hxxps://url5486[.]marsello[.]email/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui6ht-2BWYXmmF2xLnklTvm-2Fs7aGimL7rNEblqsm6pBYWX469fIKxzee-2FzqeXIdFJndzcu4FxrWsQpLCYpegXW1iz43PbaXIgAF4hIrYMBHPLXgYuez6EibnQRyrv8-2BfLO7OQ-3D-3Du8gk_EHa1wpvfmmuf-2B-2FT5wK48X7OaDBmhfM0X4pDFBF1HSSQWDsTLUXvYusnUKNxIPR9V0yILoHD0-2FG9ZBTdX-2F2LFYKj60yyO4UxRHFULUdVwK2tDcfE2ZARfjFWW4F0pVE7MUJHognABilMynMh8s8xwYaqW-2BkOgjeDM5u17gDjnScDMRKqgXs0jUCOncCeO4kR3QUIp76twQr0IHR8d1iIl3nClVLmI-2B0gBqHJu7ZM86z2C5tgiflj63IM413kvLdjt-2BBLRxr61Zl5lL5BbV2e20bPYUjp0CwZ0xKt5ICmhVsGd0R-2FcsRQAeaQszKCV3iYvuNryo2FfQ7tEbD-2BSKooKDeEoakJEXIbQS95U7W-2F7KnVn6wGbl24raCMSBlxWMBP15wBtE94ivU-2FpK3UYNPdoA51EZCLb1Dy-2FKSo4ClAR7Zwa7aqk-2BUCb72-2FQnGQb-2FzzH7VpMAA0AUElT82PB549VoIItYPNzjzzffJG2wDLqNM8GquwHfD8Z2QvyW8lB8d7HUKuHca1VFAv7RcebUr5t1gi-2BYQydrJcVVj6E69UNLa-2B38XBb-2BoOre0LtZpZHM5EvKoNlbwFNPQHBOO4RghKnt7SLZAvr113Mo-2BVRR9CAtnAwgai3rQv-2BI2Qs1tZkvdipVZr9OZufgDkYN5ZntxuaAvlYqFYgzuwCT3ICIIwv-2FTI-3D

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url5486.marsello.email/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui6ht-2BWYXmmF2xLnklTvm-2Fs7aGimL7rNEblqsm6pBYWX469fIKxzee-2FzqeXIdFJndzcu4FxrWsQpLCYpegXW1iz43PbaXIgAF4hIrYMBHPLXgYuez6EibnQRyrv8-2BfLO7OQ-3D-3Du8gk_EHa1wpvfmmuf-2B-2FT5wK48X7OaDBmhfM0X4pDFBF1HSSQWDsTLUXvYusnUKNxIPR9V0yILoHD0-2FG9ZBTdX-2F2LFYKj60yyO4UxRHFULUdVwK2tDcfE2ZARfjFWW4F0pVE7MUJHognABilMynMh8s8xwYaqW-2BkOgjeDM5u17gDjnScDMRKqgXs0jUCOncCeO4kR3QUIp76twQr0IHR8d1iIl3nClVLmI-2B0gBqHJu7ZM86z2C5tgiflj63IM413kvLdjt-2BBLRxr61Zl5lL5BbV2e20bPYUjp0CwZ0xKt5ICmhVsGd0R-2FcsRQAeaQszKCV3iYvuNryo2FfQ7tEbD-2BSKooKDeEoakJEXIbQS95U7W-2F7KnVn6wGbl24raCMSBlxWMBP15wBtE94ivU-2FpK3UYNPdoA51EZCLb1Dy-2FKSo4ClAR7Zwa7aqk-2BUCb72-2FQnGQb-2FzzH7VpMAA0AUElT82PB549VoIItYPNzjzzffJG2wDLqNM8GquwHfD8Z2QvyW8lB8d7HUKuHca1VFAv7RcebUr5t1gi-2BYQydrJcVVj6E69UNLa-2B38XBb-2BoOre0LtZpZHM5EvKoNlbwFNPQHBOO4RghKnt7SLZAvr113Mo-2BVRR9CAtnAwgai3rQv-2BI2Qs1tZkvdipVZr9OZufgDkYN5ZntxuaAvlYqFYgzuwCT3ICIIwv-2FTI-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1272	msedge.exe
1272	msedge.exe
3468	msedge.exe
3468	msedge.exe
2304	identity_helper.exe
2304	identity_helper.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe
3132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

msedge.exe

pid	process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3468 wrote to memory of 1208	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1208	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 4860	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1272	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 1272	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe
PID 3468 wrote to memory of 224	3468	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://url5486.marsello.email/ls/click?upn=Xn88PJeNIL29Y2OVpP6Ui6ht-2BWYXmmF2xLnklTvm-2Fs7aGimL7rNEblqsm6pBYWX469fIKxzee-2FzqeXIdFJndzcu4FxrWsQpLCYpegXW1iz43PbaXIgAF4hIrYMBHPLXgYuez6EibnQRyrv8-2BfLO7OQ-3D-3Du8gk_EHa1wpvfmmuf-2B-2FT5wK48X7OaDBmhfM0X4pDFBF1HSSQWDsTLUXvYusnUKNxIPR9V0yILoHD0-2FG9ZBTdX-2F2LFYKj60yyO4UxRHFULUdVwK2tDcfE2ZARfjFWW4F0pVE7MUJHognABilMynMh8s8xwYaqW-2BkOgjeDM5u17gDjnScDMRKqgXs0jUCOncCeO4kR3QUIp76twQr0IHR8d1iIl3nClVLmI-2B0gBqHJu7ZM86z2C5tgiflj63IM413kvLdjt-2BBLRxr61Zl5lL5BbV2e20bPYUjp0CwZ0xKt5ICmhVsGd0R-2FcsRQAeaQszKCV3iYvuNryo2FfQ7tEbD-2BSKooKDeEoakJEXIbQS95U7W-2F7KnVn6wGbl24raCMSBlxWMBP15wBtE94ivU-2FpK3UYNPdoA51EZCLb1Dy-2FKSo4ClAR7Zwa7aqk-2BUCb72-2FQnGQb-2FzzH7VpMAA0AUElT82PB549VoIItYPNzjzzffJG2wDLqNM8GquwHfD8Z2QvyW8lB8d7HUKuHca1VFAv7RcebUr5t1gi-2BYQydrJcVVj6E69UNLa-2B38XBb-2BoOre0LtZpZHM5EvKoNlbwFNPQHBOO4RghKnt7SLZAvr113Mo-2BVRR9CAtnAwgai3rQv-2BI2Qs1tZkvdipVZr9OZufgDkYN5ZntxuaAvlYqFYgzuwCT3ICIIwv-2FTI-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe2f9c46f8,0x7ffe2f9c4708,0x7ffe2f9c4718
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:4860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
2⤵
PID:224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:4584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4300 /prefetch:1
2⤵
PID:792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
2⤵
PID:2340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
2⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
2⤵
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6252 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
2⤵
PID:4416

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:1
2⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
2⤵
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:1692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3534058111426230135,18148572244342507603,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
16KB

MD5
77187995a7ce000e0241b95145ff3aee

SHA1
5286890216950e29852fdb73e11978b5998ed706

SHA256
11113c59430ba7578978ec26a94d5007d5da8fb603910cb5952c35949876f6cd

SHA512
5183cdff78a6045dcfe00c027d3df52f34126625e1833175d4bf69f2fecb1776651d18c6e037151db17c85a71f5ccf9d533afbe34b8e2897b6c89ea4e50973b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
33KB

MD5
27a05b77e7bba6c2b279f1a67cd6acef

SHA1
3164de3d460475f745bba673aecd9f7d799d7509

SHA256
71aca97ad43f1a016bcc6a04f90587cba90db71a03358130d686acf042e00f83

SHA512
5cdf58d637dc70be10b36d7ca7230404ca4cd58af53028183cfc28335dd8d3ccb24f0653c0844acf67deb18f8b529dfa83ecb2af34dc1129662dbdf20c0bba06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
19KB

MD5
22d0c9fb783be9872e403b59abda6c4f

SHA1
1664f7acfda8dd86abed2ee3065b8fe2031d07c4

SHA256
0e9d548fbd6eb9d25921d5e8a2aa9fc728a099d17f65c9852bd6883dd5faa668

SHA512
5f6df4c1b662234013e1357b8fb8e19dfc23fb823f497250d7eaa1ae0c969a2bd143174a4c913b89d1ca100ae8e0e757ecde7bd60b2ce65411daba8d4d1a1d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e2fade08cbf9767ed9ba5643408bf7a2

SHA1
3f6d2089e1ba32f0813ac67f772c0d605ce625fa

SHA256
e38fa60411c48cf6334b8575a8121a627fadcdbe999dea07256dff3fde0ccd0c

SHA512
0e4f8aef4f2e85e6345f3d9a990647b76e5b90cf8b5b9d6deec871076ce3c7b04ae8e995d2bb6ffdf29f8ca3edcbaa2dbc0d6af3b51fcd9f9b5e7abbededf3b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
2ee7f9131dabcd8f39abf66ba0e8e9d4

SHA1
c34dc7b960c6f226d8f834868540ce8a404a129f

SHA256
f7d4327f5f4c6b2e8943621339fb040090cea459726ef19e3a0c61f5c318effd

SHA512
c6f009ff8138eb599cfcf655591722953bed319c5d6152110cf012358b8114426f9105c0eeecc41fc32648efbc8de584f02c0e1a339bd09b456a88406c3afe6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2b91651ac68691b282e463dd53ad6148

SHA1
e6d7ca9efe7371016acdac8584c9efc948ea098f

SHA256
53c1c3d0d177551a7bfcc9ffcafd7148afc7ca9c1ca2363fc3e8a19fd077a446

SHA512
f19bebe1022d73da240b298217d2e2cc4ebff305056aa37bba36a2c24172aa1eaf747d41381982a6386a0f7dbd076267ef77b5851b047563e3166096120e7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
23d7561fb616a36b68c9cc49c5686479

SHA1
108eff2d3f5b8a592d08e22cf0a389c699c9a0f9

SHA256
ad17cf276c4e6dc49dff33eef9060e41e5262b45f5ea3e6bcaa363e3725dec88

SHA512
2123e73fc1db21185d206d43416223a3de83be1d32699abfc656c823aa8abf89cee146a6350cc8408edc0ead8f3aefd167a6e933e0b5d84dc6b418bc06b75210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de4e8c9f549d75d0c76ac6ddc69b2cec

SHA1
9c5bfc0abe53d3e487688335ca7127ee60a89a44

SHA256
b6943b95ddc7ca097ac52077ce86ca547788770bcb60ff4685b41fa657fee40f

SHA512
5ed14db332946af801d6e89cea841b859c837c8f695fdcd797ce94fca1db2b6cd71407512f7782d29874c266ced0071b884bd7e35cc1c34a937609a5d0e95bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6db2d2ceb22a030bd1caa72b32cfbf98

SHA1
fe50f35e60f88624a28b93b8a76be1377957618b

SHA256
7b22b0b16088ab7f7d6f938d7cfe9ae807856662ce3a63e7de6c8107186853e4

SHA512
d5a67a394003f559c98e1a1e9e31c2d473d04cc075b08bb0aab115ce42744da536895df2cec73fa54fc36f38d38e4906680cfacfbf4698ee925f1609fbb07912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5dac8cd63a967d7d356fdb996a1fd526

SHA1
d746f6f654a99a964865da7c1f4b30d81afb71c6

SHA256
5abb97ea044eb42c15c23335d498dce011d9f3c85eb5525ca4e05fdda5789911

SHA512
0fafc9fb53eefbf23e42c9e75303e98007bf74fe2b0a6a5ec010b299b4f8506766d38dac7f25dffbd048f299d442cf2fd3708620006197dd662de16548de460d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
179a173f56c5bea353337a7adfb4634d

SHA1
79cc35775e0d81db077c37a436f165f4068b0e16

SHA256
273c8063f817f44ea8720731d99861f538f2757f9cd0e9156a91a8a8246a4147

SHA512
84e80abaa81ad52af0921e505079eea033c455088656154fc1daca3c6084da67c7b4462b88b2ff2ada70043eb6163105dea24104949f011acd13dbb9ef90049b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bde1.TMP

Filesize
371B

MD5
e7bbaa920ecd61397d9d81e3ca6a45d7

SHA1
af021fb157a768adf3de3a4ab9331d4f75af2464

SHA256
040bbd5453cc36fa3dca66f653f27467681221b90f6119a99db24a098717bedb

SHA512
a3d9104b468d5a1f04c99103c50ba7a9023356dceb30dd389fdcb6812e3f6aa7322d3a941135806f8c50c83df30e48961bbbfe699e5c80f40ae7bbae3515fcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2e4d837-7590-4924-a4f7-c4f195e22cb5.tmp

Filesize
5KB

MD5
4ecf32b1225b53ec7c3b6d4a17c082a0

SHA1
72f59b12bc01b2c392a329f491cd8319b6795675

SHA256
5a12d63c71ea9df59e7953b426c35e3bbd32d5f1cf6192dbace09b14ddd49495

SHA512
68e503b3de4670429a69fa2199127d4a7d7c1f3020511ed3bec6396e625ddd58f46daecc2794f2e77153a4ae45324e591bccca0b44c7f46d52dbcdc9ea23e319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e36162ace702e56289791c6a64803f94

SHA1
b001e0faf9a9e7e0f4c6cbfc7445ade75e290251

SHA256
d02cdf72921d3df72ee0674054b0da55f99aab64a2eacbc8935ce00987362536

SHA512
259f2e6a10c4859ea1ef8ba2eca146ebbaecb9c1c97950000e68efba5dfae965e69a4e7ae49924922864b792fce5531f241654469d48552483bc4c1f1f27f889

Download Submit
\??\pipe\LOCAL\crashpad_3468_GCJYPEAUMFWAKPWQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit