hxxps://url[.]emailprotection[.]link/?bR-N9pe9j2LRNODHd8HB76MRLlnQFEAl9wnSOZMhMvD-OheETvCvl7exu_fDWJ77wzSilvpqoVqk7KU_Bb5k7hOC5vVotsGBVOeMIMFNo6d-JYX2ahe4az3PMKUwRw87QRtNxn52-WpvrFTZ6OpzDQVuatFEESLkA9IJ3Hxg4iIuMLmtUrmW0YzApS_WrsQFFBaeFCaQAnvBP1cGy3vsROmXI-b3WqCchTsjBh0gLNf3VWLf0j87j66ZwX0MffsnoMGObIOsfB6KY2VeEJVXKQwawBOr-7qlFJ-G5TGcUcfXHMRvXRoYbejFct048grZ4ZefiZG0z80j54k1a-LpEjbD4MjWNT207ujezQGVuiQIdj3YeM07AUU6iOWy5e8Ev_wLMMOtN7yvo3ocDd2hxuWs_PhtLBt_p9IVvjDv49Ic7WnMPuhmKZ_AbpbiqIvfHWdKRwzs1aIisT_n3VruMQtrNs-VYpyknRnIGcNLKNX8g5Wmts2CRPL0QdmA310qi86hXzuUM5fHg55d2YeQKKRCu94EvGH5xUKavxRmuIC-V9h26UTfcrRGYB_0nbfYXK0qUDvhsxdNXWl2w9lsm2oCQwMadPZJQ_MUU9spNkyh0cPsqKVgUxJH5pTS7LuIMbGYAfMRY_jEjcTO7Wkp4oWTW5qM9cI4eNR410aPFHxP7Ibj6WM8xol-B1yArDr6PqPq8Xmyt7giJvKgFsoGETtPLcVNyNdiktEvxEzVs0cBOwxs6d400sDEqNcUJ7sNbOlATpE0y9udKfj3dGUxjFfzSZwK5uGi-M3AQol0cc4Z0uDBi9XZU6vC6FKQlwN633ZfKJBdqThcOQm43x8B2aw~~

Analysis

max time kernel
201s
max time network
208s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
09-12-2024 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://url.emailprotection.link/?bR-N9pe9j2LRNODHd8HB76MRLlnQFEAl9wnSOZMhMvD-OheETvCvl7exu_fDWJ77wzSilvpqoVqk7KU_Bb5k7hOC5vVotsGBVOeMIMFNo6d-JYX2ahe4az3PMKUwRw87QRtNxn52-WpvrFTZ6OpzDQVuatFEESLkA9IJ3Hxg4iIuMLmtUrmW0YzApS_WrsQFFBaeFCaQAnvBP1cGy3vsROmXI-b3WqCchTsjBh0gLNf3VWLf0j87j66ZwX0MffsnoMGObIOsfB6KY2VeEJVXKQwawBOr-7qlFJ-G5TGcUcfXHMRvXRoYbejFct048grZ4ZefiZG0z80j54k1a-LpEjbD4MjWNT207ujezQGVuiQIdj3YeM07AUU6iOWy5e8Ev_wLMMOtN7yvo3ocDd2hxuWs_PhtLBt_p9IVvjDv49Ic7WnMPuhmKZ_AbpbiqIvfHWdKRwzs1aIisT_n3VruMQtrNs-VYpyknRnIGcNLKNX8g5Wmts2CRPL0QdmA310qi86hXzuUM5fHg55d2YeQKKRCu94EvGH5xUKavxRmuIC-V9h26UTfcrRGYB_0nbfYXK0qUDvhsxdNXWl2w9lsm2oCQwMadPZJQ_MUU9spNkyh0cPsqKVgUxJH5pTS7LuIMbGYAfMRY_jEjcTO7Wkp4oWTW5qM9cI4eNR410aPFHxP7Ibj6WM8xol-B1yArDr6PqPq8Xmyt7giJvKgFsoGETtPLcVNyNdiktEvxEzVs0cBOwxs6d400sDEqNcUJ7sNbOlATpE0y9udKfj3dGUxjFfzSZwK5uGi-M3AQol0cc4Z0uDBi9XZU6vC6FKQlwN633ZfKJBdqThcOQm43x8B2aw~~

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
2512	msedge.exe
2512	msedge.exe
2184	identity_helper.exe
2184	identity_helper.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe
652	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe
2512	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 784	2512	msedge.exe	77
PID 2512 wrote to memory of 784	2512	msedge.exe	77
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 4688	2512	msedge.exe	78
PID 2512 wrote to memory of 1628	2512	msedge.exe	79
PID 2512 wrote to memory of 1628	2512	msedge.exe	79
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80
PID 2512 wrote to memory of 2116	2512	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://url.emailprotection.link/?bR-N9pe9j2LRNODHd8HB76MRLlnQFEAl9wnSOZMhMvD-OheETvCvl7exu_fDWJ77wzSilvpqoVqk7KU_Bb5k7hOC5vVotsGBVOeMIMFNo6d-JYX2ahe4az3PMKUwRw87QRtNxn52-WpvrFTZ6OpzDQVuatFEESLkA9IJ3Hxg4iIuMLmtUrmW0YzApS_WrsQFFBaeFCaQAnvBP1cGy3vsROmXI-b3WqCchTsjBh0gLNf3VWLf0j87j66ZwX0MffsnoMGObIOsfB6KY2VeEJVXKQwawBOr-7qlFJ-G5TGcUcfXHMRvXRoYbejFct048grZ4ZefiZG0z80j54k1a-LpEjbD4MjWNT207ujezQGVuiQIdj3YeM07AUU6iOWy5e8Ev_wLMMOtN7yvo3ocDd2hxuWs_PhtLBt_p9IVvjDv49Ic7WnMPuhmKZ_AbpbiqIvfHWdKRwzs1aIisT_n3VruMQtrNs-VYpyknRnIGcNLKNX8g5Wmts2CRPL0QdmA310qi86hXzuUM5fHg55d2YeQKKRCu94EvGH5xUKavxRmuIC-V9h26UTfcrRGYB_0nbfYXK0qUDvhsxdNXWl2w9lsm2oCQwMadPZJQ_MUU9spNkyh0cPsqKVgUxJH5pTS7LuIMbGYAfMRY_jEjcTO7Wkp4oWTW5qM9cI4eNR410aPFHxP7Ibj6WM8xol-B1yArDr6PqPq8Xmyt7giJvKgFsoGETtPLcVNyNdiktEvxEzVs0cBOwxs6d400sDEqNcUJ7sNbOlATpE0y9udKfj3dGUxjFfzSZwK5uGi-M3AQol0cc4Z0uDBi9XZU6vC6FKQlwN633ZfKJBdqThcOQm43x8B2aw~~
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffaca9b3cb8,0x7ffaca9b3cc8,0x7ffaca9b3cd8
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2528 /prefetch:8
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,10934689025221499086,14582771097376052724,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d68c7edc2a288ee58e6629398bb9f7c

SHA1
6c1909dea9321c55cae38b8f16bd9d67822e2e51

SHA256
dfd733ed3cf4fb59f2041f82fdf676973783ffa75b9acca095609c7d4f73587b

SHA512
0eda66a07ec4cdb46b0f27d6c8cc157415d803af610b7430adac19547e121f380b9c6a2840f90fe49eaea9b48fa16079d93833c2bcf4b85e3c401d90d464ad2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c03d23a8155753f5a936bd7195e475bc

SHA1
cdf47f410a3ec000e84be83a3216b54331679d63

SHA256
6f5f7996d9b0e131dc2fec84859b7a8597c11a67dd41bdb5a5ef21a46e1ae0ca

SHA512
6ea9a631b454d7e795ec6161e08dbe388699012dbbc9c8cfdf73175a0ecd51204d45cf28a6f1706c8d5f1780666d95e46e4bc27752da9a9d289304f1d97c2f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
ebe271759ee78b8bc095075369492db2

SHA1
278edd0b87984b1edd76de94854b3a114f816927

SHA256
4bc51cfad291254b983f9c73cc4c415e5106fbf2e2665d7c5d0eeb4b863d8a0c

SHA512
8badcf9d8466e24d7405389784ebabd681da3383bf2ccd9a7f8e16fc787144e3e1942a4b31c4429dc6beeade6ca8188056b30579471e23576ec196a1380870a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
a19cb2d08292ae2089905442505ba504

SHA1
858d526113ea38bdacb48795b3c407f9ad1d7f6f

SHA256
af03509cdc7cddf7d494fa1bde8aa8735a7949a9039b5b98b3936a320fe4a838

SHA512
0b403637a559ddfb01af0e9aa3962d9eff6aff57c403b02c36c17f002186786ae412e589d19901e3978486e02603bbbd5ce6d1f4f4923ca87b76a8ea88b16b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4d42baf1c8222122bd369cf15b8c543a

SHA1
f9c62d43c158ffbcc36fb791c1dc9bda77164c3f

SHA256
541eaffeb8351330448d5cb10474497b63047634f42b4196713d1b2d32f3fbda

SHA512
75daa2fd36c99918b3a1d4ffbb3782750b1fd8c14609beb702cfdc00b4039bc5c0212950d6366ce8ac0ca6f463685b395c5c9b3c53ad47909337a8b4a7806ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
933B

MD5
a48b4e1e54dd8b66c4334d44d9b3e89a

SHA1
af7a900923d934e3f58f528918ec82c6c550b372

SHA256
3582f9a055f7045578fe727453343eb42a1c2db2ac86e7f47bb5b2be96524169

SHA512
ce4cd15427c722d982a79127500b588d44a5960d451011869c816f645a3080b06bdedf6c132eed845162e0790bd309fd25b1880e9ce8201d48c96c5c2497db2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2aac2b8ea3dcba57f82efa3c6438b57d

SHA1
ae819efd121c06f4cec92e6c92e302bfd6f78805

SHA256
7c344a359b653a83eca171a7d5f075f1076f6a36a80d23a7f27de68f10337f08

SHA512
d0ad0800275422c4dee206f7494f95d8df66f2cad89c536bd535676e988a8120b59ace28b9b75347a8b9c759540fcd8b0eebf8d1994ee4b4e29458918afeb8d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1f1d56e5dc6dfa3fb7cfe3aee50f8c3b

SHA1
035f4eee2acbaf98c0be7ae2490173a6fef78edf

SHA256
42de4b452fe778944d184740e451bf26171dcad5369032c0870038ef9fda0827

SHA512
693af82400224c0504b79040d0d013c2eabc9c4f30ab94e362ece78f710e07ec6373364dc4815c0c50c1a27840324ba27a3df194cd38d5acbfd32dff1dd158bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b057b2bb2f9b38c23e95e64a703eda3e

SHA1
57b71260a7fc1d949515e3314c6ecfb773fee480

SHA256
55090c4fd4e416c4b9a5b80875a0faa01a03f674052df70e21b37023e03831ad

SHA512
3621bf890aa0f76ad406be7a36e463dae3e6e4d4b173fa1cf4266dbd6e93aabdd8f914b8b91c032d3f62191a1a3928266c1776d89b077e214e55ac8369f56f4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
638e62061e1e7b1ec441f09fa662dbec

SHA1
23c8b9cd06dcd5dfa4857f3fe571912db46bcaf9

SHA256
5f3ca8a3a0f11f70399c2892b6cb0071e50efa40cd7e6e54d0cff3518b7498c1

SHA512
485f8f5bb1df328719a971ebf734d28669a2a1f5adf655f9138e329656604771f4fa2759c71c9cea2b8cc19d8c9479fbafe880dca1a88bc93b10f30bd503c7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590f0a.TMP

Filesize
204B

MD5
494b50e565c6e5b57bf82190abd37b42

SHA1
20abf5b51e1463cf8b255e898a8ed03409476c48

SHA256
fca851aa6d579896344356eb65ea4ae1395fe5407a1b7513a6e7342352ed9b07

SHA512
4278792d7c9e4f44e2bd2eba5ddbcbae86a7602857efa53c163bc90ec2199bc56d32ddb4400b4cfb12a9326752c7a5daf424729c3cc81d5dce6603da8bd8d7c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8162534ae49c5cf32891ba5bcd0c7ce2

SHA1
2f2e987a17b192c1b2eca3374578a761561c71da

SHA256
f73dfe7ef72e3ee6fdb334a5afac1504983fee58c5577f8bcc140a728d0b2183

SHA512
95e6f8430e27b1160cd336be344693ec3d9314ff596e97c96730ba74cc3afa06057438b2fa252f9d56a6989dadce9bdb7ea6816ff191a6bcf6b0d074cdde743a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0321dc122d1ebc35544269266e34ced

SHA1
9b6d375b7035ed0e5f2851cafa46a5914b47fae9

SHA256
9e18bb3985046f8c1a24e69549c22969520c5157a706fc094f7b68b76181679e

SHA512
2ebb5cc1a55baa7c07248c209cafcfbd0f68fc1eaa8754b1aa8c76323c3e7371a53d7b7ea23c009e8f6045f2f436309283e115bd5df21acaf59611f232ce6ed3

Download Submit