hxxps://wetransfer[.]com/downloads/e97c58765c792db7b396942d30716ddd20240315164031/919b47a24e5f075239c0b19775b5e39820240315164031/d61614?trk=trn_tdl_01&utm_campaign=trn_tdl_01&utm_medium=email&utm_source=sendgrid

Resubmissions

16-03-2024 00:05

240316-adbbraeg91 1

16-03-2024 00:01

240316-aba8zage42 1

15-03-2024 23:55

240315-3yetwsef31 1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
16-03-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/e97c58765c792db7b396942d30716ddd20240315164031/919b47a24e5f075239c0b19775b5e39820240315164031/d61614?trk=trn_tdl_01&utm_campaign=trn_tdl_01&utm_medium=email&utm_source=sendgrid

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4388	msedge.exe
4388	msedge.exe
3700	msedge.exe
3700	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe
1300	msedge.exe
1300	msedge.exe
2848	msedge.exe
2848	msedge.exe
4276	msedge.exe
4276	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5852	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5852	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe
3700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 1708	3700	msedge.exe	88
PID 3700 wrote to memory of 1708	3700	msedge.exe	88
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 6076	3700	msedge.exe	89
PID 3700 wrote to memory of 4388	3700	msedge.exe	90
PID 3700 wrote to memory of 4388	3700	msedge.exe	90
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91
PID 3700 wrote to memory of 4972	3700	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://wetransfer.com/downloads/e97c58765c792db7b396942d30716ddd20240315164031/919b47a24e5f075239c0b19775b5e39820240315164031/d61614?trk=trn_tdl_01&utm_campaign=trn_tdl_01&utm_medium=email&utm_source=sendgrid
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc4718
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2416 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=7164 /prefetch:6
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6996 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,3862426297966040574,1706488167709601919,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5456

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x464
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\97957a47-587b-4d0f-8ce7-2667a7963bc9.tmp

Filesize
8KB

MD5
a19e2ef2f6369695d9f2946a7791ec91

SHA1
ee7fe3484250073f3593de7f98ae715507a0a244

SHA256
3ee48bb3237e084f8c417cf9ab8e30fe8d461422c5ac64d9824f59b0edc8a35b

SHA512
3381cabfb8b3ba1bf18739343855b870b2ddd8237a03fae4ab0e45050b596e33d7540b562aa8dca4432ef8388b5e27f6ed6c50314c90c173645021e063eab566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f1914ed0df43293efd3c81d1db0fa898

SHA1
01e2d001137e8b9f8f65e2ed3dfd8552944620b6

SHA256
e852b1cf5ac1e67fc3d2f4b461344180ad7720c38dcb92995c40b6021937f9e9

SHA512
932ade791910ec48fbe07d2c29934f92cd3c95f0c7ce6bbf9bc3b2c987919d8ed543056063b57e3a9a898858585e8f225b2238b60fd79fb38c373379ca5b4882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
9d533594ba3c16d96749e8db0bd3f416

SHA1
5bcda8683ee55b842bf897863c45089bcfbb1c21

SHA256
ef79994f470f0e5965817f27be942746f1ec34796ab6eef343664de9b76e9ba1

SHA512
73e51f379a3d65c16b31780be65b0ec045ff7226a7f4423ef49f713799499affc41b4ad9859d47b737cb13874e6ad071728b4ce18063d2431f7f1ca1ec09aa41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
1e509d488bce03b49f48060e0dfd9f16

SHA1
da1b0c84018a8ea82c692f8ff47a5933bae642df

SHA256
aaf352a595ca14b080112532cd4fde0a25fb4942cd011a540d34fcadfdb3bfcc

SHA512
cfb9289bed5121e1ad832e2a10e6f2c8f3eff7ebd33f136926230704cca37d4872e80cfc9d07b86cba84048eb2d9877750dbe8ce0dec49db32840d083b2fd2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
97a179f70464239516d7ba0d7ef57598

SHA1
1f43d48faf26edd0772bf2a6071473f941059bb0

SHA256
7ef523fab2e90cd8894b1296bd664565d21e35734c3d884829fde53cbecff3c6

SHA512
2c07e5e1edc3e03955a21cc8b00cadb861ee2b414a091c1d4c17ce4cd4c50befc88cae924c53e3b6444806949dc4f6cf1d9f4d9283610ef0d9da06dc158a0708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
806a4ddfe5946b71f2620142fd3f4154

SHA1
00b63f551ffbbdfa53695ddec3a4fed01ae2fdaf

SHA256
1e60fa26db452d82e713d90a144f43375a630a5e0d5d9eb07a5986ccb6327955

SHA512
d1e3679332e0c14232a1a10d5248638b1c7d3035f86917ab93e7f078aa0b4209617987c3dd2c673b776d09f180abb2c174755722cf22af637220bdc0ae2af5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d30d0877aaf84e572e00f5b1be742fff

SHA1
b807d6c70f14badba56aff5301b61edda37b76c2

SHA256
7e4885aff8f030974bb9a1f2949be56052095e4dcdc2263f2a248c9f8bf9a55c

SHA512
090b7c728f240e5a9573987f95902de44049bdc50c72210901a3a846438eb4462f668cb0d69e9882ef3605c173f9e76299610f7c6e300b4e1322ee5812b35ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b60d3f1cef37d665e74342c8a1365c1

SHA1
3cd084e97b0e86ddf50575f2c3aa0f43de48fbb2

SHA256
43d208f1ec61ca4ffbad9ac6da0c30596c6a3b72599b223d052c5b7d98a48f98

SHA512
404ae33913f706c493c55585466a39990c83e697487b67a862aea49d5d79127cdedfe39f0fd6cc034ddbb4d3bf6d30c823cb8497e3409fcb1a62bddc16571ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8f1ef3b5eabd44eefcc9cb49bc264d54

SHA1
fad67289d9807e4844307203a69a9147215a5c15

SHA256
4194b5fbe69cd225c87f86e588e8fee90667ee8ed46e86cb9cd5e95cea7c0b76

SHA512
c5ef8a3dd5ce79aa7863d8b44903774c47dab4f6219b9779fed8871b17f720d0d89d1dad12ba1b2c6eea382b2944157ba5080ff63596c4b881b400b7f5d7417a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
93a5ae899d9ca85664e29a44baf80131

SHA1
8779a5be4dd2f0957b277901de67dd248bcbb740

SHA256
d2575473d3fd1be5db49ca139b22ae38895e6c19b656dd0da0e036562133e924

SHA512
6a3b985b77493b31b7af83f845131ea9a9e378026f241711c8b623d22ea332171ed3e9c1ea45c7946a43b3cc204a3f90febbf29d7a40c976450d8929fec71219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3805d8ce48af10b45af5eda74404f976

SHA1
ca86857cb03021d443608f1b0e40cffc331ca14b

SHA256
1f5bf93cca1d89b4ad2cfab111a1ad75c6bc43fac5aa02d2c715e302f9068316

SHA512
1d62bc0186614d9b872d8af0e0354e1255b6e5b2c8a00d8b0a91e33c58f4e207c9ebd374bfd2f074ebf95902b9c88f68a3b964ea4ef6026de66c811fa3ef9e3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
da8914b9a2e4f09958540005f19000b7

SHA1
469c18be3b8886e2c5e54e542881dddf6bbfda4b

SHA256
4185018100514579f3d85a659bbafae4464fe6f7f9d0b573c614b8c927728357

SHA512
4be874f10453fff3339576b199f88c28167c24baa0185b480de290743cc16fbde8c108f4df7084adf762d72b482870760df6337da9e75b63ca319a4571f25bbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
33a5ae51959cdf446095865b95595cc5

SHA1
5ecc575d36d6940e88bbc5f456b9f5b135c58ceb

SHA256
9caa8ee341cdb27fdd12381752d3ea64ee410456e5bdd50bd2808e1a232e77c8

SHA512
f3a52b262e0e85c49028825e23c68044475f63bbf16e430af3e5a4c41378b868f16098a3eac27b2288b57be09441781ce96f7565ff160f98586ceec8f546c0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fc65b8720350a16fa7c2986a7fa201a4

SHA1
0021d374d394905229831198ca116f055fdc6c7d

SHA256
b4dfc14a98f2d09bd7b680d7c9ee464581bc8333e218ae686dec1190bc92ac66

SHA512
0530a2ab34b3fcc257d175fe32e4d89c69bd5414e139897d0d7323f9b49b6acf3eae2e5b1d5d35bc8ce4f5246948bebc900559bf6703182b9ff749a3d0e0a54b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2f2850b4eae5017548b164bf9f1b70f2

SHA1
6e1da7291e8d7e9a3bd52bbf73b8a163da60102a

SHA256
810a9d13b8564633e1478da3f7340fd796e473dc410a181975dee217ead4cac5

SHA512
7f761f9d7ca30567bf59f7f5ef7414400f58c8968bce5defecddbfa54f9ab154956b62ca0809f9906e1e25c7c414faf68908e111f62edecba17d5ed684e3f26b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a21a21358301c25eaaf79785762a5e7e

SHA1
533bb0f5b9ba7c4bbbce86e71e8f5305c7451d25

SHA256
50880d918b64795f6d21312918248cc6ad142493a95afad3005ea66aa200c3c3

SHA512
47fe75e6ff95d1887af5f2d7236cdb5eb574d6be5b62798e5974c24433ef0c79ec2dc72200ff8c139b5b398cdef9ca48d8a4fc8ddb85baec22ee2128e7025cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d244.TMP

Filesize
1KB

MD5
727c5f864f065fffea20cea8c55d9c4e

SHA1
6008e0e2f3e939d71bda44f436378e40a0f465ae

SHA256
8875c38e52b374b28d92930ad1cd4798fe249dcbe59f0091e97e6b95fce3acfa

SHA512
d6e0cc4d7c0a0d442011f8ae6efff680780c0ad597f8cbb1fc0f7f93434a0920a63aa63776ecfe94ad7c3d7b223532ed6f1e4e74b5490b1cbd0ac61824f1ad73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0bd00635756ce935fd78b79c09f5b944

SHA1
84c8530fa246d87760559db7fcee45320385bae1

SHA256
d55a2b8b5acf7904b450ea721538fecefb49b4f47a90ee72cdb2448ea6bd4572

SHA512
3df459dd81fbfdf156824d65bcafdbe1e1dbcb171728f3a917509abf2af786569e6eb4624f6d571e16ced9deb80552a8f838c0545a9ad4291b1c094ed012d459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fe1dce47486aa4b07e3e4fd10ed1c995

SHA1
4798ed80b6b8d258ae1906338e1fa14a70eb56c5

SHA256
2b71c268f420717b8d479fdc5b152a58f02c3d1b6f76eaf4cdf41da46726717a

SHA512
c126b38e3105a9d401942e3a88b1d8b16855397b3cdd10fe7c9f425488638966a938b9e1884572261f6dc0b626f8627a05ab8840de8b0a12f73a6814df2299b3

Download Submit
C:\Users\Admin\Downloads\Baseball-Set-1.jpg

Filesize
293KB

MD5
5b3abc19ed3568714a73cd7631fa0f6c

SHA1
621b4b438b1b2724b024698f89e12955b34c065a

SHA256
72e4ff56aa26fe8005c3b1998b04f066c29e1f11f8b1b68f99cf0756add89b0e

SHA512
73afb561ea0c008c30bb8b4e2bd8ba394bcf76fab85edb489472f8e408422572fdf13c3466610f7423bfeef4e5853e169eee67ed5a51238fa7ed7450bdbc5ad4

Download Submit
C:\Users\Admin\Downloads\Football Mat-Die Cut_B_v1 (2).pdf

Filesize
743KB

MD5
b61ba70e4426186eaa23b8928307b63f

SHA1
227177bd20bb80a4b900964d9656d722592a1e07

SHA256
636512cd17a46edd28aab8969b1789200d808bfe9ff6b2004e6d60f2a4fdcdeb

SHA512
f987a04e79d86e9817971767d21f2597a0f5f0dd6f7d202054972170e2c34367405bae87b9b6f1f747c952276fe1b77b33ccd5a715e8ff9f40291ab8716681eb

Download Submit