Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://file.io/qTPQ...

windows10-2004-x64

10

Analysis

  • max time kernel
    174s
  • max time network
    181s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09-11-2024 04:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://file.io/qTPQt824XgE3

Score
10/10
xwormdiscoveryrattrojan

Malware Config

Extracted

Family

xworm

Version

5.0

C2

79.110.49.242:3388

127.0.0.1:3388
Mutex

ZzPr10udRDHeSHtK

Attributes
  • Install_directory

    %AppData%

  • install_file

    XClient.exe

aes.plain

Signatures

  • Detect Xworm Payload 2 IoCs
  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm
  • Xworm family
    xworm
  • Drops startup file 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://file.io/qTPQt824XgE3
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4560
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb55646f8,0x7ffcb5564708,0x7ffcb5564718
      2⤵
        PID:1684
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        2⤵
          PID:5104
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4448
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
          2⤵
            PID:4752
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
            2⤵
              PID:4164
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:5024
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                2⤵
                  PID:4612
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
                  2⤵
                    PID:1400
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
                    2⤵
                      PID:4864
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
                      2⤵
                        PID:3116
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5736 /prefetch:8
                        2⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:1060
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
                        2⤵
                          PID:2052
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
                          2⤵
                            PID:2312
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
                            2⤵
                              PID:3056
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                              2⤵
                                PID:3024
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
                                2⤵
                                  PID:392
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
                                  2⤵
                                    PID:5260
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
                                    2⤵
                                      PID:5528
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
                                      2⤵
                                        PID:5536
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:1
                                        2⤵
                                          PID:5700
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
                                          2⤵
                                            PID:5708
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
                                            2⤵
                                              PID:5716
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
                                              2⤵
                                                PID:5724
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7504 /prefetch:1
                                                2⤵
                                                  PID:5732
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7776 /prefetch:1
                                                  2⤵
                                                    PID:5740
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7952 /prefetch:1
                                                    2⤵
                                                      PID:5748
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
                                                      2⤵
                                                        PID:5756
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:1
                                                        2⤵
                                                          PID:5764
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8716 /prefetch:1
                                                          2⤵
                                                            PID:3140
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:1
                                                            2⤵
                                                              PID:716
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
                                                              2⤵
                                                                PID:3740
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9308 /prefetch:1
                                                                2⤵
                                                                  PID:6220
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8084 /prefetch:8
                                                                  2⤵
                                                                    PID:6436
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
                                                                    2⤵
                                                                      PID:6604
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9668 /prefetch:1
                                                                      2⤵
                                                                        PID:6624
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9888 /prefetch:1
                                                                        2⤵
                                                                          PID:6696
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
                                                                          2⤵
                                                                            PID:6800
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10068 /prefetch:1
                                                                            2⤵
                                                                              PID:6868
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10204 /prefetch:1
                                                                              2⤵
                                                                                PID:6940
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8468 /prefetch:8
                                                                                2⤵
                                                                                • Suspicious behavior: EnumeratesProcesses
                                                                                PID:7136
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
                                                                                2⤵
                                                                                  PID:5800
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,13583171114795001549,6492086328148152910,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
                                                                                  2⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:2224
                                                                              • C:\Windows\System32\CompPkgSrv.exe
                                                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                1⤵
                                                                                  PID:2144
                                                                                • C:\Windows\System32\CompPkgSrv.exe
                                                                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3156
                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                                    1⤵
                                                                                      PID:5780
                                                                                    • C:\Users\Admin\Downloads\drftyguhjighijkll.exe
                                                                                      "C:\Users\Admin\Downloads\drftyguhjighijkll.exe"
                                                                                      1⤵
                                                                                      • Drops startup file
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:5204
                                                                                    • C:\Users\Admin\Downloads\drftyguhjighijkll.exe
                                                                                      "C:\Users\Admin\Downloads\drftyguhjighijkll.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:7024
                                                                                    • C:\Users\Admin\Downloads\drftyguhjighijkll.exe
                                                                                      "C:\Users\Admin\Downloads\drftyguhjighijkll.exe"
                                                                                      1⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:5716

                                                                                    Network

                                                                                    MITRE ATT&CK Enterprise v15

                                                                                    Replay Monitor

                                                                                    Loading Replay Monitor...

                                                                                    Downloads

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\drftyguhjighijkll.exe.log
                                                                                      Filesize

                                                                                      654B

                                                                                      MD5

                                                                                      2ff39f6c7249774be85fd60a8f9a245e

                                                                                      SHA1

                                                                                      684ff36b31aedc1e587c8496c02722c6698c1c4e

                                                                                      SHA256

                                                                                      e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

                                                                                      SHA512

                                                                                      1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      b8880802fc2bb880a7a869faa01315b0

                                                                                      SHA1

                                                                                      51d1a3fa2c272f094515675d82150bfce08ee8d3

                                                                                      SHA256

                                                                                      467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

                                                                                      SHA512

                                                                                      e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                      Filesize

                                                                                      152B

                                                                                      MD5

                                                                                      ba6ef346187b40694d493da98d5da979

                                                                                      SHA1

                                                                                      643c15bec043f8673943885199bb06cd1652ee37

                                                                                      SHA256

                                                                                      d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

                                                                                      SHA512

                                                                                      2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      28eeba95ab2586bca09699ed7670120d

                                                                                      SHA1

                                                                                      a95c20f3944f598d70c103e468b31f616d524e89

                                                                                      SHA256

                                                                                      17023d2ff301620c4bf6c6e2bc418f533e8bdbd28150b4d048d76beb497410ac

                                                                                      SHA512

                                                                                      79c71b7907bfcb35b4c7db29472df0de9bcc8b30c7cec25fcf3e5030411defe7c6600c06e29c5f6dfe3189aa5641ed20e9136b6a82a6f8f13eb03f8679391921

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                      Filesize

                                                                                      1KB

                                                                                      MD5

                                                                                      949fd730bbea3a319dc723cd7ee24a8e

                                                                                      SHA1

                                                                                      9b3e3cf4c1a5a1b7f3f6880c8746ca415840caed

                                                                                      SHA256

                                                                                      3d4c6b17e67c53ce2af66e8383f2d2667b7408018aae724feb20379f6eb62ba4

                                                                                      SHA512

                                                                                      1ae13ceaf76aa3c1c6a62c816d5e53b1e2704927a8b0fd29d99a1a9b5564e07dfdaf06431cb2c8969537d4df1758764f7bd6b7cd9efdf9f632d231c68cd2b200

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                                      Filesize

                                                                                      13KB

                                                                                      MD5

                                                                                      1d4ca36f55419d300100dd107ae7a110

                                                                                      SHA1

                                                                                      5d81984612addaf259e66723c0d71bc03e591ba9

                                                                                      SHA256

                                                                                      24d12576d294c6d3a3a9fc46e94b1534c426aea8902db58729fccfd4f0106a13

                                                                                      SHA512

                                                                                      600c6928c5955f3e08a4b3bea540e3a543f0c757aa67eaa85cd2116568b3fa3fecee9838add089c004388f25f7c4cb917f51d29613c826397e9ac011998f1f57

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      6f6f44bb759281d34e877474d0a593b7

                                                                                      SHA1

                                                                                      ceb406700028641c9888b325575e31248754de36

                                                                                      SHA256

                                                                                      538e3c93b79739d5f6293123168edbb94ba815c485d46d9bb856e11df3cf1224

                                                                                      SHA512

                                                                                      033eeee76d523c5ae523f000f0a7bae53d81327f0ddcab6ca9f5932d5f5d812e0931da1b0aa78e99f4e896b6526d4e63abb07539592a315d869e1da3a7de99d4

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                      Filesize

                                                                                      13KB

                                                                                      MD5

                                                                                      50c4368f3549ce2e4b538d8264653e63

                                                                                      SHA1

                                                                                      542f4149225183ed4dd21c9a8e1ba294c0c15b69

                                                                                      SHA256

                                                                                      8a40e504ac06a75768dc209e2db3d18cc75d4e2bb7ed51388074e7eca72baead

                                                                                      SHA512

                                                                                      4b47c00fbd750b582ca91f623482a6a64927356dd2045774b906023162ec4fdf15be2d77fc10e70b020435ba26e39377e422133739706e0faa31def58f31f3ea

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      4KB

                                                                                      MD5

                                                                                      e3d8a50a3d9ddc95bb14f525ae5487ba

                                                                                      SHA1

                                                                                      8b33c8f233a1e749512fc4a43d0c1558f2b04f77

                                                                                      SHA256

                                                                                      e1706bbc7552f11f2107d45edec506c73e95ca5c4b4e88b7a37628150add7f4a

                                                                                      SHA512

                                                                                      aaf2b661b4d56961e27ef4aecb950308a63bf60a522a9a2275a400db537d1f5c437e52ecf0f6662270807f0af26938b9bb72895dc840018eb45872c7e7285221

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                                      Filesize

                                                                                      5KB

                                                                                      MD5

                                                                                      41615a6bcf08f3d97705532041c39f41

                                                                                      SHA1

                                                                                      9f0082273ad859d7aab2a8b6cb78ab695d97df98

                                                                                      SHA256

                                                                                      e5af73e8449c62d967843ecb4388fa9b11b38e5d07b6cd92795438a5a6ce315f

                                                                                      SHA512

                                                                                      2d92562ecfead1411e5ec04919851ba370d79152d506ce185c7a88cc3bf7fc4e0044f50d11b2281175f912dab3c0b9de48a07abab9f40bb85a9770d78630bd8a

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c6f.TMP
                                                                                      Filesize

                                                                                      3KB

                                                                                      MD5

                                                                                      02f952c206146bb3bb64a6062ab0395d

                                                                                      SHA1

                                                                                      294f5f0aa95abb10671da3f5fa82d2e673fb2824

                                                                                      SHA256

                                                                                      da4e404397be491b0c2c33b21eeffdb3f25c0f6c34e98e0b24eb378962dc2023

                                                                                      SHA512

                                                                                      3f401ad5eee343aaf2ca41d7d5d07888a97f66b80590e6b4ba0252255e7c73d0e460f373931640b830aeb50b1d6de984af4873a84207a051ba9e2d8b86652e4f

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                      Filesize

                                                                                      16B

                                                                                      MD5

                                                                                      6752a1d65b201c13b62ea44016eb221f

                                                                                      SHA1

                                                                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                      SHA256

                                                                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                      SHA512

                                                                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      03c14d367c5790b6dbdeaa4ff5bdeb38

                                                                                      SHA1

                                                                                      3d0383bffb2351642351e3f8074c6eaa4c4820c7

                                                                                      SHA256

                                                                                      4f4a183b0a4c691ed64dfc22027cd958c9c9f078cc0861c38781715d0a52dd9e

                                                                                      SHA512

                                                                                      7118a21de90e09d5c040550a78dd75f95414a36675b0050204a717e7b491a9d908a47882c622be8cdbf151c40845b334d6915ac65f5f2e396c7eabf313aaeebc

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                      Filesize

                                                                                      10KB

                                                                                      MD5

                                                                                      1634c5bfdeed8b8f4d1588873c627f0b

                                                                                      SHA1

                                                                                      bb7b8048b0b2f8656b833c3041bec82bd35d9dd6

                                                                                      SHA256

                                                                                      41c9de6bffe52ce5af5d02e5cb4c18a67e203d545906489c0222f5b2556a4cc4

                                                                                      SHA512

                                                                                      11a24af767d7d950863f0b57208bac795eb42944c3d37b863e72e6322d299e19db18acb924a2f40b22b68f0442cf7df28b5a334c7b8c349135e43a4428cd61aa

                                                                                      Download Submit

                                                                                    • C:\Users\Admin\Downloads\Unconfirmed 632444.crdownload
                                                                                      Filesize

                                                                                      34KB

                                                                                      MD5

                                                                                      f0458aa8920c3a81dc62f427b140a759

                                                                                      SHA1

                                                                                      6f1c7882775e6e1d6139d5a0ed4bdf35708f8767

                                                                                      SHA256

                                                                                      5f41b296c9c8ee823fbc5dd53ad0369a5ded6def0f1f9cb9fcc98a5308d8b43f

                                                                                      SHA512

                                                                                      ed017ffffe7854262a0ac28b16406e55977fe8459bb72becb7426d39228aae952f28d2679270df300762e8eb4db7bfaa7368fa5826d3f4cf2c23f251eb1d3c4f

                                                                                      Download Submit

                                                                                    • memory/5204-255-0x0000000000390000-0x000000000039E000-memory.dmp

                                                                                      Filesize

                                                                                      56KB

                                                                                      Download

                                                                                    • memory/5204-371-0x000000001AEE0000-0x000000001AEEC000-memory.dmp

                                                                                      Filesize

                                                                                      48KB

                                                                                      Download