hxxps://link[.]mail[.]beehiiv[.]com/ls/click?upn=u001[.]IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs#bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://link.mail.beehiiv.com/ls/click?upn=u001.IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs#bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3236	msedge.exe
3236	msedge.exe
3108	msedge.exe
3108	msedge.exe
1056	identity_helper.exe
1056	identity_helper.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe
3108	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3108 wrote to memory of 2132	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2132	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 2256	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3236	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 3236	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe
PID 3108 wrote to memory of 4988	3108	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://link.mail.beehiiv.com/ls/click?upn=u001.IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs#bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc0ddf46f8,0x7ffc0ddf4708,0x7ffc0ddf4718
2⤵
PID:2132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
2⤵
PID:4240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
2⤵
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
2⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
2⤵
PID:2016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
2⤵
PID:1308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:5228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
2⤵
PID:5624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4180 /prefetch:8
2⤵
PID:5788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,5752353047153452867,15420801764513268258,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
f2368955b9d55b3103f86928351d9a8a

SHA1
e9fd681a515ffbdbcb8f3b2b5550985803f6e3d4

SHA256
3ca6c4373e71fc7af318ab267a2e7d2a3e8dcb345a3a7a9fcb2e986934994953

SHA512
2dd2a33b932e50a3f278b639f31a79df77da883b343e268402185bd8c0a22710a181c15680dfbdb062615bc78e1d7d2ccdecde708f3065dfead369c25ac86e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
5463297914a00d35544d22eec369db00

SHA1
14b3fb97af73a26e09ae71c763334772f54580ac

SHA256
60d64d199135402663759226e21298877abd5d92a57e8af0fe1675e5201a63ec

SHA512
842819321e64606ad76861c29d5bf9cef49d43b133d1d72a86ea76bd34a6839e2da1cd26f74ff65ac6311ee96357b22e49e952091a61ee09da322d1851cbdaf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
3777ea0f8895c54662f2acbbd49209ec

SHA1
56cb474ac1fc55d56f1bf67e81afcc2c951f082a

SHA256
8f4a2ebf1a08d18f5d0af944ea07dcf23fdfe1c3b64ded6ab4e8dec1fbf4f48a

SHA512
ab0a4ae3f7c4b1ceb00464d86b65103af6d4d33553ff60c644379b75cb2c80bddcfd21fba70ac3a3263e61b5e099571fe771d2ed358a5a206bdc362c1669c74a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0c8efabb5b781b71173dfc69294a8b80

SHA1
ff4fd18fdd25fca086d33b06625d2ad7d5cb548c

SHA256
37eba046d9bcdc0269cdba4757a245c73f397186331461cc445e7f278404efcd

SHA512
717c64758cd0c12d28e777f60ff8d971b44007b938383116e2fab0e9fff8db2424bbc8684e2d4364f9fc6d8511a4969c1cbae67b92f47ee773e5fcf5e7395399

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
d0f4681920de86cf99c6f9a6bac7b5aa

SHA1
e2d12092085a60e2f28cb16bbc6a22911ec5faa0

SHA256
36126ca6409a6f279572e7dd526c9365317e2e07146113803ae2c43588c1f60e

SHA512
92cde229191cb7efce0574271ab75727d50347ebc24716b05b1599c8f05111a678e2bd063db5b8b6ab9f7142c4d3e26a977e1dd7faa303a8cb842c65d9e7c653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
705B

MD5
5f9ec1ef1137995c8b8f42e73c555660

SHA1
1747aa3c09056eee8b15d682e49e7f13346c3771

SHA256
5b74b8a6796fa944174a593e31ba6b6e5cc08347a8f87f1381a6e85a1a47b363

SHA512
4f5e15280148c639babf08c9e327607b8f6b8fb8cd6b23714d70805fa505513a69c44ff3d8baede49a8b84b228b7ec58318d2f261f4fd24a89a90b733227f91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579d3a.TMP
Filesize
204B

MD5
b4ffc9c18ecc0a96f25afd8c7e741a0b

SHA1
42732813c8581c1e0199d495d910deea77472e67

SHA256
f03e41d8371e578a53d4e6345fed4daeab13d78b21bff7d0eb3b880f8972b843

SHA512
78ffc627fe8ef22ac2d4221da7f3098ac8cc12144eb84b57e07e7ae08e2624c581fc243b759d9a5028b7d347cb579b6c51824db22a7cdc9586b7488921d52eca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
8d93d188c22c86ca9f7577785fc8c9ec

SHA1
981201fb963954bdb10b08e10a35f398fdb7623c

SHA256
49217bfe5c8f7c92ea009375d27b2751fb8b440360c8e1652140cf2d007254c7

SHA512
dac971452b6bed5a385e88126b4baab7d854c9ff9a4948487aa2d300846bb636b15d09442b1cf00e8f157c06e9aa63515cb9094bf892060b7160f9a5d48a918d

Download Submit
\??\pipe\LOCAL\crashpad_3108_TXAFIDRYSHFMTEPX
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit