exe" -version
  2⤵
  PID:5032
- C:\Windows\SYSTEM32\reg.exe
  reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v AppsUseLightTheme
  2⤵
  PID:1544
- C:\Windows\SYSTEM32\rundll32.exe
  rundll32.exe url.dll,FileProtocolHandler https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://login.microsoftonline.com/consumers/oauth2/v2.0/authorize?client_id=907a248d-3eb5-4d01-99d2-ff72d79c5eb1&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A26669%2Frelogin&scope=XboxLive.signin+offline_access&prompt=select_account
    3⤵
    - Enumerates system info in registry
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd297a46f8,0x7ffd297a4708,0x7ffd297a4718
      4⤵
      PID:2616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:4344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
      4⤵
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:3212
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
      4⤵
      PID:1392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
      4⤵
      PID:4140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
      4⤵
      PID:4616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
      4⤵
      PID:4796
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
      4⤵
      PID:2484
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
      4⤵
      PID:5020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
      4⤵
      PID:1868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
      4⤵
      PID:864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3912 /prefetch:1
      4⤵
      PID:5108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
      4⤵
      PID:5784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7148 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7124 /prefetch:8
      4⤵
      PID:6008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7020 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:6016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
      4⤵
      PID:5016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
      4⤵
      PID:1092
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
      4⤵
      PID:5576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18446595900486198617,13174703335234459885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
      4⤵
      PID:5748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
f88df51ab5f2469bc9a706e538940d19

SHA1
d81a968e9f01575141738f65283e2cadb99dc299

SHA256
ab8a3ae44c091b4716580d89f519be52f14c9fad7b8d7c034426015c6f8a1dae

SHA512
b6dfc8cdbc059e0eaba78a9fb7fa6fc4787e6c55e773848aadd4ec5a6e6815061e3d093518b5b2a33aa570e54ea94f6e4bbeb7f676c82108030ebc0347c23760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
12e3dac858061d088023b2bd48e2fa96

SHA1
e08ce1a144eceae0c3c2ea7a9d6fbc5658f24ce5

SHA256
90cdaf487716184e4034000935c605d1633926d348116d198f355a98b8c6cd21

SHA512
c5030c55a855e7a9e20e22f4c70bf1e0f3c558a9b7d501cfab6992ac2656ae5e41b050ccac541efa55f9603e0d349b247eb4912ee169d44044271789c719cd01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
f1fb35772c43a88440f58f70ba7d6fc0

SHA1
b0df578dc71dfd801bf3d5151fd24f7bcdca7a71

SHA256
d7177a7f77e72d3f79acf4f1a68e93526dad4e19adddfbba68812fb024f33f06

SHA512
473ef69eb89118ac9160b0ec3cdba4489ed9aaaf8d18a9fc02951ca8271c084ccdd01677c7e9ea7ba967ac386ee69d6efe0b53ec5ab43569987da6e61190ba85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
54ef7118bd2e7041ac956eda09e1b478

SHA1
eb347981d3013a2faff6b634549f43e66bdac2a8

SHA256
7e89292f3130888eaeb43a65e93daea2b53cd697ea0ea3f30a0809215a9d5226

SHA512
6edfaafd899e391d06a6148214418d08cb3350338c679da157cc9e8b90806ebea9807e47e6617dfb3b3b43a3079620a402fff2a8823c32f63c6f3ef3a66e1db8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5e704ea0fc3f242b806ef816d7c6e201

SHA1
0e059942c1288cdf152913efb9382b3545c90329

SHA256
a27b1affcf416fc6d11c81d60f3abb5ad38648f386ee38b2b18cb11e7360429b

SHA512
15b430d16c372702562a0c688c1d8c442139db8c099f51a71c38821d72ffa56ffceff60ffe79a79b8a906066084d65c0d1ad5415bc8ffa09f54d58e80e8604ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a95848094badd792cff5706b04a43a7

SHA1
96891d71bbad127b55c5383409ee7b5738e1aa37

SHA256
7a0380df8de65d6e0c80a115482e86f0403ea1082aadf0b0c70d749babe24c9b

SHA512
35e69b4b1f571a0618f33ec9328568fd242f24f1e43fbd41b7601c964d5ae2fbe0fdd90b5187e30de3a3941487a0bc4a04daf8d90070a7e85fd4e3d14ba4897f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a43b9126a3bc1921ebe4371b0ee913b1

SHA1
1cb366a9fe25face4f6e344e9b043c2921bff50a

SHA256
fdbf070076d42db781ac1411bc9c33f9938bda57a58be8a13ea60c90928b18aa

SHA512
67e3e5b04f4455d69a527d8dd3caaabc38cd053540481e8565d8fc1fd97805c7ef6ff3c53b10b35e9315fa41ac9b6678fc18b2c9364449ad329e75d5a81f95be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
430e40e7ddd09e79d2f65b0ce7c36b56

SHA1
365c223f3e6d51fb6f41817564187529a2b0f05b

SHA256
914de78cfe004f39152eb216a03e95f37d7aeb6cea6b95e382dcc72f20692a6a

SHA512
2fd8c4eca818f7574e1ec54597b315d1d443849579742fd9df051c8c5fda557f75dafd7f5797ef1ca2081554e3a797faecd614f7a5354a8a7423405d6e8678a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1edcbf6b03979f6a7bf7b685ceecc4d4

SHA1
ded98c5e2fe80acc8f503d10309ee79b38e8a689

SHA256
70a97bc9c531e349edc7ab794093d64306bd7a9cb4f89adb4ff3ce0b4d42e827

SHA512
f72dec77d791a1fd5e1c7639a36c6722bad016a5597035f94c87a9facc89030c98a1c538a28b8d545e0299cc469c2df63f07f9d28ebd2bf7893b955182a018a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0c39550dbff5720d4dee1cc353f11b4

SHA1
782f0b9e96cad18c71e8dfea56a2463c7415dd86

SHA256
5f21eebf5062cc7341e6a6845e7b84ec7d29f59297288568aa970a04d89d4ae2

SHA512
0e26a22e24de2ea04c92e34740ca7ef7cf1928ef2f7e9d7fd60d0099a4991cda4242a2ee60f9e053a468f30cd206e787f2743d9b4e31128f1c958ced38ffde09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d113da9873493b0f7e3404e56a9424ed

SHA1
76a5b729b468ef6dc11a9ad1a93690166074c6e4

SHA256
3e626d65066dde80e7f1a50d361b0eb9aea6a35df4a79643f9a6d8a456bdf333

SHA512
2cf7c0b70891dc045c08b4ab621c96e15238c59dd4c2a9760c7100ce757f6df867c58b64a7be14596a87ac5026a10e4e8740be474985d34e4c65f2c63bd8bc82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0fd3f8fd13ef56d83619ddb8ed9139c

SHA1
e5619a6ec581e9b590272dcb3b996d4dc2c275ab

SHA256
3f1ffe27ce3fe799704507d961397c743860779ff8d9c8cead0217112b7ed9cd

SHA512
18f9108567e4ef59899283478cdfca5e7fb186f30c67f1d2dc97ddd236a9d0bf4f9913f40f8044f21edbe61efa2ef764076224f6d24264705625cdbbe623e144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
994a9ad5d9fecd636b1153e9229694fe

SHA1
6ad7d0982ae638adb3d01e56d20571508a98849e

SHA256
d3a8a17bbafe9c2b3592e37cb72f52d59953ecfe91df6d9a25db9c31cec00cd7

SHA512
3236c18cec897fe36389211bb8a17dc49b6895ff09469739b56aaec91964b7a3435b5beb033cebce6a6a8fe490e522097d96cfdbc15479e2190f16ddb5c5840e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
cfae077583c9ad39ef3446522cb2e495

SHA1
dad1b4c78051d5a63c115393f6ca5b90fb89dae9

SHA256
315e4a9f54c960b4dc59cfcd3c0793682d1cebba5284a7cba6a9e258e4d838bf

SHA512
8130559cdaef36c9e90e33e52e3545d8f67c9943afb6a5a4ed658fec767ca24daeb99b95d905523cec8def97b0079223bfaad4ce547f3cb6c4efa5ef6572f30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5368c77edd07ff673388814afcfdd6de

SHA1
4278888ce0523c113491d56a7410ab2118519f50

SHA256
d51d64514ec3e9e85218e70cd09eb86d4948911c52f40d6e0a0740e5903e02e5

SHA512
b564c82c949efe8ad3bd4d8dd7eda0e6f18f286122ac22c9a28a6a4c05ca7ebe35b1e9ab64bd64406c78844b76342d866c75b761d38cbbbe5a5942a06d3bda97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a753c314c5722fe517806b6cdfe6df95

SHA1
4939be09ce61bd7659679f38f23e80b99fb3848c

SHA256
bb93f674c425fb70ec34a1ef148c51d8d532f8aea19085998df7f87c92c22ffc

SHA512
813f2115812b2a082b5dd80c41139f0e180cf231a23a7c9c49e0d18d0b535ce501f489c8225a1c61bca0b3b02c7f67f59095806b793b27dbb6a2c9652ae2521e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
0d9b86d689fc272b91036cefe2442fe1

SHA1
96a112661bba6c640b3b9fffc0589f2eb2df7af7

SHA256
88a6b6a56dd9493bc8993a8c7eeaaca66775bd7a323c9fc83cdce504e462d976

SHA512
ea68dd6c1517d98881fd32819a5f6659fc9c2c084ca3879f9fb8288e242cfd286568727a3a6eb6e4e1256f7af5d25ed3d65c69817e338973b43e7c3e59608600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
22be8a9f21c6855b0a18d407dded2aed

SHA1
0212856a19f2bbe72aa69937353b9a6f64426a38

SHA256
b9a2ac1b9407161fff8efacbfac7abfdd31cd7b9281be47a84355baa670c0fce

SHA512
3f81d32af7dbe91d86b340ab4ae48b069a9db50d9160f54a7ba3a1ec9b0bef31e238eeb4bec3a288ee1e29e9b642cd2534782b7ac5ad86c7ff5661be49ff1f44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589dd1.TMP

Filesize
706B

MD5
9e95172429014aef821219f74e52ef4c

SHA1
8c2c06331763d50d8b5842a347d1b8a98e7a45ca

SHA256
950b2e4841d0004b87a767684de3611e8c1e2db391c91b96934226797779777d

SHA512
7dca72c694185bb38a8fec0eae4807d69e750dbce2e53ac40c91550c4c4f9f3d1ec6272fad62eec783c7418454e3106a9434ff2867baa1a3bf9c9da72cb2158d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7a598e1d103fbcef50bed2e868007bfa

SHA1
20c3f587c841981c8d5b23d1523a00de873990b3

SHA256
382a86e2473e24699b3eb0d8aa09bf34cbb04ced3a36647214ea0000050d9830

SHA512
6d5fec2cb113cc22ffca5955b747e304d99a10fd47bef427e30c9c9e8d7e3d7a250c664818067e7b50c135198d1c18234db5d780dcf17044ceec94d1c90b44b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF1898386849988094492.tmp

Filesize
405KB

MD5
8f2869a84ad71f156a17bb66611ebe22

SHA1
0325b9b3992fa2fdc9c715730a33135696c68a39

SHA256
0cb1bc1335372d9e3a0cf6f5311c7cce87af90d2a777fdeec18be605a2a70bc1

SHA512
3d4315d591dcf7609c15b3e32bcc234659fcdbe4be24aef5dba4ad248ad42fd9ab082250244f99dc801ec21575b7400aace50a1e8834d5c33404e76a0caac834

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF5687145584308398300.tmp

Filesize
398KB

MD5
ff5fdc6f42c720a3ebd7b60f6d605888

SHA1
460c18ddf24846e3d8792d440fd9a750503aef1b

SHA256
1936d24cb0f4ce7006e08c6ef4243d2e42a7b45f2249f8fe54d92f76a317dfd1

SHA512
d3d333b1627d597c83a321a3daca38df63ea0f7cab716006935905b8170379ec2aab26cb7ffc7b539ca272cf7fb7937198aee6db3411077bedf3d2b920d078a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\+JXF6980698558015989078.tmp

Filesize
397KB

MD5
fdb50e0d48cdcf775fa1ac0dc3c33bd4

SHA1
5c95e5d66572aeca303512ba41a8dde0cea92c80

SHA256
64f8be6e55c37e32ef03da99714bf3aa58b8f2099bfe4f759a7578e3b8291123

SHA512
20ce8100c96058d4e64a12d0817b7ce638cec9f5d03651320eb6b9c3f47ee289ccc695bd3b5b6bf8e0867cdab0ebb6e8cae77df054e185828a6a13f3733ede53

Download Submit
C:\Users\Admin\AppData\Local\Temp\e4j7E09.tmp_dir1734250731\SKlauncher-3.2.10.jar

Filesize
1.1MB

MD5
1495e81aa573744050268cb330af8281

SHA1
b67d9bda787a526c79128179e5000924bca11dd4

SHA256
3ce7e5aff85320e1d393eb34e918a6b71a667bccf08252fbdd512443e5d62f9a

SHA512
e321e4b9243815b4d0b3ab34c380c2b8da0e8e264b791018a4385967946e8cf320fb5bcb695b7aa75e5a9420ae6ced6ea3c05ecfaedb7a1a6e02a1438a2c9d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-4714682525800.dll

Filesize
23KB

MD5
8b9f16320499ece60d7ff0c1249c6df7

SHA1
cd8fc57c064533df66f0ceaaf5d76f8c4f8cb3a0

SHA256
f8a3af19341ac0f12f55ad28169d22b75aa66ed818692541307393c22f986727

SHA512
97384ee1faa1be807388f4077fde5db94010f06420b1ff3a05edf77fb91c9a8163b0a91cb1b7e648c0cd8c4d599e552050f64b8f7c5c81c1be60cd35f062e9d3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\sklauncher-fx.jar

Filesize
14.4MB

MD5
8e47f4fd8d7b457645747b198a3d3ed1

SHA1
fb80fb2d953e559cddb0016243c548be175f1066

SHA256
9fe3fa725b1a102e23d233ef470daf1b2541dc7559d5ca20153a55e791f540ce

SHA512
ead95e2c447af9f1d37cd3033598e7c8e74220ea2b06aceb0fa0f8a5954b5c1fc6bc17ac6eb5d5fa285da0eeb193ac6c80bc2d27458f6028cc8f37ec0738bda7

Download Submit
memory/1168-5-0x0000025CBDB30000-0x0000025CBDDA0000-memory.dmp

Filesize
2.4MB

Download
memory/1168-15-0x0000025CBDB10000-0x0000025CBDB11000-memory.dmp

Filesize
4KB

Download
memory/1168-16-0x0000025CBDB30000-0x0000025CBDDA0000-memory.dmp

Filesize
2.4MB

Download
memory/4108-160-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-83-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-206-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-174-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-173-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-223-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-599-0x0000000002970000-0x0000000002BE0000-memory.dmp

Filesize
2.4MB

Download
memory/4108-137-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-125-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-224-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-235-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-48-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-33-0x0000000002970000-0x0000000002BE0000-memory.dmp

Filesize
2.4MB

Download
memory/4108-253-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/4108-233-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/5032-19-0x0000021D84F90000-0x0000021D85200000-memory.dmp

Filesize
2.4MB

Download
memory/5032-29-0x0000021D83730000-0x0000021D83731000-memory.dmp

Filesize
4KB

Download
memory/5032-30-0x0000021D84F90000-0x0000021D85200000-memory.dmp

Filesize
2.4MB

Download