hxxps://wetransfer[.]com/downloads/ed3e3cc1bd158291cc29f48a8157056c20241112121356/33ba64cdc6472f76e70006dcb2761d6420241112121356/368956?t_exp=1731672836&t_lsid=1a65cbac-f186-45fa-a1ae-cfd05f4d39d9&t_network=email&t_rid=YXV0aDB8NjcwZDU3YmQ0YjY5ODJlNDEwZTJmMDUz&t_s=download_link&t_ts=1731413636&utm_campaign=TRN_TDL_01&utm

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2024, 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://wetransfer.com/downloads/ed3e3cc1bd158291cc29f48a8157056c20241112121356/33ba64cdc6472f76e70006dcb2761d6420241112121356/368956?t_exp=1731672836&t_lsid=1a65cbac-f186-45fa-a1ae-cfd05f4d39d9&t_network=email&t_rid=YXV0aDB8NjcwZDU3YmQ0YjY5ODJlNDEwZTJmMDUz&t_s=download_link&t_ts=1731413636&utm_campaign=TRN_TDL_01&utm

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3572	msedge.exe
3572	msedge.exe
2884	msedge.exe
2884	msedge.exe
1600	identity_helper.exe
1600	identity_helper.exe
5364	msedge.exe
5364	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe
6088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4308	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4308	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 4472	2884	msedge.exe	83
PID 2884 wrote to memory of 4472	2884	msedge.exe	83
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 412	2884	msedge.exe	84
PID 2884 wrote to memory of 3572	2884	msedge.exe	85
PID 2884 wrote to memory of 3572	2884	msedge.exe	85
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86
PID 2884 wrote to memory of 1052	2884	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://wetransfer.com/downloads/ed3e3cc1bd158291cc29f48a8157056c20241112121356/33ba64cdc6472f76e70006dcb2761d6420241112121356/368956?t_exp=1731672836&t_lsid=1a65cbac-f186-45fa-a1ae-cfd05f4d39d9&t_network=email&t_rid=YXV0aDB8NjcwZDU3YmQ0YjY5ODJlNDEwZTJmMDUz&t_s=download_link&t_ts=1731413636&utm_campaign=TRN_TDL_01&utm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcad9f46f8,0x7ffcad9f4708,0x7ffcad9f4718
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6468 /prefetch:8
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6016 /prefetch:6
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,12229622490585996705,14649102751094313291,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
749KB

MD5
531c0b797eb978693f6476ab93558279

SHA1
ab83c4be36749beb8b649dc81e4a7e62154712a4

SHA256
ab2c89ebbfbb77179af5f57d1bbffa0e93a83f2d1db98bb6c349ee73b02a0e71

SHA512
0dfd68f81bf026a348ec7505e45fadd11b9e42b82c670679762c01a528821056460e57d6dc8441cb4117ffd733ead71208bb94b0fda0f6f5eb2a8b2192f0c035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
72KB

MD5
b3ca8cde7fb0dfb1661451862b78e5d9

SHA1
201ca773191135c562e021ffa6c627620e604c41

SHA256
857b2523dcc62f82bd2b161d6ed20f5f15ef3298f8f8bd26ac09e1bc4febd93f

SHA512
ad9a37554df3e4b602ba5fdecc1801da5d095297d7af3b888661efaa875bf77d3c67620e615a694e2d73bb79a20ec05d0844f32e489c656ce7b140192f48b9e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
22KB

MD5
cbc0311a5f31b7ff30bcf95ea7dad39a

SHA1
5e9fa6ecaef9e13e610114efefebc5302e01c1d3

SHA256
9e52ab3f3df0e06d178f244877bfc8f0f187bb42ed9f8ec4b727d3c1f06c1dd0

SHA512
e46e6fc47737743e3bb0d724c5d5c691cc326a395aa90b5ced190826b5e680fa0a85a2ab1f856c306a4ce387c7493896016662053432809f5bb8f4840f9f6c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c6a5260fa29100660c226c346a8b555

SHA1
b88a09317a0229cf60dbb30527f264dc574a7671

SHA256
da3e15e5e030e1b84ccda22d2f248245e87ee096c96649c138b01309eb91d6cd

SHA512
62205197fb6e4c170538809d28d1fdff5f36ce44187086570676ed2816c462cae7d3984e5bd82d4cc362b77804b617b9965f8147bee1136d106af61a53d2a431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3c030499e5073268deef67efb2371ad9

SHA1
52611e35c3171aa63153a58e639111be2331bda1

SHA256
1300cc2e4b96f4ce24948557653830a697013ace20f86768f3c7cc1832cd9cfe

SHA512
a539605e269a04d163ba5418d6f0659ecd01d1f8d94a0e974ea650042eb0dabd7df6dba77e2d608cf41d1c7f13206fb359f96f8379a855f934b3c3c13f388e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a0852bb5e404fa5c9c754ed04da6e294

SHA1
dfa3d1fe5dcb644c7493634c2a194689559b2b4d

SHA256
d69e7744098ba8d98e0fb0fb17e2ae95a5d6a03533d744b77578a1a609147b42

SHA512
c3112676b4000bdd0aecfed7d3558499d354608fec8df2d10c029fb755391d4c65faf25c61dae913d7b90d3df359e479cdcf0123b8aeed50d833ce4ed53694f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
654287e1fbc4f9663b00744b52f64c5c

SHA1
b4b25d8a877bdd4f98a1513f417396fc3f5fc434

SHA256
1a3a3d4b5e761440aa83ef146a173a80a757959a7fcecc95073b26f14481f11a

SHA512
a4b039595ab10d37f309452aff43040b08ffeff34ce1dbf384bae1d246567728e0e1980a634e19766ec8709682384a8268a6ce6977677cab24165dd5fa21cd3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_backgrounds.wetransfer.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_backgrounds.wetransfer.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fb067101ba169e76e72ee323aa392583

SHA1
e9229372d6c893b8c887c58422c185d3496cd9c5

SHA256
47c95958e043de153c5887d474c49b524525d75d2c8eb9cfbbf730fedacf3c9f

SHA512
58de47c2f91c2d32dce42ce00bb91cf699ff2a6d7bccec8b55c2fe3b132e7fcd459a207cd2a7790ddba4687a4714763f31e03aeb5302b87cf2b04c09230ce7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8cbbec8b624e698b60e867376dfb7798

SHA1
3802bac895b8d356044a94aa40be9ff1155ae402

SHA256
911a7142c22608914ea577a7f287a3a429f6086153a1d369d6e374525ea1d2a7

SHA512
f00d45eb701a0d467b9aa250b49bcf7382ec8567561f6a949e29d2c57da6bda4603c8d0f8c39b79eb215635fbafe63f772f2d36019d882eb0fc7f9c581f4a919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eaf52178904dfb20be000278ad0f1f97

SHA1
fcd088e076dc934d5c36c6aa622c00f00f6b3060

SHA256
63f2c4d278bb471613f113877e2ed333d3ade8d13375cfc4a2e4d9a011ec5238

SHA512
207f46432e9d8582e48aebd267a79f45d0f89247e5fb32de7bba27f87bc51fdda7aaa347b2ab01778ad44f91422110d786ef81f19a661fad77d837d298a8bd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d3e2b4bdf7b2af121ce8fea36b467c12

SHA1
fad91f28266b66345bc6d77ba6947c4bdaf3dc23

SHA256
492e71ed400db5adbd7911901ebb44126f19103f44ec0a627d8d21eaa1a95345

SHA512
d1b7e07651727a30da06b6541ffef4234405745581399bf67d0da3208200823a34102184b0b697dd8fda381ffb60755719503647c71c5a2c0d09463758818b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f8c45ba8bb42de5720006c566f30077

SHA1
370d160db63ee331dac562abd047521046ca4aca

SHA256
e9c40f2813444cc920ab9aeebc9631a251499b6b0911416f8b1fb10a55a656d3

SHA512
1946b6ba665dfd9593f4a0baaad309335b232d1a019749de561df16d9d44ec5bfc02831ea015ff0889024f90e1e0401d770bb5823ba9c1e862fcf6dcca73b061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a924cdec9140c2c0765af2bccf730ee

SHA1
30791d06700d1dc690dc2d4c38413b5092f7863c

SHA256
f9e435e16a4870e11196bfe7e178baeadf49e6ef3a8006646bf0b4176f458805

SHA512
4a0c95e5e1e71c9a96b171d2d52ebe0d98aefdd19715655c20dd71375d2fa4519372eb4d4f0ad1a3b0feb434d13d6ea2ebe878cdd105f872061d901b1cb8f488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ef2ae5f9b35a1502f40fda2e42448d6

SHA1
960747dd2dcbd9118d2bcbba72d3cfa2435a779c

SHA256
38932757bf69ed838b01f20340e7d337245c83e55ba471871a5545a9e59c0e92

SHA512
77d076c444c0efbf7a2f0809fead247a3cccb041728b20f95378672888346a3eaad5923d046af7fd79060b95c8dde9ebda2ff2a056be36204da8427121e76f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4e2e374230b82d49ac52b225037860a1

SHA1
48ba56c6b2921c284ddf4422dffe4034b51ffb6f

SHA256
2c07b3c225e53ca5c01a861c55ff56b4b94817dec133c6d051a7aac5067a9ba2

SHA512
32b0445957f0b4a66edc748be8bb158554836d35776f3f1b08d927ae4c5fa3b93e762ff3f81ea0bf2f5e0a9742c64c7e9b731c59b938e5b76eaee0546175bae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
051f8ec3cf2d378aabbc4f8576a3d83d

SHA1
66fdf031af155808ec8740a317ec783465763904

SHA256
0e8c7e86bde301edf12cf27698f973aec864fa881eac586457020ee758853c66

SHA512
14d09c2cbffc8d0c8fed13b3a5de15a2459c58a928504e4019e446300df49393ea6ff6965a1198d51f5517426049b9a859daea71b83d417740269720ebc3c94d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a0ed1f6aca9f7e60937405ffe421ae41

SHA1
1a542c4d205f030450750cc3653280c38ab36ad1

SHA256
4446684ae3ca77e55e8831eca6acd09e029aa01b5b066f8be8421af90be0cf8c

SHA512
97dddd1db20c052979869b1bd30b22716d59a92175375cb193dd487d4a3de5ce900cca35bec3461ab6eb6ec66f53f9d6fc9bc30bdb48cca00d7e43caa65023b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
701ed10dd2e5bdb5233769236e0b1887

SHA1
c21a81e5c4d7ae04b1e7d3144e083dd27fe5de99

SHA256
368666517142e9eb81eaabbb4e4f1fb1546d6031cf4bc567627e85f2386f6727

SHA512
c42a347542f82469deaa46dd9fcd324187f754b8cfaa9f3228c5310219ca866f3a41677a4ae5f1d319ae63f9ca98200880773430977a2bf5da20c8a8c0c531aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d5d13f19c110e64115cec19ecacf59ea

SHA1
6342f5c3cf2592ab3c23749805175e756058bd00

SHA256
b37de52384cb0c20086d8ddd0879542a2dd416977994d5d6302e396919eddcd2

SHA512
dea16151a165bd4d208510d47b20be1171659a7b682a2ebde625009fbe87a478e5736bfa9ed08d5875620a8d126466d8dfa28e7669b9d291dff4a558094bb407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588519.TMP

Filesize
1KB

MD5
efe749730e01b6045a4ef689562db870

SHA1
edd2dc336f4cc2a43569ca3d776cb8d7414ee13a

SHA256
79d7cdedf3f82d00dc23968e586624046a07fb3cb9ec597e49d690dbdb01df2e

SHA512
78c6dcf95e4320cbfbe19ede190d8fcadc3f22520c743bec49fc0bd4028651d692ec95a012f62326287ea254d6c53f38e6d582a083395d64d6c0795852b6e8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dcd2969e-3cac-4777-a881-6f3f20945812.tmp

Filesize
2KB

MD5
e5c890d581c96f36321b3918e21ffb52

SHA1
1924aba7f304a13feaa08c50c1fbcce530c98cfc

SHA256
6bf154b9025295d449917bdcf06e6d701ace2c15e92dbcd3d97d8a3c76f47b07

SHA512
398a2d6a54c51ce4b340b54ce1db67da23679f5db0370f9cb48971271f672b5e3aa2436e6587e2db5af444e272e05acf6f4cd31bfab843b79144c5e25c37bd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bddfc199-f604-48c5-8a71-169c56daa372.tmp

Filesize
10KB

MD5
1b725f012e61fd12e3ba98f0169b158e

SHA1
74675f46194957e483b196b406e8eb471dfc4e7f

SHA256
f579bb4febe18bd6c5354acce13cd71ce0169a5a1ee22e3120912eaac2242f4e

SHA512
e80c4160ea92c334127da31a766135e0a2b9ba646952f67092a092ce43bdf02aa5bb2c34d0809995499af898c0561ab872f901f814b2fa7b9c100852b80dc383

Download Submit
C:\Users\Admin\Downloads\Technical Specs & Data Sheet - T360.pdf

Filesize
9.1MB

MD5
15d168b0e8503635fe63f58bf92f5091

SHA1
2c02bd9ae97d18d007452538d859fd17ff58b8f2

SHA256
1a8eeba8294061697807a919fb2311927fd9fef10e013a1506a91024e0be0ac5

SHA512
0152cbd5cbebf06a99a2f6bde9af7ec73b5e21640285d6fd178ab34fa31bff6a0b92d3572a3875c43f224a083f26a3ee440fcd145cd2284138c2a57c0b461ad6

Download Submit