hxxps://www[.]mediafire[.]com/folder/9r4hyjcsflg3p/911[.]Operator[.]Incl[.]DLC[.]v1[.]03[.]08

Resubmissions

07-03-2024 15:51

240307-tap6aaeh76 8

07-03-2024 15:50

240307-tad31seh75 1

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240226-de
resource tags

arch:x64arch:x86image:win10v2004-20240226-delocale:de-deos:windows10-2004-x64systemwindows
submitted
07-03-2024 15:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/9r4hyjcsflg3p/911.Operator.Incl.DLC.v1.03.08

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Nicht bestätigt 476960.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
2236	msedge.exe
2236	msedge.exe
4776	identity_helper.exe
4776	identity_helper.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe
5032	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2004	2236	msedge.exe	88
PID 2236 wrote to memory of 2004	2236	msedge.exe	88
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4504	2236	msedge.exe	89
PID 2236 wrote to memory of 4416	2236	msedge.exe	90
PID 2236 wrote to memory of 4416	2236	msedge.exe	90
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91
PID 2236 wrote to memory of 1068	2236	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/9r4hyjcsflg3p/911.Operator.Incl.DLC.v1.03.08
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba95946f8,0x7ffba9594708,0x7ffba9594718
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:5240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7912 /prefetch:1
  2⤵
  PID:6060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8484 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8664 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --service-sandbox-type=collections --mojo-platform-channel-handle=8960 /prefetch:8
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:6024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9320 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8620 /prefetch:1
  2⤵
  PID:6380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9540 /prefetch:1
  2⤵
  PID:6452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1544 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9500 /prefetch:1
  2⤵
  PID:7048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10008 /prefetch:1
  2⤵
  PID:7092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,141423383817091954,9746321932741314724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
9ddc513cc7a8636b2b17a9d18821fe33

SHA1
5b7add823b70e570ad0c5da833a86540c6ff35f3

SHA256
03782236de2e3a75a8050b20ecc9e8eb045be1fcc705a5efbf09ae75ca09913d

SHA512
bddc83e6f48fa7043398de698ac67cc6b6a2add698932a3291905303367f41942e66f10fa9894e9d14c68c66d54d8b23fab7133e8ccb355fdd01f0c8317ef050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
33301079837e1624ec1a335409fb259c

SHA1
d9e6aacdcd50d2078ea54499322ca8c1782e00df

SHA256
0ba1b19bbf9c6f01b051d0478ffdf43b99e051fb127f98fe89c396e3712559df

SHA512
5083f4232608f4272a9daaf7fb514cad4156f96765ffcfba1274650b2fa1c7b7ff881c46ebf7a0a83dce965780503a32eb3f0ef5a044cbc7ff41f7579a143c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e7e7a513f989153761e65e6b4b8de8d3

SHA1
cd08bbd6f88a62f862fca2eef2c0680bef798932

SHA256
2ccefc17dc98a8378649f4c161ea81e0c18050e79811bcc8e3507c80edb58204

SHA512
d4b2951b0df5fba13b330e27a2bf99b152094f9cf44aabe22cc30ba5da141435f03458a2f24b40e2c299b7552d43d84d540748c802b41c2daca7985a6e2e91f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
d7111a88e8c001fde1049fd0621eb06d

SHA1
afa13ee59e1561e2c0f83c73a4c872c92814f352

SHA256
2fc68f0d707db4f4f39b1c9bb7d6795d0d24a5988b4dafe9ddc335042eb3ce8e

SHA512
20f3982fdece2d9a6fa688f2edb2802210419abb61c37a18ede57d93126f01694f0c8cf77e25b14bafca6d319a62664d70ac613b3085842e7f33168eb46e5618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
c97aab173542fbba6f7e605408f3fb3d

SHA1
a8a5487521259bf8426acf3a4989c297045aa2f1

SHA256
183f23ff0ab27d97a04ba3b09d1899dcc97655a23bee9189ca8eee2f027e6300

SHA512
460d4be9207b259b74f799bb5c3052ca15cdf9f3b3dbee4817c181f991be57b03997401fad54f99726c1eab8bef6f17cca29c5f388addbd1a851ac766280ada8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb983c363b58caa05c9354eccc293645

SHA1
e8d141e7069981a0a7c600cb638faa9d3e27f250

SHA256
e06b87303aae96d88aece7a2184c597c3e2d100083ffbeee0a12a3563fade698

SHA512
20473221afaef709ae824ff3a24e680b46b569294ebf50110c1f28f4f303aa988ce4876d4fa587eb3f0782596322ff2620b1c5ec3d4e0ef07addfc856897406d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
cae7d6942fa0d284d4d8b0ddd1cbce14

SHA1
059d674edd4a763f32a344b08577806f21e99563

SHA256
04e0248244ec7ba2025322b9cd97d8635c7845189750bc9402eeb986c48b02e1

SHA512
d91ee0228c8868e43e9d08f033848462fd4e9dcabc0d25c8b39edb09ad45bd56e741ed7039cee9f43bc080d679eed37cc4d17f0533845e22de7f85f6cc80aa76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a3e96830a07121aea121662fdcfb9ed

SHA1
0c8ab5f452bdf8ab14d03d3d70650c9d6579caf1

SHA256
5d6c954e33d8e9d627ee008ec088c0f6031b84e7918ae1b0872e424d468ba9b8

SHA512
68de3ac921ccd746a9982b9fa1ccedb1bbe0eab296900dd216c2eae1a00057f4748d93371d0a445323eef4378165241fc0311259099b8d624c46c9f7c9c9f886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
734270d88a2e85ecce34bac0d8898fe7

SHA1
a10278b4350cef2a328eebec2ce4c1c44b0b7db3

SHA256
c93935d1cb004fa32dc1d33257c3b24057e4fd2207b7dc3969edc203e49a74e8

SHA512
7da88c36d4772bc695109d1f5438dec561762c029b112b0c2c959d206aedb247fbcec6c3d998da5b87ce41c57027a8edf5a97951295ae504947ff15f9d391f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
6a2c0635cfbcca541c36e54e1774e42a

SHA1
5fbb69afc16c1c421e466fac2407217fdb4ecdd6

SHA256
866ada997034ba447930228ec860d8b738c56ea9a4c28d8c7b993562f3629ee8

SHA512
fa7a4852d8ceb2f78b812f2f76d9e6d47077c75203389ef7d7f22ea93486ccdd837fbffb746999e9c23c193ff0fa73dda3bf08ad6141f035092c602437cbcdda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
8e16d3cd549f5fdf73003543b00429a9

SHA1
129e61f08d1b983f323d778d8e84aca9706dec40

SHA256
e3f0c4685f298a2f342e9ff31d2da2e83f345ee060492ee4d444c14857aae074

SHA512
1fba93417d52101e40342f88d744ba86db09de4a0bcf0a257ecd291b73f26bba9b6802a7ca8e061450967ff93b6e77cc828be01ac7b94b753f742d033d765672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
d9b5fc251cedaac61d7738b34f98c4ec

SHA1
20ce90255380db7698b3a00cf92d3a4196731aa9

SHA256
459b38a67c4a3c4a79dcdd04b04b63c048b9318b8ed2d10c4dc587498ce37f95

SHA512
d9728de1bb433fdb503bef19d061d810faf0d9b452f2847b9314babebdf9beb2ff83c9fc62bee454ac4b3b246d2e63d084c7e09c9781e7ef11858c20286378dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
64f0ad66dd7c8b434dfa3263ec3cb9ae

SHA1
4f8ace5396bc31b792c68e6590fe70477d97b414

SHA256
de9806adc5bbedd8366fa69391805df702d0399bd46a7dc64cfe3a072fcf6b56

SHA512
bf952df6d6f4499934eebfb395ffbda20e9cb235a192e7cc0e5c8263d1214696b1ccb0821b246cf89537731f427ae15c7864f65fd641fb7c8a94187f8be26611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ed1b191baab812cecc947f11b17f36e7

SHA1
7c46412a310180166694d0394010bc84dbcfb015

SHA256
c807b9321cefe4901c9555b4df0be8cc133f8c0cc09c20804eaf29b270dc25f1

SHA512
e19af79849ab1e919a5f533947d9d01ace5b29fb186646870953819b48f869cc53344a86888cda4f060c5affb3f88e272e56fc77b6d909971e1deda418ec7211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cb6.TMP

Filesize
1KB

MD5
4032df907aaa6385400e3b068d06428a

SHA1
43398050f59b5ed1c064084d968903978aab8e5a

SHA256
55acf86d5f82401fb5b8fffe7e06611fb83c60a7872c4d7764835f37819454f4

SHA512
4cc3d997e0de82af58c7e1dd2d9fdb80c18d00e59f849b007e9c77f465a8651b1d05f6fbcf71ed3d3bce5596cec1afe2dcc0922a9c3ff780b2779c5392bb9671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0226c704918c21f94735069d8b8925ea

SHA1
53c37b8f72119893af4e5bc702c832509f6134fb

SHA256
ac350b6730ddd082e51911339ed825167d5668572c4e856ea9c4e13a7bfff664

SHA512
be88badb8a30deb2db235977ee413504c79c747121824dce2ecefda12717c55f39308042d95e6d451b7c9a4c39530f8f2b10caaf3b58619c1d306f77e8ccda50

Download Submit
C:\Users\Admin\Downloads\Nicht bestätigt 476960.crdownload

Filesize
16.9MB

MD5
6cef91965267f03573683eb50d459f4a

SHA1
7bfb25ad5de5689b569f8fb9162c66657df7f5e2

SHA256
27dbabdbaa2e3b52cb470dd3053c234fa19a0ab33ad521742923dc81ce3efd74

SHA512
d30ffda00a927d62113eaab9a3e3c3296175095e4176391ff137dd201651a6e0eb433ba98fe5df46a6ccc28d91fa31209cc3323da5568bf1a5b50b0b921b6281

Download Submit