hxxps://rows[.]com/1100MM76a65726f6d652e76616c6c656540636f7065726e69637573736572766963696e672e6672/my-spreadsheets/33KOzusXsD4FtETN7x0q2L

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-11-2024 12:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://rows.com/1100MM76a65726f6d652e76616c6c656540636f7065726e69637573736572766963696e672e6672/my-spreadsheets/33KOzusXsD4FtETN7x0q2L

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4736	msedge.exe
4736	msedge.exe
3612	msedge.exe
3612	msedge.exe
244	identity_helper.exe
244	identity_helper.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe
5992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe
3612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3612 wrote to memory of 4552	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4552	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4056	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4736	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 4736	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe
PID 3612 wrote to memory of 216	3612	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://rows.com/1100MM76a65726f6d652e76616c6c656540636f7065726e69637573736572766963696e672e6672/my-spreadsheets/33KOzusXsD4FtETN7x0q2L
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffaa68646f8,0x7ffaa6864708,0x7ffaa6864718
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2588 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6972 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1952,9604386917978820500,3804001864975721057,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ccaedef67ba0050bafbf6b62be1ef280

SHA1
55345ca0dc9560612fa22b0bfe1e1bd66fa7ebae

SHA256
da03e9bf581966aa22ac6a3c9d164b02016e38c59f499dee9956c371c26ddbdb

SHA512
27442e22680e88539f649513a115bf23f581cf33dad7e67080649161bb697d7435ba4f25fe24614b0e8f54603ffe5d15ab7c1af424fa2e134e9ab3ac36989d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4aa019742265446d1eacfaf8c7ff3bd9

SHA1
88fa815c595d2a133de47d4d65ec6c95691d76d7

SHA256
1747e2af7afed44c50e9b4131a7ed589fcc34aa1555d3b2f6586ef7c1f25dee7

SHA512
199b80b0e2d82976a4987c158a26bed3018eb61d0e282b7684fa306a9c2c35b0671bbc25a08902810b8afda05e3e2c8e9672afed1fc1d5639b27489bfc3b75f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9fd958ddf695fb2066497806497c89a0

SHA1
2526d8f726d82f992dc7d620672794d64e3032fd

SHA256
92e7ec90aa3fe97ebc83e49191ed93703c04e8b25e7ec87c34135b42257b76c1

SHA512
cb1d24935c083ca360ebd822330db6e111089471f38671e5a51b2768e23bbfcf4f62b4f11ba5b49cd9577e511c089023a65cc4e61a9d977c857b7e14a6a842b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d91b3ee219f034e19bf71a987fc03827

SHA1
d5230c3a47a212ec8b045abdc4106981be2e56d9

SHA256
9e8de030e06b059170ba577ba0ac766af6c3bd7d9788899be015069d9c89feb5

SHA512
db6f9a5392c5d6494f21966268e238757051647d696b2a24f336061453088442fdd0b436c6bd3345562417cf992e5f61f997c83711bcbb99fb1d9d868ee5cf64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2236f93f7290535dc6adf995bfc95143

SHA1
fe03ac3621ae315b37a48350a318631ba6e7f7e0

SHA256
18ba353f9b2e7b4f16632b9ce1b3d4e1db4a2ceab672bc2f23e2b8a7e38dedf9

SHA512
0400110fc3b78cc7a415144b6f9a0860c614bfeca0ff946cc900026ab3b472dc7296b8656e79d3c33914b03e10c8908183076af30bea713ce6395022eb50bda1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
12a328be0d9cbab39bf9d669c8277153

SHA1
eab82242cf5516487c9722ddf0cbbc6436ca6be4

SHA256
fd9191560c775cca7b96bef33af826d72eaa55c36e1f8c17f03900c47d11354c

SHA512
c0b2df786e60cd2125609fb6013bb62abb53f55c4edc94a3588e82b1858043c63a7ffbf4d109f58e04285cf1f585f33fad0dddba148d395a941b3e7fe91e95d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d25ad20cf132e0a50e7b08d0b9c92bbe

SHA1
1bd02d7718ea7e44a5578c3ed883b3ca3ca514dc

SHA256
bb66461f04567d0be0e9cf7eb01f253becc8f42ca201bc827950308aaad5f55f

SHA512
59de7838c1b4ff2a8ad0b7ce27d6246cb7619475c530df8f6bf6dc41d9d133c01581e6ad2bf45e6ecc4095dc9124897327199db745928babc838a5fc8d734920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6bd53c43a99f40296d500d60fcdf3f7

SHA1
b8056b53bf1aec924c511854857b1dc9c0ec5170

SHA256
9e7e8af62dfa4fee055814bd0f21c7ea2ac9f709e64b223010e8dfcd0a68f66e

SHA512
c7cae64b72dbe48dddbff5c75ad551865f48e91adb164b4edd4af95c023b423e23b505016ed18377fef5147b3b9e4f820be5cf8e1f9c150a27b65c4da159742a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1088542538e18cc654ecde562c5fe956

SHA1
5126a58697c042f59d745f6a3e302b8e511a993d

SHA256
9644b11e3837bd565b2d55d9875d0a9e4b71fcb524e612e367b1287b4e23106f

SHA512
fe9b600594f56b7d499dd0b6614bae19d1238cd9f61434b75d0d933b98b804aea7b2f57548663cc24c23c8b5956bd45286033fa3c6973845b2f97331912187a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580395.TMP

Filesize
48B

MD5
78fa413aa8137243ee4b4897fc666da5

SHA1
424ee45cd6ac6b777652b5135a5380ad763f4dc9

SHA256
ce4963ca2154d114466ca9fb27922b602a24836560ae060f0c9ceb936635915c

SHA512
d2d9282c236701ea2bf944097576d122adc877735353968eaf978fac833aa98fe0560bd95c4c1671030b4bee5e22e3d8b68300db00008f18322ab3e9ccbf3863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ce026cc4e8c54f2d3acb8d04d853e6a9

SHA1
5137ee29e60bc0a7aafb16d087cbfcf8e0591be8

SHA256
3a46b23cc3ddfb230ebce68256e5df2e85419e3e0a6ec84f095086a91e0b837a

SHA512
9496025e6900c04fcb0f33dd5fa1e6fab0c9168f2a7fdb2b2a3835e70d50f3083d5f221a4395b29e93bedd957a047cc53359f1e07c8f74a63a2b215b3b372e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a62f0bb6a81e3834bb9af538017d2fad

SHA1
5d3345ca3c6abfd2b2e085cc1aa76bc11486a403

SHA256
a1632f4a0355c31a36a95a51dfb7b7de340f0cf835ece3592dc942e696fad037

SHA512
8934cc55c5dae620e5da35aec766fa521605eca371d9f4045a011260ee11ef26f1e339a0d1d4ccc8b886a6b804361c1d824969208072f233c42a16cc139a5eb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9b863e588a85ed81a2b320915f625664

SHA1
1d6d5a1d8b0376aceee69f3a2485212c55b6737a

SHA256
45482e68a8bafbf0ff5f876ea823f7f48cdcd63a108058678639a1eda87495c9

SHA512
a4e04c5c96e24fa4a274ba863344803e9002558d08c5e56d7b9ffa6f54aa22247c33d9964fc0a04bc5077e30f8d89313f1700a0f56a739341782ab0a9a9cabb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
77ca805df0467e947761c582875ec496

SHA1
92e0bdf3997023cfa8b0b6a50e7189217e4e127a

SHA256
1c082931a54c528103daff86b48592c41cb18a8d18fc1df58324aa3e6588b4e9

SHA512
417e923c46f679f949b0e7f78c6d8bd7e5c7a057851a7980265fd696d0b90e617ca612b273f69e020b6a5535e582d8351e8739c9c7f5970497a71630f4540d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
374043b7f9edfe4ce31fe1a061a24b3c

SHA1
625887673d50f352bea8ca3a4ac94134f4d747f4

SHA256
601457ffb3345d5056c70fc8a6a294d23f7ca97a9e54c993bd7306645a73e3b1

SHA512
cc39f8b4a73896cb2ff6ff4be2ab4bee19a5e602eb510a8374302780cae32730526d22d4daf985641c3f546a757fbe321e9226a1dfdd7e810610b880fd50dea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f81b.TMP

Filesize
1KB

MD5
d659db4b767e0262e4ad78aa316db54a

SHA1
4660d6a7e19e4286d4a98aafa340cc30558f1650

SHA256
f0ec43ca2c069b52cd9706fddee8fc7fff8e19b9afad430f841d733f11fea38a

SHA512
aa972a9c1a6eeb410a83270361eca977ef0b57f2883626eba3df029303a0f3eaef2c23fd1ba89db63c20ebb7f85a2a0401dfdee11740bd951a71df01c3966301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
442071cad6a4898dba4377bb8ee7b7e3

SHA1
728c492b2e516462573c3ea558fd232383191f7f

SHA256
e46bbe83d8b231447c52ec7c39f2b981020ec22c4b5c969b19f27ef05f5ea123

SHA512
6924c4602a1fbdceff53d23efb20e397fa6532893d478237275c922ada5fdb3a6a8fa5994fc492d39c5cf150474469fb0d3dcd3c01fe26b0d5ce337f2de25967

Download Submit
\??\pipe\LOCAL\crashpad_3612_QSTVHROTZAVXVJSH

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit