hxxps://shorturl[.]asia/WpyNX

Analysis

max time kernel
127s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2025, 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.asia/WpyNX

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-250031470-1197856012-2659781506-1000\{9DC80664-407C-455E-B257-8660851C27A3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-250031470-1197856012-2659781506-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
4188	msedge.exe
4188	msedge.exe
1100	msedge.exe
1100	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
5200	msedge.exe
5772	msedge.exe
5772	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe
1100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1100 wrote to memory of 2000	1100	msedge.exe	85
PID 1100 wrote to memory of 2000	1100	msedge.exe	85
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 3384	1100	msedge.exe	86
PID 1100 wrote to memory of 4188	1100	msedge.exe	87
PID 1100 wrote to memory of 4188	1100	msedge.exe	87
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88
PID 1100 wrote to memory of 720	1100	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://shorturl.asia/WpyNX
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9375346f8,0x7ff937534708,0x7ff937534718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6848 /prefetch:8
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=1756 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,8096214608641415237,14090480514981858213,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56361f50f0ee63ef0ea7c91d0c8b847a

SHA1
35227c31259df7a652efb6486b2251c4ee4b43fc

SHA256
7660beecfee70d695225795558f521c3fb2b01571c224b373d202760b02055c0

SHA512
94582035220d2a78dfea9dd3377bec3f4a1a1c82255b3b74f4e313f56eb2f7b089e36af9fceea9aa83b7c81432622c3c7f900008a1bdb6b1cd12c4073ae4b8a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0621e31d12b6e16ab28de3e74462a4ce

SHA1
0af6f056aff6edbbc961676656d8045cbe1be12b

SHA256
1fd3365fdb49f26471ce9e348ce54c9bc7b66230118302b32074029d88fb6030

SHA512
bf0aa5b97023e19013d01abd3387d074cdd5b57f98ec4b0241058b39f9255a7bbab296dce8617f3368601a3d751a6a66dc207d8dd3fc1cba9cac5f98e3127f6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0233cd7c-2960-45da-a424-7822271c04e3.tmp

Filesize
5KB

MD5
8be3ee9899a2626d0f1decfcfb0529d4

SHA1
37e4c2e76228653dfbdcb40b22c878561a37749d

SHA256
f429542a8fa94ab33be680a7949b7021e17be71a26dfa54a505ebf90593a130b

SHA512
6bc72cfb597c8dd886dbff613ad9d7e29e8070432a2138141fe62a6532741a249bfdba6b429d8828b916d3e97520db48da9fe97d3ea113ee7b5519c971dbecd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f93977e-cb42-4ae8-b917-65c632d54062.tmp

Filesize
2KB

MD5
1e4eda18274e5552ed9f35743d62b678

SHA1
4c97fb67139431fed6efdc5e2989eb39224b81c8

SHA256
7a0cb9c7af2faf32cfd0f010f4b82b6a63f91229f2d8b8fbec31a989f3e060fa

SHA512
e51dbbf15d4287828f5409e6fd4369a23adc8fc3d8a9b24c7771a2a787d71493fd26c440c8d582cc7d7ea1e43002fe28c12aa58cff318580318dc03f6055f2e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
105KB

MD5
da7fcae4308766368611b35916374158

SHA1
05a209260fd46aa423fc8dc987f4b1730efd82af

SHA256
6caaf6eb26118dd3e9fec44d6c8aa9158817d6599a15dc4d8329aac4bc9dad19

SHA512
c4d3c326b530f2f8fbc2367fadd36a3960435c7b00113a211cd001f3d9f4ac08fc58e8f26063869c37f425abcc8a7e68343ed9b96a90471aaf72658555173b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007d

Filesize
51KB

MD5
588ee33c26fe83cb97ca65e3c66b2e87

SHA1
842429b803132c3e7827af42fe4dc7a66e736b37

SHA256
bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760

SHA512
6f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000fd

Filesize
43KB

MD5
bfef1c88c7a2462d08b6930531953552

SHA1
6392a0f160eb73330bebd4c324535445e0783231

SHA256
5bb0ddc5e9112db6992a4eb1252b36b666ca8de22aa5d09b1d083794f2acef4b

SHA512
339ddb4c82a5456623c9ec0bf2574b22d7e98f9b2002d5d9616197dbac6a76742e146ec77e8d3aa8caa3c6178125bea0d9ec57324b28dd52e778055a4eee204f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
2482e9642d14b34b0ccb8a73fef83523

SHA1
11a7d90ac9619dbc55c5c1715d2cc49154a64a48

SHA256
e2f47c4cc3c296ec4091c56e38a725bad8df9d9d19d8c58de0d2c43ac0a5dd40

SHA512
f73932ba20a03e02414cfd265596f95697580fcb39a4c5f8026a2b55c72e4ea44f525419eb9a9eed79bbc5aab8c3fb1afaf7d0efbe7b380a72a8603e573d4919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c620cac3b100d4744798ee3933c8d4c0

SHA1
583caf84739906f212c66eb2893ddb589742611d

SHA256
f5c8cd73226dfa8cd6b2fe2c24c1f902646ed2f54348e9d8d63e929c0c6ab5bd

SHA512
b517cabc7a98625dba95d9ddfbf47c5c0dd33b2a7b4f2a4b49494648114e19df9142d10f7538dfdf0d33b89b3ca0c9da81f7c0ada7a76391cd33b8b5031a4df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
c5794b3bc4ac063839b92985eb7e3768

SHA1
c2306feeb9592ee6555d129d89b142863b828844

SHA256
ba743748c38140b8eedaf162c425b32d50a0cfcf680eb68be7a657e5e6fbaf14

SHA512
a746a1f1ce1bf8f6b937191460f12bf0f093b6890a67be8c4ec11ef5558d74417f9e3613db338bcd68da6d4ecffdbecae3981a1f4edc6d9bbb7f6d41116583a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\LOG.old~RFe592169.TMP

Filesize
669B

MD5
84fea6f4cb1a43b8a5c7f552d50a138b

SHA1
c7c32ea5b8e44defa59610d1b97d61b78c497838

SHA256
af6978ac399bd7a6cf21ad8bd2d1deedc4f11c07be4f091525636a8d8dabecf0

SHA512
37a33ec9fc6e8e16c2308a5b4d38bdb49dc4aac475561c9a1c77c1608216ca1303d880abaabc63dd5b53eb47f4e907ae2bfc74944e2ed4ca3d096d885826b9c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
100B

MD5
e2896794670f13dd2d4d13b86817b168

SHA1
58089c9c0955e754f116b29243b4c834e61e1570

SHA256
7a47c8951a8a2f9d0d66faa65fcb8653970dc9c8e08cc26287f6a9c2ec7cde7a

SHA512
2a14bdee064c729f2cacc90ac8f599cd355c02c0bdfcf7a543e1cbfe8626f3629626d3132810eae3eebd4685d71b306c9de99baa86be950f3698e48fa376f578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bcad6a100a645f8c41773c02a4a031c2

SHA1
398909652676b27c74eec9fcabb96519dc54dec4

SHA256
89e2e75d13ed5ea59ec4b877f60fb08b2f2c63bf92b60476df6bf2159a5b8e72

SHA512
c4e30a9113c5ab0142cc6a44bdbac64b539adaf7c67327a67e273de36913a4d04402da8c071abcb388333ef20abaee4f1a296001dc62b1fbaae5803342e4a75c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5a678414f1cd86a1806a8ca3e9278ad6

SHA1
ac5c5e168a363534a970ddf5afdce25c7ecb8ffe

SHA256
02225a091be7ace1bed20c6ac016d408368ab783d99acbfc917d997102dd85f3

SHA512
dd5dd7ae6de9ba4d3595c918c222ade2cb7bdd97f0e13e5a309682d5605bd0f3c284cceb9fb51ddc999e37ded210ea0369dd0ac15dd26c55da44f9b9473c9efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
251607499a4fe4784e3210a85205db0f

SHA1
f37f456812d8e1353ff71ecd9eef05bc1b97137c

SHA256
148e5938791257fc980b97df36845f75ccfb2cc83fc91d19817c40db8207c2ae

SHA512
2dd42d46bd864e23c383ce9fda73f080f42b3df3019885778b6115c872f14e4358979d057fb690eb1d325288d755c0d7909d1a65e8e183efcc1a913e804e2765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4da14b0de3d11a6e4fb6c11ef722ef69

SHA1
17074b8ee4acc574e666960027cedcf11bc3c8b8

SHA256
16fa5203979bd0f8009975f3927e8171e9d242f812416c19f5bd80dda5f48337

SHA512
3659c27cc1eeae8246b2460135dda711c75d33e6be7a56da89cf76428ec8ab0e58af0f4ff36fe65d634999900e406367a8f0e0ef6a4cd53253b135ca788cb71c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
27005618d3f82e4b8c84dd75bf5e2901

SHA1
033930d40fd9fb7e24c5e0d159724e8482afa527

SHA256
afc99b2f84b850a72f733f4212cd8eb8e65c48e41dc49534d9080c5eac5ff7c5

SHA512
1002d202f1ed96da74f99ff4d93cb4649e291a8b0ec59ece5c39b1d997f8dc2beebd551fe357c92c220eeffddc741a66aa768d7a89788934a185b0a64799ee9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55f8e3a248101a2da5e0062e310879c2

SHA1
71ce54b85b70d270dec579d5c7122a3055ec27bb

SHA256
c7177259a5c0d87b4001d15a77aed42a99f5030e7b0f4089226b214493293f54

SHA512
8d2a9515f42ffe09c991f40e8104c522b97df78ea5adc39fc368c91e03d0d4df6c1d6080d5bf6e70c352921d769e1b4acf2fa1cdb7ba2df8369066afe59cb2af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eda670d361eeef15255d4e227f93162f

SHA1
ebea0430c255182c9df495d7ff83b7879838e5c3

SHA256
557d3a06a669151fd0baf877427848eef828ccacc25342352d64cc37dce4badc

SHA512
7d28e0f9f543068383836dab6138f20078fc69673231a59f86b2598f83be7aa73f2c58916b410e954209b90c594528ab2bfc802aebcb5ca48b1e43e4b90aae1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
227d643eae8aef0c0482351748619003

SHA1
750ee3a17dba00ff1f6bc237f79c116bf28cb813

SHA256
68a2f63d0426282fcc9afc986735af621dd1fef69f77459482e7a2306e6cc98c

SHA512
302fe4c3282233358b5330bf0bb0189b8301ff5820e68a63c8bfe812b4f16c317d69a9ff0ef62d488ba82d53b3873172a6476f2eeab120867604119e25d663bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f26e.TMP

Filesize
48B

MD5
bba7fbf3bf5c0cc39869d4e529bb22fe

SHA1
2739eb741a9b69186773bfde495609ed6826dcaf

SHA256
5fcd02ef2677026e629e76428c669e2a32062db4eecb13de739b4d0fed34d7c5

SHA512
025bf85226bfab50289be9f73026138ee1c67c75ced0c047150144577d7ccc68fa8ffba5d5e5a903087b1bb239b8c5d6b515c2ee829d8505dc0311c3c8653cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d81e5d8ac393617f19896faed7b43ea3

SHA1
5402dde0e9a60b730729c01994a550487a9ea782

SHA256
9e5f8a638b6d353b0f3acf3be7c28b78b330b81b77ace28d2a48fb3cf1a067ad

SHA512
a43c7bf1cfca0fcf6e93e30562000f4bdc2ebfd641e00dc5cd8b3459456756b69e1fbd7bb30398d674a2ee96bc093cd1ffbd82bd74aed6708918580767afa8aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f9bbcb6a2f6e9787dcb8657498e9fa2e

SHA1
217d1d532f4d4c886c07127f73788d05a08dae0f

SHA256
c753da92ac6f54330d16ec74747fd9cfcdbc307a86e17f2cf4fc180f4716d4b8

SHA512
e060f5a0b0ace6cb52a99b178c5bd315104e2a7f00ba85154b41141aae7d5afe5d234bac8934dc2a15017e9c3c1d08b1f69199dfa265737c25ce4c3d68a9babc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
64ccf3df9b5b2569dbd8b728ee294440

SHA1
5584325d0544318da2991011a48457600879bdf2

SHA256
473093189d03bd364fb4d898286da765abac5d7f6ad2917beeef064c1932aa43

SHA512
472cbfef46929d7bf183d2c928bc8aac6b07419089564a81f4b02c985c134c5a5d2a53f4d90070cc1bf2efd9f0a2c71a8426d7b552d722b1405b879f4ec79a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
bae6c950804541f8792dde24a0204d26

SHA1
2acd5fb80eed68e79f099f07148ece49929065cc

SHA256
b8899816a47434aac7757d0cee82c573d2876054bc804e12a1e25687b414e0e5

SHA512
2cc986f677b1d40e1ebf894313cf7d52e205ca83c199fac20ae9408333fb14b4840073befd2daec582299b3035dea506f4c3a8a479252aef51c1a4850aad6ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
63a5237aef0c817f8e7b0c873fc33307

SHA1
72a7b21d0f762c69d64902f760446c9da6f088dc

SHA256
3832a602a591741d0fb4a4dd71fd92d63ac72830983fd53863f5330f75afc5df

SHA512
537d7e803606dcf83268f43742be960bda6c946564be733f57e5ae52b4844c3d0a2d473c2a266039d8836a54efdac6424d6b889a7728029e56272ba997212243

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4959d3d9507f63733966470c5a259cbd

SHA1
96b6ba37ea3127393a01b28bc54175ea6f26d7d4

SHA256
5739f0536eae27b4a562006c1be9c26dfad650c7d096b22e41da8e181ab8578a

SHA512
c2ddd3258ef1fd15d9176f0f6f793600b15c168329ee11da97be2d35fc629fd30ce9bda6708cde8bfa781c92ff44aff178488a0220a6cd34a3e778433d472a43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2e29fc0ef337e1989461d53409803571

SHA1
308cd7c084e6c4675ff120d665bbb453628dd1be

SHA256
1d3daebd8a8c5f05e465d41cefa0c586148993c551d42389fbbbe93df46be8c6

SHA512
9da712e9c25fbca6475816159d15b8d1c85aa898e8696d87e9eb0a1f1b3047a8d91a7145462f181308876848fd441cf29368fe0d2ccce08f5e105ca04157ddde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
012eac2432c2f7425558ea8936f3e533

SHA1
372ef887d42f5b7e304992e2be988e9f1b352c4d

SHA256
3f43729360830425037b3ec42b9db1ab7188fc2b5b561964f574d2a89a2ba59d

SHA512
20d5374fca89965ee10bc9fd34b1ee0c00d482999f0610006d8f291c84220baaec5d21b9cb70520349012628077b239599d177a478b3db49dcd0b6ab68e03368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
955e400f4ab02f3ffc156c9837dd9a9b

SHA1
e9e715558cb1598f776f381ba45bcb3cdbf23e03

SHA256
c63b82996acd07ea52ead4ba4fab7119ddb098f6d1b3e7f8545ab3c7d0c048d6

SHA512
6a71855808ce69571554f3374a13f46cbe8fd94473af781df33852961420b2a5ac7cd9aaa5253e84a399fb15c2de50e1c879bb916d73731c45f962e3935c01b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57eb0c.TMP

Filesize
1KB

MD5
d054fe51613e3cd10ad03bb50159e2dd

SHA1
a0d8bfd9c83b1be0b518b9732229116040308569

SHA256
5b8f4335151df4442f9599468c55966dc05f873a592f4b68a3d004050af2105f

SHA512
95367fc1c4d794296ab4f7687eb8fc020be8e32a0c6118c6f54214540d3526141716b6427ad1ba2dd93ade502a792526786ea817a1837141fa034e668ea9321f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dbb8967b29368bccce24fe009bfc3224

SHA1
8ff3ab1389d988520b0f06d13e4785ace602156d

SHA256
8ffdadeeb77f153b94d52ed583acc064670e4d17eabeb3779b59d88b257d8db2

SHA512
829e04d5a46ab83713e6f4f8d3a999cff62012cec254e7fe0c0a2d0354ea28f7d3b520115788baddb9527fc70a61a32d56be1939a2e672cf108d3e5c1d0b1d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5cc1a336e94097053b0567262bde4fd6

SHA1
1dd9147b0e8a7268286e59a6a592ab054d094fe6

SHA256
ecb66aea06271e46ad78c29686e8dde6c9cc802d1014c435dde8b6deb9e19d60

SHA512
176c320a7a7c8c85a75c85728cdee9d0b38d090908ea272cff90a668bbe7b7b631de250b9d81fed80df2a30c4e81f6c86340076b7d18b8b139643a5e8e811be1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit