acd46bcfb429d578216e878454dd366e73ea970f4a8ecfec0773f89ef034136e

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
01-07-2024 03:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea7431d7d59c8ebcd36d5fa9ceb94e05.exe
Size

14.5MB
MD5

ea7431d7d59c8ebcd36d5fa9ceb94e05
SHA1

7be7d9f8819473ec1cd409620d34633f55bec785
SHA256

acd46bcfb429d578216e878454dd366e73ea970f4a8ecfec0773f89ef034136e
SHA512

d32dbf75dd1fde2b53945289429f2ad3b18f5e8cc359528831010583b151be5365d5d0d31eb28c12f0edd8ae09fccf412becb55fbcef7a52b9cc58cd61192260
SSDEEP

196608:7F8ZMMz8nuCXsHdseex3/MZJdBjXNUODfZIZugskU0SB:7F8ZMMz8nuCXsHmeAQJdBh2AHkU0W

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

Drops file in Program Files directory 19 IoCs

Processes:

msedgewebview2.exe

description	ioc	process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Filtering Rules-AA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Filtering Rules	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1315354020\manifest.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-RU	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-ZH	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_51263035\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-DE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-FR	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-IT	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1315354020\manifest.fingerprint	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_51263035\protocols.json	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\adblock_snippet.js	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Filtering Rules-CA	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\LICENSE	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-ES	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\Part-NL	msedgewebview2.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4532_51263035\manifest.json	msedgewebview2.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedgewebview2.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedgewebview2.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedgewebview2.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

msedgewebview2.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedgewebview2.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133642798634366426"	msedgewebview2.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

msedgewebview2.exe

pid process

5500 msedgewebview2.exe
5500 msedgewebview2.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 1 IoCs

Processes:

msedgewebview2.exe

pid process

4532 msedgewebview2.exe
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

pid process

4628 ea7431d7d59c8ebcd36d5fa9ceb94e05.exe
4628 ea7431d7d59c8ebcd36d5fa9ceb94e05.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

pid process

4628 ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

pid	process
5500	msedgewebview2.exe
5500	msedgewebview2.exe

pid	process
4532	msedgewebview2.exe

pid	process
4628	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe
4628	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

pid	process
4628	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ea7431d7d59c8ebcd36d5fa9ceb94e05.exemsedgewebview2.exe

description	pid	process	target process
PID 4628 wrote to memory of 4532	4628	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe	msedgewebview2.exe
PID 4628 wrote to memory of 4532	4628	ea7431d7d59c8ebcd36d5fa9ceb94e05.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3120	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3120	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 3320	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2512	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2512	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe
PID 4532 wrote to memory of 2088	4532	msedgewebview2.exe	msedgewebview2.exe

C:\Users\Admin\AppData\Local\Temp\ea7431d7d59c8ebcd36d5fa9ceb94e05.exe
"C:\Users\Admin\AppData\Local\Temp\ea7431d7d59c8ebcd36d5fa9ceb94e05.exe"
1⤵
- Checks whether UAC is enabled
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4628

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --enable-features=MojoIpcz --lang=en-US --mojo-named-platform-channel-pipe=4628.1536.14652891490780899424
2⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:4532

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=125.0.2535.92 --initial-client-data=0x15c,0x160,0x164,0x138,0x16c,0x7ffcc0014ef8,0x7ffcc0014f04,0x7ffcc0014f10
3⤵
PID:3120

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=1788 /prefetch:2
3⤵
PID:3320

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2104,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:3
3⤵
PID:2512

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2364,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2388 /prefetch:8
3⤵
PID:2088

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=" --field-trial-handle=3616,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=3624 /prefetch:1
3⤵
PID:1632

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=2240,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
3⤵
PID:5184

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=696,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4148 /prefetch:8
3⤵
PID:5376

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --field-trial-handle=4636,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=4508 /prefetch:8
3⤵
PID:6084

C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\125.0.2535.92\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView" --webview-exe-name=ea7431d7d59c8ebcd36d5fa9ceb94e05.exe --webview-exe-version=0.33.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4492,i,486943386912243204,17846564386648116164,262144 --enable-features=MojoIpcz --disable-features=msPdfOOUI,msSmartScreenProtection,msWebOOUI --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:8
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:5500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=3932,i,3833046924978547022,12404847742964713612,262144 --variations-seed-version --mojo-platform-channel-handle=1052 /prefetch:8
1⤵
PID:1224

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1315354020\manifest.json
Filesize
43B

MD5
55cf847309615667a4165f3796268958

SHA1
097d7d123cb0658c6de187e42c653ad7d5bbf527

SHA256
54f5c87c918f69861d93ed21544aac7d38645d10a890fc5b903730eb16d9a877

SHA512
53c71b860711561015c09c5000804f3713651ba2db57ccf434aebee07c56e5a162bdf317ce8de55926e34899812b42c994c3ce50870487bfa1803033db9452b7

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4532_1624778690\manifest.json
Filesize
116B

MD5
1b8cb66d14eda680a0916ab039676df7

SHA1
128affd74315d1efd26563efbfbaca2ac1c18143

SHA256
348c0228163b6c9137b2d3f77f9d302bb790241e1216e44d0f8a1cd46d44863c

SHA512
ab2250a93b8ec1110bcb7f45009d5715c5a3a39459d6deead2fbc7d1477e03e2383c37741772e4a6f8c6133f8a79fbabc5759ff9f44585af6659f9bb46fbe5d6

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4532_51263035\manifest.fingerprint
Filesize
66B

MD5
0c9218609241dbaa26eba66d5aaf08ab

SHA1
31f1437c07241e5f075268212c11a566ceb514ec

SHA256
52493422ac4c18918dc91ef5c4d0e50c130ea3aa99915fa542b890a79ea94f2b

SHA512
5d25a1fb8d9e902647673975f13d7ca11e1f00f3c19449973d6b466d333198768e777b8cae5becef5c66c9a0c0ef320a65116b5070c66e3b9844461bb0ffa47f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping4532_51263035\manifest.json
Filesize
134B

MD5
58d3ca1189df439d0538a75912496bcf

SHA1
99af5b6a006a6929cc08744d1b54e3623fec2f36

SHA256
a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437

SHA512
afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\AutoLaunchProtocolsComponent\1.0.0.8\protocols.json
Filesize
3KB

MD5
6bbb18bb210b0af189f5d76a65f7ad80

SHA1
87b804075e78af64293611a637504273fadfe718

SHA256
01594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c

SHA512
4788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
8a9f3d7fff1ba3f4895f59f89b2214cd

SHA1
0544e0e24e2b438355f24092667c45a118823cbe

SHA256
3a3839dbdd9cb351a55c31a3c6a249a2103216616d68acbd45d204646e27ae16

SHA512
53f43cc0439b7736aa43f91b17adc0aae14fc3e5052e0550f3f989fff61e7ad17925d7c01b1b72a164fc0330e7c328f18af16030c8dc1be5cb065da943a5f736

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Crashpad\settings.dat
Filesize
280B

MD5
88c107839ab5e3905850dca853285a56

SHA1
d110b437474e6af490587cec16fd12633e4c21f7

SHA256
6b5ca28165e557c6595b3da4166895525f69f7e0e58e2593fa45d25d8cd41fa4

SHA512
fc4d69192ac2bb36472490bb22494b23e2872309cb47b143e453fad33712e12ddb8d952de4a0e2ef42dbc64c71bfc6a145639041b8b34dbad15742f1c2d4a6e2

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Crashpad\throttle_store.dat
Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Code Cache\js\index-dir\the-real-index
Filesize
192B

MD5
e650d6ceaa3e41c6a13755f2c730d3b8

SHA1
a45ed88e6735569788de8d735efdb2e6d0e5f10a

SHA256
5c651fe1705ca780f2c011ece2c4f58971aee04bbaaee13ce7fc9cab58a9397f

SHA512
5a4a9d471bf05f442f3b0a4e2551c73b1b105e6951a15480420dfa6909a6df0a8697d869c12c4f2520773ec70464ccac5b5f1a535b869d2be29bf7949091d5e0

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RFe586f9d.TMP
Filesize
48B

MD5
5079a5851692264a4a5ec426d92f0670

SHA1
edb3ba309ef8122f0fcde51c85f978124fdd153f

SHA256
732a845c0649e2bb652acaf8e80a4e44f3ca28c968518ddaef4a1d6f4c5e5378

SHA512
c3aa5fb0f6714893a6bcbbd3e48c8e36f6fb291b5f4ad227ede04fb28b9525fa0e77658f66b94a9abbf33276ff05d51d5a10c97f33e971537abfe8548f47ce20

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\DawnGraphiteCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\DawnWebGPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\DawnWebGPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\DawnWebGPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Extension Rules\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Network\Network Persistent State
Filesize
702B

MD5
5fbec4145fbd8593a45c0c8714a66e2f

SHA1
b0506ac06007866284916408c3f8191891e8a55b

SHA256
3c9a2114c0ed47370e8a37dc3493fb3a7337402af1f8cbabd7615b0424050938

SHA512
6a4823257a5424567fd710b196bd26e9cacc747e6e09b35f3e65b91e84b251bf79202c1825cd8664783e020e1c7a031aa506191445109b19b3eef1d17398905c

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Network\Network Persistent State~RFe592d02.TMP
Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Preferences
Filesize
6KB

MD5
d0203feca8986d35c88973812a3dc62e

SHA1
dfc3b6271c7d21caf858c97565de6f1431a0211f

SHA256
543a9528b10fc548245c790caeb604cf7d7ada7d4a4d197c33ac0a726c4f9b26

SHA512
e2ca4d1221032a6ff77b4235fada2fe69db70c8ff2298b4057c37340a6c38e1a433c2e2bf51f5a65ed5f1dd418a651b960260216bd115b6bb12d5a11bb02ba39

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\Sync Data\LevelDB\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Default\bcf630b2-8463-4c9c-9298-2694b5325d03.tmp
Filesize
6KB

MD5
8356a4bfa277c916e427f9370768f6cf

SHA1
2a6efe7c57d02b1f20c59c33bd581eb5830d9d53

SHA256
4731ab20e8dc9e0577ad493ea4f524610f379c89815eb9b35548712d122c8425

SHA512
f7ac8ad91949dcb4b407e1d1c335aade482d4b3f118a120e7ce28a303c9fa81c8bbb9faf95e29bb4dcbd81702f3f4e63dce1fb0c9e84b28e18c8bd27f537a8b1

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Local State
Filesize
1KB

MD5
03fd56a99da8075ca1dc27bf5f55b197

SHA1
2ecffe116ca14f687983b640d3874e6ec6fc54d7

SHA256
012548777b30b017a8c1a3af21978b53d579592d949f5180022900b6bd58116b

SHA512
b9dd8ea24afba409a21638560fc00d753d90d9c347e2c5040f7c4eceff5e71af14f84bee403381e0b1c35a09412687b37aa10d20ddea98799aeb663217a3b3e5

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Local State
Filesize
2KB

MD5
60318444c1ebda83c12efed40762329b

SHA1
02ed75b1151d93bc058642913da1b27255e9a6e4

SHA256
99216a993b956c1a705f9a91c1cf1d7f082ecccdda167b605ed20ce5026daa5b

SHA512
a8e8ec66dfa4be59eca53a2a39600317e379bd9ecc84637ff9b6b60447b619f06cc32e1e693ef0864e3e18df6b724557d42c7948ad30ef3233c571ff77dd9388

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Local State
Filesize
3KB

MD5
285ba3f0c77b2ab2b52f24edc3b5ae32

SHA1
4ab3f5c6b1f636fa78f8d9d594f182146d6c5d3e

SHA256
29fb1f14238fb35d78e40b05d5761f0afc5786ac6bc71b897cdf2a1af964c142

SHA512
fd43253518ca16cf97a16e6b204697e216570dba9385259a860334e7d4f47406dc1e5c24c973e29a6863bc95ddd4fd19fab8d0ba988130182f1897e078828fef

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Local State
Filesize
16KB

MD5
536467b4a9f01520189c231fe4157969

SHA1
78115732898164503413c9fb34e240014dbe734b

SHA256
33d77c7c8a04f351d3b2cc0e23e57ecaef9f348bccecc7b64eb8dc20b31c4b78

SHA512
f920abe5e456524143c8214c031d6fc70e53664a20f529415169b74179b86cbb9c6ad8d7f959836e09bca4b8c410582f1c39a2ee72e124f750f5d9d7665fe969

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Local State~RFe580d0b.TMP
Filesize
1KB

MD5
b3feedeeddc35ab908b198bd3d5a5567

SHA1
d5525405e62b923aebd92831f182887e0d8b8653

SHA256
20f8812ce9d47ba9603d3e39db24330e24b785600420098606ef25bc2e9e6b8e

SHA512
b5be8e2a66bb54dc6c75f1a68184358312fc70b0b8a77937b3da158d433536298bd7fbe6493dce6b65a489c872e1e667009726e6e1d7a8a73e704117facba57a

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\Filtering Rules
Filesize
1.8MB

MD5
a97ea939d1b6d363d1a41c4ab55b9ecb

SHA1
3669e6477eddf2521e874269769b69b042620332

SHA256
97115a369f33b66a7ffcfb3d67c935c1e7a24fc723bb8380ad01971c447cfa9f

SHA512
399cb37e5790effcd4d62b9b09f706c4fb19eb2ab220f1089698f1e1c6f1efdd2f55d9f4c6d58ddbcc64d7a7cf689ab0dbbfae52ce96d5baa53c43775e018279

Download Submit
C:\Users\Admin\AppData\Local\ru.contact-centre.kot\EBWebView\Subresource Filter\Unindexed Rules\10.34.0.54\LICENSE
Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
\??\pipe\crashpad_4532_TLDRXDEXIMXTXBBP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1632-123-0x00007FFCE6600000-0x00007FFCE6601000-memory.dmp

Filesize
4KB

Download
memory/2088-47-0x00007FFCE7CD0000-0x00007FFCE7CD1000-memory.dmp

Filesize
4KB

Download
memory/2088-48-0x00007FFCE6600000-0x00007FFCE6601000-memory.dmp

Filesize
4KB

Download
memory/3320-26-0x00007FFCE6600000-0x00007FFCE6601000-memory.dmp

Filesize
4KB

Download
memory/5500-389-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-388-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-397-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-398-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-400-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-399-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-396-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-395-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-394-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download
memory/5500-390-0x000001978F190000-0x000001978F191000-memory.dmp

Filesize
4KB

Download