hxxps://filebin[.]net/gz9ftbodmbjb5b0v

Analysis

max time kernel
195s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-09-2024 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filebin.net/gz9ftbodmbjb5b0v

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-523280732-2327480845-3730041215-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
2236	msedge.exe
2236	msedge.exe
3708	identity_helper.exe
3708	identity_helper.exe
2636	msedge.exe
2636	msedge.exe
5320	msedge.exe
5320	msedge.exe
5432	msedge.exe
5432	msedge.exe
5676	msedge.exe
5676	msedge.exe
5772	msedge.exe
5772	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5528	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 5092	2236	msedge.exe	83
PID 2236 wrote to memory of 5092	2236	msedge.exe	83
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1968	2236	msedge.exe	84
PID 2236 wrote to memory of 1572	2236	msedge.exe	85
PID 2236 wrote to memory of 1572	2236	msedge.exe	85
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86
PID 2236 wrote to memory of 1344	2236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://filebin.net/gz9ftbodmbjb5b0v
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb61a646f8,0x7ffb61a64708,0x7ffb61a64718
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:5152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9417065921128833219,14750950901430826769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5548 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
77KB

MD5
ac2b3f747f6dcaf911ab07b7edae9261

SHA1
a4a092594067d950a742eccf96a61a839f9084cf

SHA256
439c5f4128e6485bcbbcff7abdce9a40716ea301b5489c8918751182e131d050

SHA512
f68529de62fb73f3ddcb586091e436ac7a3f590ceae212b333b7ad2013f5cb81c2a0ffc51165945a757212fff2fcfe37537eaf4f742dfc505c666a609ec22637

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
d652cf4287269723b2f8fef97c9d9c64

SHA1
1274a4bb2109b550a1bff84a6e0f18a2b93214f0

SHA256
a805d9c5fec161f13633e526c020489f78116668fdc596d1cc167a43713e2c21

SHA512
4c5a67b429ebfcf8d9890b1a82130b7e098ee25824eb1b3204f0486c36ee524674640c95930046282741cfa9bacd3e7809324a40c07889b7e781dbc65700f864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e874230fdca5217bfe95042aaee96c6d

SHA1
9ba07f60173745bf7281e65461d6fe68038f895d

SHA256
3eb2d127fdfacf07a29bf8802c9f6c5c329e3945d4f405c1b70d898d9374bb34

SHA512
549c9111f4311374e94795350200ffed734ec1b76f2d8d3d8378c915bcd16cb8e32598511b226686e86c4b62dfb6578463d1fbad8058727ef9bacde54e65ae73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30f619f6ccf064eb15f25e2b3895458b

SHA1
980b7527cfcfc3dbd46baf0c963285b7e1312ab3

SHA256
9a19c45a4f44ade94f5c4a92b7bf51f4007d0395b9c7e6abe75a86d71e0c9c6f

SHA512
bec927d43778f7ec093d93eabad2cce0c30aed8353baf42eff1a228aa61b211e3dededd025805cf093073861b6905dcaf6decc3efdf259f5c26aca99ec83b507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eb2fab9015adbf2f6420e0e7e1b50cc

SHA1
7fda0b8fdd7c3659ddae15c7e567be97be33d729

SHA256
224287b79554b0708098994960ab4ccff8c38037dab63b70fb110ffda2de77c6

SHA512
f0cdf8de054933ddeff796b0d3847f81ca1497a5db15c57e1d2bde6f80c1d1c3c8d44ba0d15255de733bc6e23b7b61ce7403045c3696f131c90165d5130b3163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8530cc80c84367f7b6d153f3054f0b58

SHA1
d43ba7eb2216592028414a6147d10a7ad01b9d25

SHA256
3ba466e5c79becddc393098e2f38c2b20b5b660a199bd0e1667e88f3f9941d0b

SHA512
907576798b79f5cad1abab39c1bec72bbbe7132a6bab9194ad9fbb909b9f4000a7178df4fca5d700d60a668a2bf21cc6aab0a4146a4808bc0367767d6009b0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
08ee08779e0a797e6df5f55f3141ee8e

SHA1
a970d634565ff00ba311e601db53aed8b99d5d4e

SHA256
bfe46997ef0e1a0b6d0092a37a7ccf60016a15ee1dbf1b1362887bbd705d3637

SHA512
85a61b14c487bdb4c6050064e45c63a4239401f2c13c16e02994cdc7a569d0eb969f216f1a61430f3b4c399eb1ef86813e29970de1e1d7b9581742d494f94188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584987.TMP

Filesize
370B

MD5
5205aaf90c45e108435f6f8a3dd348bd

SHA1
d3a25d01593cef8e88a25f3dd3945eab9f359b78

SHA256
0db1a3f22877cedf07d770f13037cd07428c395961e64d2c54b0ad98d58e832d

SHA512
3033e9d648a59a30b5e3968c539308e2a7a094722818612a1d2bf6bcfb4b12a3d15e64ca132d6177208e54fd2b8cd4e9d377011793c7483aa521def01c18bb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8e315eab24d496e3714a170023eb3293

SHA1
0118cfd5f41948bcc6c4b4b5f96b275be03b8627

SHA256
747c2cb6bca6ce6d6190e91c24f4ea4c2034e2ce7b3bbb358b47fb469a25b9a7

SHA512
68f8379632913b06afa39c2ac4661f3f3d67b99b4bdea136cdac4cf4ce2ae2964888aa1606cf4282f23709d639b7f14cde4be8220a2bfc809f0041379d0a4acb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
226ef1fa422b0c128343aed807b3f42b

SHA1
d41007c34bbb92e636cb4403202444af54286b94

SHA256
9741a62ed361ce3451dc49afd0b543a9ce6cebdd6832709629f49ea3264067e2

SHA512
e199c18427aa442681a1e8f6052fcb45dbf557d1cc2cace2d1e30bc4aeff391e96f5728d155fb41e2da0d3b8527cf93bc6047af74719fc5e6d74caefe573823d

Download Submit
C:\Users\Admin\Downloads\Apofis.tar.gz

Filesize
2.8MB

MD5
c81879ffb407f44bfdeabb05b53e57db

SHA1
bb238a29ed3f6b0e090ac3d3f62cdc72350d78f3

SHA256
3132ad8ed76c89b8381964ba257fac31ef117c42f7d98ba9a752cc68b5588143

SHA512
32f191f3b51c69688dc1405dfe6c3e5738efea824ef3683c437571b555cd846451ea8f30f3fdf6ad58b0744189a59466b694474db8f103ef9eee0876580c5e99

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 203888.crdownload

Filesize
2.5MB

MD5
3c2d34ce6affb3e8aa05850b5647b97a

SHA1
821ba81b5df7d9b30afe2df58969b99d9cff6249

SHA256
dd6266442cc4fee9a496b625d378391ae3fff548111adbee20087ca0a706c377

SHA512
2ee81917cf651515b5da1c352d116ae16af8d0b5161d60a722726c947457431e45d24896f8fa09d371f3086ffe5e79af809accf5aa7ddbb3fa328b9e16e63fdb

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 25625.crdownload

Filesize
4.4MB

MD5
9e4bfba90ea03295be35bb4161841a16

SHA1
0ada1d150cefb9dcd6a470f0114569742d629981

SHA256
341dde312d2216fa65daac2bfd848f0289b0e028ecfcc18f6a8aa2c2db0714ad

SHA512
51e6f7f152b7c67e856986ee0948148b5a38bda9a06f3f7b570f0b9075b0b89914e1a59eb4b171f088443ff214c7c9057b5d856b67221986199d314cd1f975ab

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 446019.crdownload

Filesize
8.9MB

MD5
6f187b31ba9799fc00a2890c9b6f1c0f

SHA1
4ef3f624e674d279db437aff0120050a38cfe645

SHA256
7569fb1f7658153d260738869614a2bc8dbf83434d6e405ae69cbd2dfa7019f2

SHA512
a0c36f676007ba0c764509ad6a0e57a222d16577c71e0d70f5b5eb6e1e3d42e032742a7e4692ed77a573874f9ca01182e234071eadebce40fa168f3059f81e11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 503303.crdownload

Filesize
7.3MB

MD5
e85b959dc22058b55617479cbdfcfeb3

SHA1
725cb064f8ce304e17bbd2c1bad049b5c8df3d55

SHA256
6479cd9e497fb4cef65f77f638a2b0a9a8bc17227fcf8e0fb407d34078943b02

SHA512
01cfb5c2655d258178008a3d5605fb3751e33e216e98d0cb2abd5bd2adb734e49e5e5f59283c28323065509d70d8ba0eaa96f04df0dd9d456e9168c7b4004ef1

Download Submit