hxxps://www[.]dropbox[.]com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-02-2024 17:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3791175113-1062217823-1177695025-1000\{4D01A9E4-4F75-4766-9D28-725F3C18438D}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
5044	msedge.exe
5044	msedge.exe
1384	msedge.exe
1384	msedge.exe
4884	msedge.exe
4884	msedge.exe
4364	identity_helper.exe
4364	identity_helper.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe
5544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe
1384	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1384 wrote to memory of 2168	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 2168	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 1736	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 5044	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 5044	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe
PID 1384 wrote to memory of 3156	1384	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.dropbox.com/l/scl/AABceSUyf3gg9nSuPSSNaRQzV9Uy0-1bGK4
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8acf846f8,0x7ff8acf84708,0x7ff8acf84718
2⤵
PID:2168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
2⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
2⤵
PID:3156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
2⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4948 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4936 /prefetch:8
2⤵
PID:3548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
2⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
2⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6084 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6128 /prefetch:8
2⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
2⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
2⤵
PID:5480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
2⤵
PID:5752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
2⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
2⤵
PID:5244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
2⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6432 /prefetch:8
2⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
2⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:5400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
2⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1884 /prefetch:1
2⤵
PID:2284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,17769619200316108278,1846181918291797909,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3076 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bcaf436ee5fed204f08c14d7517436eb

SHA1
637817252f1e2ab00275cd5b5a285a22980295ff

SHA256
de776d807ae7f2e809af69746f85ea99e0771bbdaaed78a764a6035dabe7f120

SHA512
7e6cf2fdffdcf444f6ef4a50a6f9ef1dfb853301467e3f4784c9ee905c3bf159dc3ee9145d77dbf72637d5b99242525eb951b91c020e5f4e5cfcfd965443258c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bec3b512f16b9fe2c30946117e8e8356

SHA1
dadac0f2e69ce2bf808cdc49e7e35e2081fcb2c9

SHA256
8212588b52ff5ffd3bf29df27fdf081390ae877f50f1d6193b44f91de0f8dba0

SHA512
6c83b8569b6a691d2d113e1a7c07017c2c1c0e7202ec3411df518861a337f181a60b828162049e1ba055b032a6c9cb32bf77ad8b991fabe074b931f92b6e1ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c0b97a7108c6e6075d8d7090f2330daa

SHA1
5927aa6671cfac7d9649d7c9d553991e50ff66dd

SHA256
7c5a71aef0a96254b1639bb7650a60426496eb205adfd642b92071118ade9357

SHA512
a4b62d9ab77e36da5b5fe8b70f69fad801ae82737b09094f190f5448f7540987ae8e13aab730ac0b42dd3f73ccdb7266167690c10c68c11c0a64ad9b99d0dd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7293f35870148cc12bc09b4919bc33e4

SHA1
c37f3802cbf8b39dfd8754d4c064bc0f7d337429

SHA256
88b350b58c729221d870c1987889d429af4ec8a117667e3714f4464a67bbe433

SHA512
b6efb28012ebdba339cedffee1e1f431a83625e865a584aa6d6c04bc957f27da41b4ccf2d3a36887df27651b406127d49667bc68e888c92f78417dc169b23508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15bb3190512f4ecac3dfaaf24fbf3e1b

SHA1
950435bf4ae1b841b56b3f7631278f27a3777f32

SHA256
7ca61ea048e1f6b93f4fb0eaa41799532a5324c9a5faec49e492edbab9167881

SHA512
dce1c40bb154cf17421e5bfb2908cc0872f4986f6a453be56c6055f3a4a6bf4343e3a50339647ddbd6e82273ae047107b2064a6847dab5b4654fde47390b2b6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
898d0b1090c9a20d3a9619b43ef2a99a

SHA1
f097cf8b6e716163ba5aaa706bcaedce188fd718

SHA256
b3e189a206b360f9556340435acdad24ecbba78d1943840ec40495d55f216825

SHA512
5971fd16971891a66ea93b96cdb0488f7dfce272afe24cf057020da41a6cd3629ff80afdab6377a641ec3833d7aaeb0d1e0e70b67f02a18e253b18ca98c2751d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d114403e076a57504552345bd8a419e6

SHA1
3d25f845345c39b7f83a6194a17934135b44d135

SHA256
7a2c9f000324436403d8ad1e19d7d24121caa01971d742765db7cbce61ed404a

SHA512
3839bccb01c3221ac791cad6dd00e81cb8dd5ec8526c5a79e9d1fcb8887c4e51fc6767be7a73d98f2e410de8c17fa261ce463c6661af22e10fe2644ff07ecc65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
67d93ad5ac84cbd13f3b009753dd618b

SHA1
61c246cd9e57ff2a8500d51a4e2243faba3dd2dd

SHA256
c6e45e63c45c5735a1855e8559bf7a6ad193c382bf3dfba93470f1dcad20c49b

SHA512
3ee63a244ee671449f886b855d26c43e81d1f8ff5921befe4f18de00a13dc11dc14a1d6b086583478fe4c713b0e49db59a6f7483c1d8381d52429b9b1c13546d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b0ba6f0eee8f998b4d78bc4934f5fd17

SHA1
589653d624de363d3e8869c169441b143c1f39ad

SHA256
4b5ee509e727accbd11493dda2c1d512e7dbfaff66c4f5f7ea9c2d2ccd06151f

SHA512
e9a165da246c6b80fc38431538203cf03f95794184ff63f00c9500f8919a2028b803f64b670e685185eed72df0509e3185c9b434fdbf2bc7af36021d46bd08d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
bfc2b5016fa3f372def0e792de24edc7

SHA1
71aa868c25ef41ee5ff96fa85af686a0d7779d3c

SHA256
d44a24b69f30082797e5bc9da85fc4326124243247c627392a24350d31d5f42d

SHA512
25be2d59120932b0cf5821bfc0f43b5002472173e3cde72cc758d4ad59ba9a681827071c31e2b444a3f9ead7d73a7c92891aa61a72bebf144c134cd0a2f5433e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583ca6.TMP

Filesize
48B

MD5
8924eb0ffca036f6bf865fbb898c5f25

SHA1
13b7e8c9ca0a0250be34ec02fa510fd0f50e7b45

SHA256
d8997de1fbc97e022b42f05049f8178e914a21a695bc2179acad07744ecf280c

SHA512
5a8c58ac2286194729eca60ed919ff8445ecc97fe2886529b201285f6bbea1109c1435360cab892f43960d2474afc395b0ab43c32f1e1fcfc231ada28e56e0eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a4dd182ad7fd4e8c77ee1f83f20a7f8d

SHA1
579388dc66f53038b7cf1a46c4e5a177c2099c8c

SHA256
a42d731141becd678c130485296c72c89bd610e882d82955364bf2c44db61359

SHA512
ed355f30d13d3e1d194e3b7478f675f062c9067e7f376fe36c7d4e57115f1a23e92341cfa27c61f1314783b122dcf9ef13ce6381021ceade644e4c9b1632b43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fb07e30a527f29713a084c2022edcec3

SHA1
225832a93153bda9bacc867b245c8c02aaa1f9f2

SHA256
f628a55704f40ba47cbf9cd2d51b93d4d6bc05b8c1b4bc1e5cf5558eebff8a37

SHA512
27e024034b90fa6153bbbff22a6f2dbebe2b04fd333256db354cab7a6ef2ca6ac876267a408d64b7003e4dfe5924172c7151e40f8c676adb154bcc914512762d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
014aaca312cafb645eeb5c27e8ea82f7

SHA1
4bd76c84533452de6f1dd9550d413c4d047ce40e

SHA256
5a043edc24f16127b30f2b813ef6e86f787e942b4190344115ffcde968456650

SHA512
8eba771e979f3e89aa91ef98998afb68508c676f970807ede81b848ed57f52b6d3ae20d759dc0bb03b2c0ad7f0d4818dbbabc46dbde67c501ac98166a8aaa320

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5f15d3736a61a9edb2d5b9e806dce042

SHA1
bb58e500155f27d267eb6185f00f33f62bf3ad7d

SHA256
a3b1022202dcbac48aa894eaa8ad00d11bc0df96e5aeeea81bad5e87164e77ba

SHA512
458126b3c676f5981dba28425d059f68c9d4cd1f2a247b3008f7e6733a229165b243b32c5ae92379d48db01644054d4a97db2466bc156690986e4cdb87a69d02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac5286595ec8adf9b0b7a1a9852e8c86

SHA1
9bb29511a1ac46fc54f020c12c2c014d2bec18d7

SHA256
acf4277cfa56f121bbaf34b3df5607b4de79c1b501d8b9db247de7fb67fd7b07

SHA512
1c06a7e8c76dac5c6d936eb891925cd847ed79809c5d2bbe196023cf8ef2b6a83f780b451a9d8ef4485addcec34ba95eba16fa782110450f3f099025e99e41d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
13ded1fce9f85d2196680e209cc8a675

SHA1
0aab1d1236dac4ce26120deedd30060ea08e1f17

SHA256
58b07e9d7dc2f63033792b112b84295a92383dd6d23ec95bb89420e78d74e223

SHA512
28faa0bda10a20d49c84966d4770e2b69bd0f8a31440a94041fbf2b48430965bb6da2a45171e3b6b78d29f1d0f01d02a0e74a2c9fffed649ecd1f9cafdf42881

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
67cf96143a830eaa6b496aeef511c6ca

SHA1
8691a458ab36be3239beb52b874a65e018f32875

SHA256
77174fb47bd27da5577015197ff0a7171bc56aac7e9280eba448b683951c5046

SHA512
27d5899b3332422fd534ca0521d693058b126ca82dc94c7aef8e79bdfe9c6b84f21b66d65b6a81fb1ebb4fc74d1ba446e89d66abadf17c7750cdc633388e7acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
c8ce74d6dbccf7c5315616630346fa4c

SHA1
4f0000c26019a6fcf07ef3a4c64a8b29825948d2

SHA256
39327dc6eadeb5dcb85f9f465fedea70b3eed8436ca86b091c6de3906d66cc34

SHA512
0d3ae51c6eaf2afc57d4db90aa33a31e7c7291e72cd6a24c4a8960fdb6c69fef2fb0d200df100ba0f6487b733b80c62fedbee30f292d2035a187696129931e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a9fb.TMP

Filesize
371B

MD5
1203fb9ac64a23891db5ec662dc46684

SHA1
4e11b86889fa0412ca63615d0105ec763a2f38b5

SHA256
5ffef5084cec231970171c528122204113149ec5fc3b9f99a401f3346958d806

SHA512
bf2316917a614936a813c0a50f9431a98a3b5d81f77b9e3c7e6ba0dc51ed6a81dc417dbbc2b7df57e7bb51b4e100780588842943b1419432884dd324841b9489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
43c941cf058f7405eefb441498db9ef9

SHA1
594ef5f6397e651a9d90dd7d390f9c1a9beddb19

SHA256
6a2b16c4d5392d7b1463e2e37ab3838aa00fa058d76caafffff3c5433a423255

SHA512
2a03d873b00873c8e26c1b40f9dde67b7cbb70b7ba820b75ae7c60d9cddcd8118e3f0df7766361c1bf89f1bca9a7c9c6798ffe9c8b87865d7cf4d11bc2004473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ee35653249f92524692c434895aa54a

SHA1
5d73b2c3cb3a3e16a2e62ae90e470fb6ba2f2346

SHA256
da930513b7e4237305ec7f3ff37cedf30d265372f6c1497bd98c34aac85e7b5f

SHA512
5c55012b929d95683c97b3446c4ebde7e3ab58c231e922c2f967f7ead959366752f4b5971f04e49979ceeb61aaf9df4fc87f4977e4d9f6c4e404f5d637211d2b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_1384_MZCACNCWJTRIQIGQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit