hxxps://app[.]scalenut[.]com/creator/0372b3ca-5901-4fca-92e5-b17e01981dd5/kj8jd9r9do

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2024 17:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://app.scalenut.com/creator/0372b3ca-5901-4fca-92e5-b17e01981dd5/kj8jd9r9do

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: lottie-player@latest
phishing
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

68 ipapi.co
55 ipapi.co
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

flow	ioc
68	ipapi.co
55	ipapi.co

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3108	msedge.exe
3108	msedge.exe
4120	msedge.exe
4120	msedge.exe
1248	identity_helper.exe
1248	identity_helper.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

Processes:

msedge.exe

pid	process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of FindShellTrayWindow 50 IoCs

Processes:

msedge.exe

pid	process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exe

pid	process
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe
4120	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

msedge.exe

pid process

4120 msedge.exe
4120 msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4120 wrote to memory of 4836	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4836	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 1656	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 3108	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 3108	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe
PID 4120 wrote to memory of 4616	4120	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://app.scalenut.com/creator/0372b3ca-5901-4fca-92e5-b17e01981dd5/kj8jd9r9do
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcfcd946f8,0x7ffcfcd94708,0x7ffcfcd94718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:5184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2288 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,10512818196256644698,2631189213294405867,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59b16a6b-7e25-4258-8052-c319ea722153.tmp

Filesize
6KB

MD5
823bcaf7ddcb6fea7e19727c0ad9c1e5

SHA1
c988f11d0eed0fd6d54b737cf56707b2d86e6e44

SHA256
1ed4a9f02a334d882f55b4de01b88a764a5cb667e3c8f035eeb57ff8667633ef

SHA512
c328767cdd1b5c63ce427511ed3a170e82ac76c2d3ce2bcbbc72b6217282bd62482db46417e6bf5f77219b941a7cb1614f08ad0d93cb923b088685601c0d8023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5f8b825cf7fc3bb21344f865481081ad

SHA1
430e16f9af82c299577b0a514ce93b4f5657e56c

SHA256
99f7c228af4741b0f79230be6a3f2f6861c8e0bd835f0690222805122e9a5ec9

SHA512
b1c2b2113ec2bed540eab5c9865bb59b1d6e68eb9183357197e9d216542a83e7e21b817ab4fab8b489eaf80d3ab3e7d5b4f74c4f2e0e85c15391ebb528ad5e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
92757413f65fe116422e3ab5505173f4

SHA1
c95cc562d1155ba27bff70fec28892ac4811e5b1

SHA256
b7d00177cf5c266587a904dd674cb7107dcbacd715222e236a957f07cf8d3fb2

SHA512
873fafd0bfcd77a19bfde9ebbe4c429fe6f795eb7a79657ead060f38afd5cee831aca9e3e8a1caa2705ff246842dfe9268c5282c433b5ca711174fa6d4637495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
88440eb432802bb8e9937cb87166e8f5

SHA1
19d87ecbe2b4ca902c734d79b061e07ca00b63d3

SHA256
0bc88dc37ce1ba736bde7495bc8e65ab651617f0bb738f9b7b8749f2cc8084ec

SHA512
f7aab42f9749f7ec5b216b752e013b13e564bff5af4e6682c3ead45721613672675b6c424dbf822250e35474a05570eda001d041a11ed1888dfd09040011b728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e9bdd5d71ae5e0e33246d5f2101fb98e

SHA1
be8ef19d1b2609577bbb8b3b2321535ad32bdfe5

SHA256
9445cdcb5e63ae857dcf7b733da182046799d38853b1de259cefe689acb8fb6b

SHA512
3dd5e0c64f843552e67d105d05e3bd1375315ba921d3fd8507b15b4c14c165535a962194ac3b73d248ae3b003f4ddefeea8bd6475b2d7fd83e71bb33b7053448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
883ee8cffcb88e5acada331fe0ff96aa

SHA1
da92d075cc64263eb3c208f4531e6c9c673274f7

SHA256
37239011b31524b0983b3d49f735c1748b43e9d5d100be11ea2dd98a160ff2ba

SHA512
849653eb76f95f89ae469189824621b749b25c022c92d6501141c685b86ca0d9048eb9cf4587b2c240a6714fa4e64b72eb790e3c3fba4437ecc0af4831653347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
03c84946b4f414882f1bacc18ea28b31

SHA1
2321c942fb765f35ab0988d9626e8a703333d21b

SHA256
0cfbee564c2178da8d813ce748588072e8b9d38267050bd07c3eb41b8b4d3cc8

SHA512
9f76999d0d0972afaa78f9a8cb6a36d988d17dfa157ca23c3350d847165c53eb5a2426f2f7befd50b25d2f14cec7ea59dea56c9451ce5ba53a0d507d90206d9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b0a9f660389b56502ed3ccfb13cd8bc

SHA1
b75c90dfdf54e16a57696db3d7d2841016988a26

SHA256
35c7d9a8f6a6afbe72aaaec1d5bf7fba4d35c832e3d226653d5e2f38c00ed95a

SHA512
3d19dde83cc8e8b7fa9838e1b185940325f2d392f589ccf73459d4000119027c7b7c1aa3c6a03522e766cd9924d84168ba6b44ba164e40d2c0654daa40417b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c2c9a0f5668d03b54ed309686ea3b49d

SHA1
6a12060b4d11769959849aa54f4a2381499fea13

SHA256
51a86c1e491e739a34cc6458bf36d98ede958e2c08b66803e65dad8baa2fb048

SHA512
750f9804b62df557b91587d6141aab93eae3337610c021b9883b3da23b8c39c89b9f7fa0f71df5bde18f74e2fe1661e1ad4b00efa55f25402edb1651740135d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe581539.TMP

Filesize
48B

MD5
68a501776138cb545d2e09eb508dadd3

SHA1
ffd6a053340ca98c096502fd4e80f5bd1268a42b

SHA256
894f69ec8c9eda3a60ed67ef751c071f087d4a9958c8b7ee138d4deb07108f7a

SHA512
6c9e1480a8f9c8339830d6f78be188ed611b3a293c3df835b012a1895648fe83cf3cfcc8e2c8462a90a2cdaa135ed6b949f6d43204964a4c7446e213cef73974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
77692d08ecf190fe42a0da559a881cfe

SHA1
583bb2b2c1f5a7e21a26088a57c2d51cacf82fcf

SHA256
6eb4dfae98873f8e826fa3c28260a57961deb98e8c1a083805f769e1826beb91

SHA512
2528299bf544091675c23e18f2cdb6d4be1fbf242ef7ba82f6a938d2a103380f1e4c656f867f8602e4e4df0b4566faa221c97439f7093502784f793ddaa8987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c801cea8bc82684f082ecaf26e53fd3a

SHA1
d0688aedbbb56004a531c01bf59c8575276797b9

SHA256
33070da1e6a141d0550963c5a3839e122057c4df2cb3d5d700c7956c12d41fa7

SHA512
bf8c06b4f738f48e1a75ede228fd58e92896f1ca0de9b8135d0da5418306446c3d3fef58ca8ca5a6fc613508e761efd9cf8eefadf6e2411f618d16ab47610488

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
eb57fcefd55a67b3083ef84c7a7dbcaa

SHA1
ce67adc5db5b8667ba96b18ba4e1b2117d520472

SHA256
2868f47da91f69816cc8f2265b6e6e4f0dd8014a31c80578998a422a311960f4

SHA512
da9a4917346b9e8217ac764436989f3f1874073ab1343c6c92981ff6c2aa18c6d646bcca10783f5330bc7388764445a33b3e7caba984a1f2909318376cf3c78c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
75fb6f1b61b624742c47a146f3dc59dc

SHA1
25778761cdecaa6181c78dcd799731245f5daabc

SHA256
df8cc4a2f334915bed52bd1e4ebc5fa2ee3362d7c1856645f8c71f129b4c20e0

SHA512
b40fb67926ac7be445e7e80e1dccb0abf92013ddf05cd69384d7477511a5d4784070b8a85c9aa2f354adbf0c520880c8928af1ca9b7f56de200d3df470e0d864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b5693ce7472f427b6bfc89f21118bd26

SHA1
7dcf1138cfad83769cf2309f22d60a431292ed86

SHA256
46a13fbe453592294d3890b407dd7d3feaac45d7973970749405a4c6fa804fe5

SHA512
53bc0bfcd29c19ca062320a758954f7bcfe355bba734957cdc7579b694fc743e3d637f475f422c2f6d9e91151909020868f3142efc511e7374cac2d26e808c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
efcc57ac5e265a971678c853d0564540

SHA1
a15bafe030b820a43f1450c8c6fc7d125bd168fc

SHA256
9f6bf5850fe94e26bcfdf11d9e0361271bb224c3046b1d232a5c2bc09d7ef303

SHA512
a2d89062d7eb9d70f259d85f2fee1d417d27053fbb5f18ec82879971e4c5f3157b17eead31fe7e41e21db8fcd1704a328db1c6aaeb92e43bf9c90b8140beda3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c35cc596ded6128dc4e782026f35c683

SHA1
f68f9a9965d74b51060eebc55cc6a3741b484cdd

SHA256
a7f23e487e946b3ca51c6aedf582e06eb47a42a94245cdb45c2f7596183174db

SHA512
5c334114164d9f1407a2c232ed627bfaf4be1a205ac2c9932f89536f40d159f996722d2dda24855997ebee8ded76d50c8794c8b36ac89905b7ef72e3f67b83bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581bc0.TMP

Filesize
2KB

MD5
79460fbebe1f7f681085c047d6805d90

SHA1
392e1840227486af13b35d8b4b382a07d980fe3c

SHA256
6661a027cca2a25aa37095628f6a85a106e72aabc6acc1c89efc43e74d3f94a0

SHA512
ce661f675fc2756064bb9fe0f003c17088c713b63fe9825720ded443c49168bae1b4f9bd4c52e5df9b8a89ad5c9a556240c85424766276aded551cc877e20c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f38db9f0413737b9d6ef39f4ad45dea

SHA1
6819e7a4c09a7b6f08f53beb342dedad922d66d7

SHA256
2d60f2f45050ff17556d07259a0262212875f8466bb7cde0bb074581a5bb1b62

SHA512
8a34dc637c3abe16c99de58a60bfbe79a6cd7e885ad4c12c999c49477c7ccb8b7ecd1cc7de3276906223a08d3489bc82e836a3d0f865c6160b0f6204caeb6ab4

Download Submit
\??\pipe\LOCAL\crashpad_4120_YQMFMIYWPQHFBCQO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit