hxxp://dash[.]cheerax[.]menu/loader

Analysis

max time kernel
145s
max time network
149s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
20/08/2024, 01:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dash.cheerax.menu/loader

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-970747758-134341002-3585657277-1000\{98CD6D02-49E2-4513-8A05-ADDEA57374C7}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
2656	msedge.exe
2656	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
884	msedge.exe
884	msedge.exe
460	msedge.exe
460	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe
1432	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe
2656	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2832	2656	msedge.exe	80
PID 2656 wrote to memory of 2832	2656	msedge.exe	80
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4808	2656	msedge.exe	81
PID 2656 wrote to memory of 4296	2656	msedge.exe	82
PID 2656 wrote to memory of 4296	2656	msedge.exe	82
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83
PID 2656 wrote to memory of 4552	2656	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://dash.cheerax.menu/loader
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb12c13cb8,0x7ffb12c13cc8,0x7ffb12c13cd8
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5992 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2560 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,10813008733771376914,15197075835122641132,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C0 0x00000000000004D0
1⤵
PID:4068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
70KB

MD5
0f6e110e02a790b2f0635d0815c12e5c

SHA1
2411810c083a7fda31c5e6dd6f1f9cf1b971e46c

SHA256
2f7018f3c214ace280e4bd37aabe0690bd9d8d0532f38e32a29d1f9de1320605

SHA512
2f2fb7c4ddfb6abb5dcde466269f625eea58a2c69d25830e6bb24126e7679ec7c83fdb0d8ff2a7de4dd4b994513f5e80813dbf1f5d6a9a474c3a60d8bee74f4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
43KB

MD5
e352d970a4f70796e375f56686933101

SHA1
20638161142277687374c446440c3239840362b4

SHA256
8a346ccc26d3ae6ded2665b27b443d6f17580650d3fdd44ef1bb6305bee37d52

SHA512
b2c95bc6a7bd4cc5ef1d7ea17d839219a1aa5eba6baeb5eab6a57ec0a7adbc341eb7c4d328bcc03476d73fd4d70f3a4bdec471a22f9eb3e42eb2cae94eeb1ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
0aba6b0a3dd73fe8b58e3523c5d7605b

SHA1
9127c57b25121436eaf317fea198b69b386f83c7

SHA256
8341f5eb55983e9877b0fc72b77a5df0f87deda1bc7ad6fa5756e9f00d6b8cac

SHA512
6a266e9dad3015e0c39d6de2e5e04e2cc1af3636f0e856a5dc36f076c794b555d2a580373836a401f8d0d8e510f465eb0241d6e3f15605d55eb212f4283278eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
74KB

MD5
b07f576446fc2d6b9923828d656cadff

SHA1
35b2a39b66c3de60e7ec273bdf5e71a7c1f4b103

SHA256
d261915939a3b9c6e9b877d3a71a3783ed5504d3492ef3f64e0cb508fee59496

SHA512
7358cbb9ddd472a97240bd43e9cc4f659ff0f24bf7c2b39c608f8d4832da001a95e21764160c8c66efd107c55ff1666a48ecc1ad4a0d72f995c0301325e1b1df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a85386f12119fe95fff25d7942c10c3d

SHA1
946589028329724622bf982cbe9cd6afccd8104b

SHA256
5d993176ef652228c97091e9e44cf57100763ca08c28776096af34c266630b80

SHA512
1c806a4cfb45420a80c4f36b2981c655ff0f25b9974deeaeebe99bbcbb256ce299ff056294e944db70e8509a1166607f7c51ba7bb129ef6532759b461d4b37cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d55d3b1f697fbc854734bf228ae97edd

SHA1
239791949eb26927b6d4eecc0ee028825641d597

SHA256
6007439b395741c8631e38b427f80f36ba35553a69a0e2e38ef4ccb85888ef46

SHA512
8b919ae55e86ee9eadda9fabe94107f50a8347d476b4de423011742d51f47dd0cb6631abdc5fb442e776dcdb9bf74c0ffc1136d1699cffbf604ecd629cf7fd12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
402B

MD5
e4ec196d6457664cfc038a5fab9d07dc

SHA1
e5f192ceb1f3818cd04ad2d0f6cbb4b44617e54a

SHA256
8201e6b9e633636a4d1d27c36e35ed81ae4f7dfea9c112051e9d48a1747cf666

SHA512
3cf4c1f53d560eb730a70d7f210183f9f51499b582541a6aabdd1e9d297569c3ec4443e5c39b068715088aa66657a19e7300bff1069dbb8d4c72faf6bfa57788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bf39c8235e89c209b9e8b5e6a0dd1aa7

SHA1
fa83c8e826d400c4b66cb78c427c899f36c28e20

SHA256
a73dd7e7a74b16c1edcaafcf72638692dc0a0fcf4002ac6c00972e0f885fc8f6

SHA512
f2a5d2fb24386672c3cd1fecc604e202dda12b8bf8b4e2de99b2e82a8d9fd2c865824355c4b3a2b26c2d6286bea884881b679e5e2f26ee6a52604b5964076759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16cfd4b1e55cca887adff0115f8cd15b

SHA1
517ae37f1b89391109095a50786a123d6b617249

SHA256
cb8514ea4640aa16330dcd4ecfcafe4c4e54c42e7ccc8ee12d1358ab31fbf0a2

SHA512
334de0328cdd77d197568cce04b457396406571bfda0541f39e289ef21deab35755061de084014172b2483809e40b3e16ab24f74c4c52a2aea046940b1c32fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1eb279b78f9e1cbee10af071809aebdd

SHA1
56a82feadc2eefc40e1e951e8c912fd885bf4f6f

SHA256
b140a303c989338e1dc40971f005d75b11c3dd9f0156ed5ed058e2cb50476587

SHA512
195f2acb1d2a6ad8765fcc55956081d0e65f3a41cb2bc530d78ef58c329690258f9facdbe4bf12627e8cb5bb65febf1f9e98e758942cc0f91f843b6c93dedf34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dce33b9877803ca1fef694e649229a17

SHA1
0c93909f1a0ea38384885dde7f55a47f24683d3e

SHA256
337d01c804259aaf5f5f5bd4ad35516ad3a6bf90edf9d5fb099e7a285a5a00ee

SHA512
5680a748429a7bc6c3aa04761c73f7f91f8b8fc937153a27c315be3217db67cde73bf1444cf5c64c08dff3486c23f7fd25b0eb5a3f7b8fb005044a4006c0cf2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1f9d3d9d4904c226a5d99235c65f0965

SHA1
3d163083f9bb0d7e1f1911d12c606d80b556a6d9

SHA256
e7e33e26486049a28295eb8f13852ec0750b639662678b086b9c730b72b834fb

SHA512
ebbc1d73b6ffb20767fb0fd0089a75c7ab0143c883031436143434a6af82b202bb8b52e7e6d5eb9c4afdc81a8e6c47688cb4efc41be5bb170d8dc8c0e18710a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b237d14e04e17e3c5b342699ebbb967

SHA1
b766967c77b3041b4a681da95c46a0fd40380cfd

SHA256
33c6a18e926503f0139e5b4c01afdc50ba3855748dc8a3d1da6419535040fd4d

SHA512
09117f76d5fa4edc84bf23b4d3a8ef27f033c9a1dfaf241ccbfba018f90407067ca6e57e02295172332a55ebed4d99a477a71be0b8631962ad576be8116f3828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
bccdfb84dab3ae2672baeb6c3b8a601a

SHA1
80ba53e4c220966d722e45449f637b61059038a6

SHA256
c076a861a04193b05d95159ff3d1d16119220a9e8a44a1ce9eb7a3b2405cb609

SHA512
7ddbef7d7f12f9fa7675b7a9ff2d95e25dabf4bc87578cd04703856b19332ba2660bc7b115dbd9de86b857bd7d3769a0e01ae9c14b0ea55ec267b77ee572fead

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58e0b6.TMP

Filesize
538B

MD5
375fb861920254c0f4f3abca62a77e75

SHA1
f4e92328fb7ce3e112b6ecdb0dfb89f40516bec6

SHA256
02693d18ea1c3d02d60a266c46d52139f03231be0eafd04f2e4cd2c04925f068

SHA512
0a7fd46d86396ed85e081b3935acdadfcd26128077a32cb2be347a4ae15cb29e36d44b7f6938f51b344f43de5ecfb7525c3d48abdd2aa844cbe6b75ffe7b052e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
670d6f6052354c1d47e90095bce0bde5

SHA1
e2de3a30bb2bc5b956acec0679afa2baed1d96fe

SHA256
b55e701f1f19e0306a5dd96835c7dac667db255009699978ebce333ee753640e

SHA512
4fe90ef39637e2fa0cee86c390ed445d992a128a5343747df52bef68dcbfd6327b22512c1dff2ca63fd7fac373bb355ff6ee1dae8bddd9018b40afdb304b4510

Download Submit