hxxps://theoggroup-my[.]sharepoint[.]com/[:]u[:]/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy

Resubmissions

28/11/2024, 12:17

241128-pf5eyasqfr 3

27/11/2024, 17:40

241127-v82seazkgq 5

27/11/2024, 13:13

241127-qgh4rsvlc1 3

27/11/2024, 01:47

241127-b7271azqgs 5

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2024, 01:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2000	msedge.exe
2000	msedge.exe
2376	msedge.exe
2376	msedge.exe
1512	identity_helper.exe
1512	identity_helper.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe
2376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4796	2376	msedge.exe	83
PID 2376 wrote to memory of 4796	2376	msedge.exe	83
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 3832	2376	msedge.exe	84
PID 2376 wrote to memory of 2000	2376	msedge.exe	85
PID 2376 wrote to memory of 2000	2376	msedge.exe	85
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86
PID 2376 wrote to memory of 3204	2376	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://theoggroup-my.sharepoint.com/:u:/g/personal/rohit_theoggroup_co/EW1S6u7eBPZAkl8sn76CFW4B9_fhjfgaN299JnYAgaQ9MQ?e=CXhREy
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b43a46f8,0x7ff9b43a4708,0x7ff9b43a4718
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,7683711369931134033,16160758648156269715,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5604 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
19KB

MD5
31a2c91a8b6c9b2f6998d01f88380e4b

SHA1
5826d59fb15fe4f377f90a75de7ba3783a1d49a2

SHA256
4dc18bfcccd5cbcd52b3ad7cb9014ed8a73f8e887e0e9237b6cda583d9637f11

SHA512
ad883423c8fe37a8b49b38e0be6ef33571c4d3da3c0edcd672d7b8e5f5ef10e16f783b21a10aef8716e257a6b3a48c3298d2d7b787a89fe971f805c2333a25b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
19KB

MD5
f0de9a98dbdfa8c02742ce6d92fb2524

SHA1
cdec682aeb9e39edccc2374dab26f04db754a8b5

SHA256
faf4294f27a542b0f9ea2a7cb2711529ab027cd84a5f5badfae752100855e6be

SHA512
856fc9ab199997e69a9487372bc0083564f7115b3e0678cf1d542b9864e9a88d5ffb85697fd93538dc9439071e3bcd4b8bccbfc610e1a45de104d6362d8adcd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
46KB

MD5
58833d086fced5c33f4ff8c828fe66d1

SHA1
cf554e2f75987fb7b2b4557d4b00abaf35646a45

SHA256
4c7b0ff624ef68bdc049410ba9b7d7e73ea81be39018a44e9c656667c8b328a1

SHA512
ba53054a6e21b44bb849d14d447ea191ce1f0f24a245fd3cd48f2880249010b59f70927b8b7139973ab25dee8d3ad71490bf2dcba53675a7a149e0ec5849ed6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
44KB

MD5
e5354da431f6a34b01ef85ceeb4f3f4c

SHA1
5465c2892adea2d1cdd88eb38f15b3172a66c978

SHA256
6a2ee7d54c92e4bce9310d9797aa51fdfd2b967e9c4c7c1096e9b1be0598fda3

SHA512
7c2a1650d700d6096f9a00daf159185ca6f22b477613d54a1ca7c9018db12771579d7e19bfccb265b2a742fea17928e4762088615c99089e7d73b36e471b585c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
672KB

MD5
3e89ae909c6a8d8c56396830471f3373

SHA1
2632f95a5be7e4c589402bf76e800a8151cd036b

SHA256
6665ca6a09f770c6679556eb86cf4234c8bdb0271049620e03199b34b4a16099

SHA512
e7dbe4e95d58f48a0c8e3ed1f489dcf8fbf39c3db27889813b43ee95454deca2816ac1e195e61a844cc9351e04f97afa271b37cab3fc522809ce2be85cc1b8f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
fb6178ad73433eb4a0d52dae1607eab2

SHA1
710121bbdc1e8846a0f6f7f9bd91738b859e1cd0

SHA256
06b27da8d3a6dde77f71c46c99e01632e99408fb30a7b99968d3469d9d55fecb

SHA512
f48042a215991158622ffaee0e605d61ae0a6148172a9c745448639a25d45c760d614f9f2ee9d67362bf3ed8a510a89620bec2ae4b492cf4e88302983d3fa7ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9db1cbd47054eed59552f2edd7133c1c

SHA1
5c5594e09ebc5c8a38323bcaeb1cc1152fc81a82

SHA256
b48c58f3f92a292a9f93f405d9612238607b0a6c20275ab36a478f73c98f6035

SHA512
6aab676aa958d8f5df88b2758606c36dc55932dd5d958a58c3030e42dfd0234212a84bb6b266f29adf1960e3130ae87bd782de65dc8c1cd65c1f39f8c32eba6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3f8e969714405cfe080899cd4de0c82b

SHA1
0c6197d893ff516eadc59ba2f6761438e8fedfa1

SHA256
7556630bc93da235306337f85e930e4d13aebc7ce9f1031bc4d0157f750579ea

SHA512
f0751db6901c8f9955ee7f2b3a60bf0dedc04ce088e2dd8f2a21434d93fc1d0cfd2e2028f9c870ee45046dc5ea0e57c3fd64a3443a07f7887900b494d28d50b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6b4276595aae1a5f69e470ece708cf46

SHA1
7b1765fc59e8c0d2943ef9babfe833a1c11fc86c

SHA256
06e17ba8b5c9edad62823e5020042b1f7a3419ee88ccbe1ab9ed49c2b0fc8f79

SHA512
d7b4771959e6afcba2a83b0afbfee69b9c8991ebc331af5eb3de3424191c10116697319012f06f571ff33e65c20e10c531dae746543b6bc24c1ffa0dc5d95ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d457fc840b4247c407fb62339e421e3e

SHA1
5669098c6d6b3b3af32de44079ec4ade11dfa6e8

SHA256
dd8f2bdbbbf299ce9ad5ed6a9877959088ebd63533e2c2a5ad7f530c90b74d3c

SHA512
e41063e7a8bc92eb92b34ca3ae5c5830428cc4b68d7ccf9a9627ef50f12b03fc97fcb140ea2383c42a511e980c84b3c0241bb1f16b4a9c64b3bfed97cd144985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9bba359f981c12a629e026d1b24d9d66

SHA1
e6599867c7e1f4481cb998dd54036ab6275f7d3a

SHA256
92c7ae4d9e43dd94cf9fc224f96fbadc714be2f07d0b1f0088938acf5e3d7cdd

SHA512
0f6f4f0f01eca93f0d003a5b22446e3097ddcac2ec87e40d380363df423d7dba0ec5498eb8a806cc98526322a6ee58ba8f7ac82028539116d921ca93a9e490e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b45b7d1246a9cdb5060877265c18de7

SHA1
62af56268eff3d50ba085fb45410fb3f043d6a3c

SHA256
806c481ffb90b0c88943c63f103906e260e64d4dce40d8fd23ca8d3024644e82

SHA512
caf04508751d92a9ebd95e6b097bf9136d024841401d682143a9b316ec9766060f70030d1e66ffd82e3f91fe276ba442614124bd34c3fea27374ee2bfb4e7019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b397e78586a8190efa866e3185042963

SHA1
c157e7c139089095c2ee5081fc1d3aa3c25a5a7d

SHA256
920f1e4698eeb0e1e5998b745903cb5834a8879a011416db017c5cdc5da00e4e

SHA512
3c05bf40ecebfd62a45059d35cefea096e8f476653fa4cfe13a28ffedf1fe3fc353610c6994bb83c4101c477d3cf0046e1e6c08a1a1881dff2effb4d381d7016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
795e49bec55a9f395cd9389d17d21fe3

SHA1
0f2865ce1c7ceddf1565d1901aab0b4dd9a49f25

SHA256
53a72de9465ac6a7e769b3f680ad3c7ca7199054d8342ce24e294983062bc00c

SHA512
9ffd59e586ddf11be1e532bcd41861b6819637e9b9bb7938514a2b8d49c97fa77e0209d8357b69686a4039a57a98b7fdce8b353380927a5dbff5536bb3e0833f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
92a9f7fb897e448caac54f351e37f8d0

SHA1
fdcc05ae4848d9a81f9bb17dabf63fd16421d8a9

SHA256
e1926fbbea61214f9f9f51f610be6255a7df10ebf5fdd9830097d23c75dbd4e0

SHA512
722afa9451bc045a04a515a192f77ffe1869eafd6905198bf07bba3342f091238fbf559e4f44b838b8c3ff81a4746e71ba0b7beb563ec22f980a9696bdc1fe6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
90130e6f80d6612442f773b377923418

SHA1
f3dd8f2d05c3f93f35f6adac0924ae2de9e253ab

SHA256
9f167abd2b861f551fa57658f2e7ef97433cf3c57b1d62528839bb36f540c8e9

SHA512
2932f5afe15a4c25ce2d41b8bca1a78cf38cabcfd797358516de6ffa8fb62e1c537729a2cac916a4a0f93e4ed1bf07a35396a1ee170525f936714cad90fcdc19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b0d3e4c0f3733f3875af2d375c0c210c

SHA1
ded278d58dc8c35b42eb8f0ef2ec7e868a3402ff

SHA256
8bebbf891d9747931eb1f0c8372f35fa92c823091da258118853a2fbf849325a

SHA512
7fc20fea2e0da770d7c065b11c6895b0d7980c1d0cf78bec8c74ec437c706b6a4ba98514e69314bdb0c8d1f986e787de07a2b89526dcceacd160f18d3e624a29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7ed0c4b4ecbafa20df32893dcfabcf93

SHA1
a7f4d392090d87d18fc5411e2c148564967b4678

SHA256
262308d846e69e4446288d46138c3b8b69f2fa2ada87dbe4ee00dace8fcc1397

SHA512
1ece5f1e1e28d62c53ed3e1a9627cde494c7d9951afe93c2007f68611bdfd60803708f76fae36b7c59e1f2de420909305b34b19fed6f2a06e090c766cf35c058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
65fc761eb10ed02f51b2ecabc76da843

SHA1
63b94aefbc166ca8fc2828677d565a925679122c

SHA256
0dbc765d5353999ffa6b41d0c926fdb3938663f575bfc2f327cbb64440ca7ce8

SHA512
6f7da219f05e6b8c8cd27a49985463ccc3133e9170e9f02a8ebedbe2904cc6ce60e283ab83ac20eccdd5d093c7b4fd0751e634f907222fe5951217ae6d4ef1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b6174cba059dfed8ebf569a096596ad3

SHA1
a501d262a4a2798572a38465fe021373dcd52b24

SHA256
c5774bd3e222ce3b713a2a67f9bbd0491721735ed1d10179536499a64722e721

SHA512
7c997f0e3ae5352716d10e1c4bd1b14ffcd8df0a90cca03dd4b7f4dbb16a841291167d94e3e4ded1a21698241c219d72f026dde78a0a0d85416748316b727b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d29b522214d8ed552b14e0799ec4865c

SHA1
3c7cc282f5a0fa89916ea0670e3e33d71f25e3d4

SHA256
1d83bf3cfa5884e85ffbc3b8ba95cfaf37695ea13fbf67277de0e9cee97bae93

SHA512
963002f33deb4f3dcdf8846eee8b896534838bb753f97d6f662b39c55173241929fcb55e45caff552a872ef2780b7c63c0ba1c4a51ffd198c12a55d415077618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580f1e.TMP

Filesize
1KB

MD5
bffd1c1c481c111c1cd555b87a7cd863

SHA1
90c0981880ef7860323a583f34ffae15b8e730d0

SHA256
6297ee96a6e3777c247dc0557ab47c84b632fd2a6f88b5fc3d451b48e079996a

SHA512
8fab7c3e30d50777865211182cf9eda314b2452e94ce11ce31c14b058e87ff2793e7660bf12d8c6962bcff5d571ab661e0f3df47de03133e217b237a5be1378c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d73a49da-2d52-4d37-982b-3e9c25c15159.tmp

Filesize
5KB

MD5
7a7316c22ea87e791ad54fa0d6da15e0

SHA1
6f0220b70fdd83e00df026387d75492fc5ce4f31

SHA256
97650cae3ab735c55c23599138a5bc75f9e5501a179bfa1d1872ee4c5531c5c1

SHA512
662a5b79a17ca927cb0f8a23d4ee7c03f8e7f352a57b1b30a485be7e5d01cc03dce7b25855de7c8afc8df941a46985d84bb0f519215b9c33f4653575675dddfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6f10dd461caa2744044a554be2959215

SHA1
886cfb213cfc072351963158c6faeac5a9250559

SHA256
7f420b8fc70cf47f557ad75ff9ddacac122ec582a14978b87564a7128d76afcb

SHA512
53d0d202ede691c8959bacf088d8ef01a24810b2054d9e0213076b9b0526b53c304a65461c41991681625d2ee02d93265a1716c6cd748b3cfd2a54bd7ef20e21

Download Submit