Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2024 11:03
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://wetransfer.com/downloads/7427c76aafadea00042df4e6730fcd0620241210114544/4a573b5d267ce86048fcbe5a8ac1c1ae20241210114544/c89f8b?t_exp=1734090344&t_lsid=59d5fdfe-bc5b-4b5c-8995-89005834f57b&t_network=email&t_rid=YXV0aDB8Njc0ZGE2ZmE2YTI4M2YzNTEyYTA3MjNl&t_s=download_link&t_ts=1733831144&utm_campaign=TRN_TDL_01&utm
Resource
win10v2004-20241007-en
General
-
Target
https://wetransfer.com/downloads/7427c76aafadea00042df4e6730fcd0620241210114544/4a573b5d267ce86048fcbe5a8ac1c1ae20241210114544/c89f8b?t_exp=1734090344&t_lsid=59d5fdfe-bc5b-4b5c-8995-89005834f57b&t_network=email&t_rid=YXV0aDB8Njc0ZGE2ZmE2YTI4M2YzNTEyYTA3MjNl&t_s=download_link&t_ts=1733831144&utm_campaign=TRN_TDL_01&utm
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 412 msedge.exe 412 msedge.exe 1548 msedge.exe 1548 msedge.exe 2132 identity_helper.exe 2132 identity_helper.exe 5236 msedge.exe 5236 msedge.exe 5344 msedge.exe 5344 msedge.exe 5344 msedge.exe 5344 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 4172 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4172 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe 1548 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1548 wrote to memory of 4360 1548 msedge.exe 84 PID 1548 wrote to memory of 4360 1548 msedge.exe 84 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 4400 1548 msedge.exe 85 PID 1548 wrote to memory of 412 1548 msedge.exe 86 PID 1548 wrote to memory of 412 1548 msedge.exe 86 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87 PID 1548 wrote to memory of 3624 1548 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://wetransfer.com/downloads/7427c76aafadea00042df4e6730fcd0620241210114544/4a573b5d267ce86048fcbe5a8ac1c1ae20241210114544/c89f8b?t_exp=1734090344&t_lsid=59d5fdfe-bc5b-4b5c-8995-89005834f57b&t_network=email&t_rid=YXV0aDB8Njc0ZGE2ZmE2YTI4M2YzNTEyYTA3MjNl&t_s=download_link&t_ts=1733831144&utm_campaign=TRN_TDL_01&utm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99ba446f8,0x7ff99ba44708,0x7ff99ba447182⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:22⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:82⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:12⤵PID:2304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3924 /prefetch:82⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:1740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:1344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5240 /prefetch:82⤵PID:2232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:12⤵PID:3704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:12⤵PID:100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:12⤵PID:3580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:12⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7016 /prefetch:12⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:12⤵PID:5908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6864 /prefetch:62⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:12⤵PID:5128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5451239253478301942,17661985977268072198,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2368 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5344
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4708
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x414 0x3fc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4172
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2d00b824-9b54-4b5e-a1a9-b18fe9951e89.tmp
Filesize1KB
MD5ba9aaa20dfffafa53b7e08ad38bbbecd
SHA1626dc8bee8729b44fb7bed62a9f6584bbfabdeda
SHA256e414296e6a1146fa2863b03164ad249e8de8f0dbc8ca61151ebba10f0d687b01
SHA5122f93c559c60e50378311d508debc8e434b81ea08f2797648ff768f40fddd375f6de8bba36e60fc4af14b40782d75e28d47309f9aa54568a2d453df4db4502fe7
-
Filesize
72KB
MD5a9a88d70f348716adad68eb6a040cde1
SHA1e0c505e21dc36394c53729cd214a459b1e351e50
SHA256be3b8d2b70be28e6136c893cd98a316cc27dc3ea5024933515a413e6e54581cc
SHA51288dcfcf6cd5f6415a71e11976c489426ce7aa6d5ce6215e1ec0831e1463465d1477f62a33603a3fb31636dac712c07c7bdd46afc31268aafb2494e66d57717df
-
Filesize
22KB
MD5e6897fc3ccf6c02b6b0c2447524f1a7e
SHA1569d49e2fd3cf330a8d6df5a120709b6d484c84a
SHA2567efc5148baeb001f77e9abd76de7ed845fd0dfdd5155f25431e54042120b7054
SHA512cada715ed0d4457f9f11056fda49157c13a6ad3d8c9b6ead04e285ce3eab9cfa3225477baa6bd783be94491ffec3c941d1a309ab78fd2424f4dc8f3af56610a2
-
Filesize
351KB
MD5aae282a3c4f814b45a488aed6149afa8
SHA137ae0f98cbb28f028485c260a566015aacb99d2d
SHA256c2d1ab1dd9144320693fb5ce7ad52c9c6d670d636c9c46db615f86ac89026613
SHA5122e300065d5a7b1a51f2fedbc7b653d81e61d835205570ca86255a7e4343e7c8cb072705b1ab48ea9ccf22bd3bc982c80582ccf87b1851872e1efdc3f0472b28a
-
Filesize
257B
MD55ce2ad6448e1680f1fa27cc1353316d9
SHA12666476c8b30d4f200fcdd3affdc0437981221c1
SHA256ce542ac826d4644559d462eefecf3485a9bce181488f2f88edaf7681aa076ce6
SHA51288931fab80a23b00430afbdecdf8bfeaf4a71ad2d03112d642310881bf298b0c6b692b2c06f7cdb0fa1602243c9662ee32d7c1f13de5940804f2751c9ee24a14
-
Filesize
260B
MD56e05e87e01107e19abbfed90d01d37bd
SHA1e66fd2c8de4fd1ef8aac16998ed1b512a74a2712
SHA256294e683204d5c61ae50d0cc3fa78cb1530308a18ac44ea49254f1494d7a13df4
SHA51295bba7844e36d24d5d7068e6e7e0fd76542fd274b3ac7a9fb19c8299ef70144c9f7293fe9d6ffba47de7e9d4b7a9a0bf6c36105f7d7149ab432475e1eaab1067
-
Filesize
186KB
MD5ea65831ef89bfb3f09c8ff975b1520ec
SHA1d54f33e5be5829217c8fe5d0bbeb2ed71ff37d33
SHA25672817f7772b2ea8638564754be9d37800a1d89eae275cbdc956810d7fc587c27
SHA512b4fe8016eaffeecf5d5f1c020dd2d5f3a7166c51550723b7140e2b07e2ee6bdfb2a987311e4888a7d23941896b639322ffb9f27eb8e27a3ef707cd83b97abd78
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5136e9096fe2f293f8b4c6a972db28ef2
SHA12b71c93ec241a392d9e47372ef1af1a1dc4c0203
SHA256dcc1cf248b96b4178fb00b8beab1593ab4f1d24833a46b724d354afdb12f0042
SHA512332590316d4a1e1367811fb2b2026ebd63ff55ee50f714e88d1bbbdfe211f5d4a2bc593cb7f6a5bedcd31973066e7baaee33ff3ee4389b4c95e26eda2090c74e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5f41edca13490e0a5a174fcfaa9ac54e8
SHA17ea0525f5a237537020333fbbce3467a81508cc7
SHA25603f03f73b63cb8867b7220dbccc17d11811cdfaea16f4c3535c5eace91d290cf
SHA51295bcc588409d510a1f9b290410d5759503be8faf793c6c0f18e926d48fcd0bea715072d02a5afc7bd68f468253aaf4043710b5fee51659012498c88e51ab3436
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD59af7a7a8564da6fe83858ddb131b88ed
SHA1a19e833b6b53febb95f0692dd5ea082c6f023d0b
SHA2561f1914cd1e7b819c0c00c6d87a1cc9ec975630426d0d80fadd2b550dc756da88
SHA512a7bed1dddd88a21f0271c27dce2b7842b6b0fdf984f7c8d8facfa1d1a9e87c22c6f9a5e83e525a221647e7c35dd0d322a73fafc4cd42805e604a25ea45b61b6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_backgrounds.wetransfer.net_0.indexeddb.leveldb\MANIFEST-000001
Filesize23B
MD53fd11ff447c1ee23538dc4d9724427a3
SHA11335e6f71cc4e3cf7025233523b4760f8893e9c9
SHA256720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed
SHA51210a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824
-
Filesize
4KB
MD54ae2cfacd9a56fbc233821c47c2fa790
SHA1974902eaf3586e33ea1f6fb7c87f2fa17479d034
SHA256590ecc215951c08a4c81440cd8f26edcc38314589841574a2a9aa73c8e17f8ec
SHA512c97f9b47ecc7ed1db3ce97eee8bc39f958e083f008dc506dc2131ee5983fde75ffb23ca8945302fe43275a5ec040745f50588b676e70021fa76656e629547042
-
Filesize
8KB
MD5d9cd2742bc3e9f6f6c325bedb2b43356
SHA173c0e8dd24ad4cc40333db560945c0ef5c82e609
SHA25652223821a050a8f413469cd46373948075323f42ad7a81bd430412464f43b621
SHA5120e813d6df2623602210998bea8f08e1e0bd01adcf5e49fa2ce74d9229f81af633eec577cd7af605b3b4945477ad4439a2c1a513599257ed0d5287a62381d616f
-
Filesize
8KB
MD581e0c1fa8826e69b27cbb9af0d55ae8b
SHA1d24ff621ae4b8014a4eb603ff5690d5e2a849e90
SHA256575009bc063d40546e7da04315cd7ef9d55308024a133ad8edd4b4f46f0933c7
SHA512b0ced0075f086dcd1dde2cf4dc1874e6f00766f31b1bf759325476f9e8f2f76a0f0d30de7d807d6d9c9df87e952b4c044b4b1557ae112ac61f04a4285fd0236c
-
Filesize
7KB
MD5d52cc3f6476f8c739344f12bb0e99dec
SHA123bacf6ab06189053022c0b1b8d7b34ae321a4f2
SHA25666f07c6277e2b74f7ab27aca140d0fa92026f84ec8a517d4b8fcb16129d2bea1
SHA512b48e7f298ee1f97b470c6052cdfea5d2386f4a9ae9f39d3c22935f98e8b499cc1644fb02b1f2c77ba40d0effeaf6713f6b09913479b22bfe39d29059208963bc
-
Filesize
9KB
MD5fea5d2f7d23c238f99fbe0ff4a350679
SHA1035efbae3880c6f8a130eea13c72d2572f63a449
SHA2566cdb66bd29c76175ed7f688fce97806fd2ec6001462c211c8e763ed1a3d4b3a1
SHA512428bbe7c7ebc7fffd69e01550a095399b3a3f71423fe10b18861fcbaac42084870be23a67667dbda90de47a8522c7f92c44d21e2bfdef21a9b6dab491bed58b0
-
Filesize
5KB
MD54017affce1fa1adf8c4432523e43e1ab
SHA15f4484c3f59116f4d67dcf41aad42adfcd6aa077
SHA256ff8db8f44743b1903703f598e2e63e1f980b44ae888f32284cbff64328cd7b8e
SHA512e544a715bbf731853663f51c17b505f247caf0c25f920e106083902a4d0c5739fa652a590970c057e24c0a87bd2d0f6e69385748143feda37dce6490e37e582b
-
Filesize
2KB
MD5b2cfed72304307e7cc052b49511e0c5e
SHA148bbee9342a622cd18f56220e55cddd50e9fcc05
SHA2561e7d5578078fbf98bee1e79f98dc2cc019539c00d98e3db37ef9282c149cbb29
SHA512add0aa329f3a2b0b4cb2521d96dcca8ffab12b4603dfa3f2d90fead58d73a3bdd359d1f54b5666530b5fed59abb35d71c12a331aa28f8e06c4502095d22a4993
-
Filesize
2KB
MD5a3fe8c49b073947c5acbb149cbada6f6
SHA172d9838164852b1a8d1610d23f29e14171ef6732
SHA256e0bdd68476c0bc4995b6e73ed6667257323086b92e9db20393af62231be919c5
SHA51250cac19fcd840a52ae2dee5b828d0c9ec18e7e7823b41505f1a809ec1217298dd05bb680c605aaef264abca5fd6556d70ce7b9e64b6e08a1089c9e827486d6a6
-
Filesize
2KB
MD5c6c4de6b151446d1ebd397b04be5c29d
SHA110b021ce8953ae9eae747fa956bfa8331cf7645b
SHA256d9aa903dfb0517e1385210873b6bf171322eab36a7d0732c7077f8377a14ba7a
SHA5121aa3950b6f83ee81019c3133cdac350c6428d1102abb9f3a6a935e68703cd9253b961de110c428294dacb80f636d0a2dbfde549beae34e674c2f2f203277ec6d
-
Filesize
2KB
MD50fd4192a238401f38498e814917c5723
SHA16d4bcab9cda5d6b6787e4eb423986231cd4c4182
SHA256ecd7beabe7d5bf5be91575004aa8dd2dfeef29fa79aefe284a7449b25ab40da7
SHA512d83cd24d2655b3f70b62402cd9b648e871a325f7f044493b661ef739093e9bbfd1c5bbd97632b31d0edce5b485ee84d00bb6cd9524a6ccd836ce968bd59e29df
-
Filesize
1KB
MD556d555f35651cee2df60c2fab73cc2fd
SHA17ae409952e8325340b11ff0df162caf369cb12ca
SHA2561a4f5bb539fc15b4f5f386bacaef346d3190eb3a04e3bb863c3bfdc1709d7211
SHA512f44d18d6c70448f1250e439add860d672986748883c034fbb01516cc517c7220fec3af1e141e6769a475710292e01a70172f774585a9c5b95f2b332a00c68e8f
-
Filesize
1KB
MD500d9db7f2466d4eb93ce133b2c8df09e
SHA1885b64ac278d6e2826026acecee075e8ee98da45
SHA2566b934105981a360d5d60b0244868955676d5ef3addb07c8673d73d2ad7830cc8
SHA5129ff780ede6f7804185aa000e636df01f28c411c520a702b691a58cf50b2807eb462ef313781bc888f30a14c65f9e960f94c604e79e1c25c613eda6c21fb21f0a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\efa38fbe-ed0e-4e9e-adb1-ef1d9543e2a8.tmp
Filesize4KB
MD51dff3fd2e9de2bbce9711549bbd4ed98
SHA1fde98cbe73c45a8cc7e431800e823f1eb4ec6dc4
SHA2560ef7a4f616bc193d1ef7cf3e4d41110cec18d81c3cb36f028ca442ac6b1af308
SHA512efeb35fea25b4a1cc814cd7050183fe22177056f8026a5b06d4904d3be15ddfc2ecebb98cac96fcae0672e53a6029027e5ee3e9bfbe30b8c037347547150b43d
-
Filesize
10KB
MD5f94dcb02336f213c44802f8a148b2e32
SHA11fab3b39ed3d47ce0089a60bae052c71e2263d15
SHA25645e4d05a1b7b97ee9fd8cb64660478a68ca49fb426a9391ae01b05a76919081b
SHA512fc3efdcc06a844dd365f0739ea57eb6ccdbd51db277d275ed387e8d5b4adeea63590f58ca80c47299764c163ae4f6c4a746eb584c0a22435cc7ef11c69131755
-
Filesize
9.1MB
MD56b15910bc4e8350c5736aa470b2cab4f
SHA1b3d01f94949473372a3e08c01b233529c25f11ab
SHA256b11ce585495747ce8be5b2d99930eeaa8728074afe1907531fe080ace65d28fa
SHA512b2f4e1812317aa051df8280adac620b07b84a32012ddb0bca96e3238372dbbd62b3f92b6057264f1c38254279cae15de1be8982dbc0a017b302636cce1aed931