hxxps://cloud[.]letsignit[.]com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==

Resubmissions

16/05/2024, 10:12

240516-l8w3gsff3y 10

16/05/2024, 10:09

16/05/2024, 10:04

16/05/2024, 09:46

16/05/2024, 09:33

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 10:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cloud.letsignit.com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{07891114-F726-4E20-9182-C61CBCEE903A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1108	msedge.exe
1108	msedge.exe
3216	msedge.exe
3216	msedge.exe
4924	identity_helper.exe
4924	identity_helper.exe
4228	msedge.exe
4228	msedge.exe
5844	msedge.exe
5844	msedge.exe
5844	msedge.exe
5844	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3216 wrote to memory of 4304	3216	msedge.exe	82
PID 3216 wrote to memory of 4304	3216	msedge.exe	82
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 2948	3216	msedge.exe	83
PID 3216 wrote to memory of 1108	3216	msedge.exe	84
PID 3216 wrote to memory of 1108	3216	msedge.exe	84
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85
PID 3216 wrote to memory of 2652	3216	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cloud.letsignit.com/collect/bc/63ea7e4610f0bb2ebf2ab929?p=EGf6L-_TO5Ll1JbMMaZI0zjUgVis4Ptz2E1sjWgApg6ZBahB0N9Dn563XAmsHkiiihcSutVJMn0Rnta9q07_QWO4Wb5FeSm4adJOCGhdy5tEz_xJUoYQqa6j1WOskSAyZMiWUwPo8UJI3EZeqfCz3AVHpATwLnM5FeMIHV_ejTM6rNkd6DqVKK15R0_k_GnM32vBxQ3l1oJ9--hiY8XclET6LsnIADRvVgADXmZrfNRdeajQu1rS161FOyrpDqV3tZEQESktuzYv1q2hMkXyag==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff467446f8,0x7fff46744708,0x7fff46744718
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2020 /prefetch:8
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,8790816119221937202,8273971469213267231,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3116 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
d6d6b15e2b971b3f41c58a4f59796157

SHA1
10d8a245d1a357bb7fbbacfb09f217f89df1ae27

SHA256
8999143a48fce9c288a129889ab58072c2aafa4819f2c7f018c807fcb4073a0b

SHA512
8288b6074721322c23d09914f23d8eb5be37d76afffd60dcf5a92ffe36c433833ec5b7c88e1898cf99453aa99c6372e07e841bee8fe9fee69238a0e7a0b72335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
39KB

MD5
7ecab4c95d4bcf1da0c9c66ac48cc49c

SHA1
be73a637d930410e346d745b1f78334003fbe50b

SHA256
69a66b347ef64badf1cea465fbcc8d4c32456fef2cb19e66041f4496566328e9

SHA512
e19c420d3377f294c5fb5ff68c7c8ec8a482bb524e51eeca409c3631554be4ebbbc70c8959d834ed85924031cbe518a8e3672ee1afff349ae6a332f654791606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
1.2MB

MD5
6419b5f60bc594c792974f02862e4c81

SHA1
64854cd60caa5cbb3257ea79319cb6d941fedc6a

SHA256
9b6671504152b77b40db54ac9d92e3213de54eebc7da4c4d67a5162ec2d35f21

SHA512
f0f061a9773618b4536bedc4a0ed03e1c4d95fecc25f0248ea57dbf7e9ae1dba1685c1087db4675877b35fb885460772d6c01bb71c88e13685e1674225e5a7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3d83be97a0c173f3d3d339287bdbfe23

SHA1
965ee5aa19449f4a48c8d042fd0dd5443b462559

SHA256
2fafcc7f12640d827cfa47cd004c82eadb151cffbbe6c0d51b3efa4de28ed77d

SHA512
d7e2e94ece59fab10fa473c35fd564e0be010446dbcf59f2ab68bdf5c55b3830a1998657bf811cf160c1e80b501f45e1ef13cc1aca8da11e3f81c2bafc567990

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9c49dd4cbea5a570b94075f66890e8ff

SHA1
d5fcaa455ac4d09f7a57343219e962034b2a6835

SHA256
4a00f251a5fe013316ce8ec4d3a655d8c347a9e884c4d27bc11bd5ef0d169d57

SHA512
6a2abf7e3939d087279b391f74c86ce4b25ef6a5cd115ba50de554a6ad500da2b3229b287a6d5ba43ad6c165ddf1066c047fd3a761742ba626d6e7aa97ac1e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
afce539c23d5320d2e8238bc9d65de4f

SHA1
6506bbfa286d41167bf3e2ad1862b325a1989fca

SHA256
a6ef55331da3628bc6c2450acd537e5b638fdec4c335df694c6fe85ebf6bb429

SHA512
1c228cf78ae284105bc1280b144c2adc11ceeeed496a9f9ca216454ca9eeefd86cb115853a5c5180b8cf1f71c43cfe19154ffbdceb8f46bfec08588738caca6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
3106747175f5fe6b562020c49a55a564

SHA1
3754df1311730ae02a6b455495996f722e1ef3d6

SHA256
35d1a7f64d032ea5db7b457ff6396c004c17b15ca7868174df6c5bcce3e40ae9

SHA512
c4b0fabba941b61924a40779b7e801edff9a679a3473360beaf59b2d3f4516d17c21f441c22d98d7607b0f0d47e0c3aafa16f39989fc3b2e2d6732e563e51bcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f416482806bb6aa18961924e7214210

SHA1
ca6d9ca7033507b4e7ac86d804db40f4069545a9

SHA256
72ffc58b05e173b88e07325a74d9d4888ce8bf0af91a21b455dc21dbe020e78b

SHA512
f64153788cd4be37701c14afb81ec33c0ddef8fa8d367e79615f5c924db1d73e88df2211cd2c38845c55ab267b2ecb6856fc98ef71e1ed8b61ec4ceeb9d373e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a94e72042ecac8838d1ef7521182cb36

SHA1
93c228f03d7c65274b7e09853ad42d7946bcaec6

SHA256
19b906528fe657739633796340e4da8ac995e76b17ac28d29c8688c5916255cf

SHA512
80053960c57bd294971662e3ba66f18fdbe2476e8b9fa6579cb811123eb581bdeb29048c4b7e2fea3f630eb2415fea4056153612f78fd2ef94c2bac7fd84cf3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
26eb250e684e317a309b21b90d2b7a7d

SHA1
b445fa17e691e8f692370eb7043a4cf49c195fb6

SHA256
37cb62f4b4ebf74b80962696f30f37946b33802f9112c3e7db8948895b734349

SHA512
84150e93c805a1a1ff26d7834c649d4feb0cabb3bb7fc685a6c57fa908c0a435619d8b72eb56f0501c5fcfeed23620ffba1ac44ec06a55264d3458705bbf805f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
21f6860a7d822f50f94cafc709a401ab

SHA1
b8280062b458f0a0278f27c045657d17f12403d5

SHA256
7fdde7ac0513e4fea202bda9288cc0cf525641a18862da71edc45f43da1405ee

SHA512
714704f7f8b295f358de9399ccd81c6b1edc68f71ddc755895bfe4e0f33a83169144355f44ae38e3a629ca074253da5543cff3ad42a09421ff4775e1a51e4466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b86dc6f0dbc629353b4ea2c64a0ba81f

SHA1
4df0b15b110e4be439ae2b785b23c2ff372fce95

SHA256
7da02ad69e1056da4a7cdf30910a2602421455a7e8981b1ede6bbb9a807b8fb7

SHA512
1ac44f58bf5832d3dc61b590ccbf18204e6031d1b661c43e45b4624cfde1b7bf039fee68fe19a59a9a330123e3a6cb4296e74fbb7d329477fe124d53ce3a4f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
395e529222d061769de577d4b33a14e6

SHA1
7c5767445ab0f5a358e9fa5a254d96b76ea2e099

SHA256
2273a203d3c56360c0fc7d310d8441f647bd71f75afff221cef5e9a5da911713

SHA512
aa58c23f392879c267133fb8085e1fc670e63965c38b61d57e1c9b29c7f4c26ae9623ebdf9e362c984efe6d8c37f7d62fb09144d2c5aa670a39518da30a1c5e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b20aa8c26fcddeeda6cec58c51dee1a6

SHA1
1597f049e9566de5872e131606116ed2b55080dc

SHA256
86bc30a6a83d32d3ffbd37ca1ec2e133774633e87c260088c344c91589606d88

SHA512
3d53c21755810fbe585916546d5a8dac8868c33a5880c8124009af54afc38d0918c962ed4908cba1ee9ca1c1b22aabb21f0dcd22e485adccebaa092f19922b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e170f6fc7adfd8028889156746d90e0

SHA1
265df419e8e80f3e74eee1050e913966e0789f22

SHA256
c24388f5f2ca21c80cca28506422fbebde6ad2c4726b3492c880957f2ae259f0

SHA512
643703fd6853418186937f352dd61a330751203a1c3ccafeec3ac79a1092cc0a37879c5fb595bf58a1cae3d93f5aa9090e72caba5ae3c35380be7d364ca0f98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b40e.TMP

Filesize
873B

MD5
68b414e486abe13a3709ec508cf8dcdc

SHA1
9a65d91d5d69da150efd9dbf95e39310bd9c571e

SHA256
03f4851facb493dafdca49e64de42e98e7617de24dd81e00e8e7749471e72ce8

SHA512
6077e817a33a5f32f3ffafd0b6794efcb85e863d51f19d90b1e5baf430bec687cb330a295b50f6a5647aa218e9e0432440a961b9ba2fa063e81c9893c1d8bde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7104960cccc98d448c7e805c83153b2

SHA1
4252fe4f01f063a52eec6aed3d3730f63e89cd1c

SHA256
5c68e4a905d8aa513eedd32312d5c7676d0460a5e0565640b40ae1ead25fd20f

SHA512
4320b16582acb4dcb0cfdd92a7da511a7b25bd19004c9e2d018cfc495bb422e95c168eca9b7327d340e82d3c0e896ddacf160c845e957df826c1a4e9d05b821e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit