hxxp://a[.]com

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://a.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2231940048-779848787-2990559741-1000\{09DCE28C-C768-4BE9-8DBA-2422494A2D7F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3908	msedge.exe
3908	msedge.exe
3972	msedge.exe
3972	msedge.exe
4112	identity_helper.exe
4112	identity_helper.exe
3996	msedge.exe
3996	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
5516	msedge.exe
5516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe
3972	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 4604	3972	msedge.exe	49
PID 3972 wrote to memory of 4604	3972	msedge.exe	49
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 408	3972	msedge.exe	87
PID 3972 wrote to memory of 3908	3972	msedge.exe	86
PID 3972 wrote to memory of 3908	3972	msedge.exe	86
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88
PID 3972 wrote to memory of 2572	3972	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://a.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd775446f8,0x7ffd77544708,0x7ffd77544718
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3460 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5124 /prefetch:8
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1984 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,542419477265162792,7998132360249110670,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:5560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9351d7d3ha9ach49b7hadcdh75721108b7a6
1⤵
PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd775446f8,0x7ffd77544708,0x7ffd77544718
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1424,11441591608396362429,18002947874751823342,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1424,11441591608396362429,18002947874751823342,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1be88c0f-9297-474c-98b2-f75ebc9acaa5.tmp

Filesize
12KB

MD5
140d2b59e85092cfd18b09bf066e4560

SHA1
9dcb75545afcb3d316a804cb920ed6b28df9bb22

SHA256
7db56ace9a20a25c4e6d86faf2dd0c19778a8896cb2249fdd7dacbc7daf5ca1e

SHA512
1a66139bd15adee95ff9d58ec0eb60b7098bb4c3b545545b16a0e78ef0f8f1b46543218147d3333717127021cc619dad45c4d62d011e4742680120ed11f82302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6276613a51dae3b747451bc05e24edfa

SHA1
96ff591013fc8d378a9b37ea580d8ec6e98bbde5

SHA256
d17c0519716f5fa61ccf7289220c5e8917a36fbb29e48a86bb1122c9e3fcafb0

SHA512
dc84cd5df4867849039ecea2c98b1aeb435399b9503b1384159b2d08fe180b9f3daadc98f55c6ab28faa1e66dea8abfa4e702232a7027d933b0eca91fcf6b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9457fb6611f3421676cc46ed3d302baf

SHA1
dcd2943ea7473013c19f558039595bb6d2dc8332

SHA256
2660a49e73f0c76d48baa8ee53be6cd4bff2ff551954eeb591df76c1f84461ab

SHA512
f682ef53204ab8394dd487d84ad88cc3b5640441afc742a34cb304fbb9267fe24ca04e4fdc23c0f5237c31d33dcb0642df14786703753600f25f0ef4166a76c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\60cbde76-be28-4de7-9f69-3278cdbbc666.tmp

Filesize
5KB

MD5
cf514b40585cc4b965693b100de699e5

SHA1
ea8e66aff1bf82a5df89b5eea2eae176eb7f09e8

SHA256
6cf52de23d6c632f5396b53e1f7292645814a6fb26d756279994ff4731f63771

SHA512
745bc395ca49d9c72863e9670268cbe69d2bb1156d8f64290e95e5b69f21f1b2649b887bd616ff6a82533733e9ccd183a4415818338aff1a5c7e1dc5653e21de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
a155368f84c08a8c720d88d983145700

SHA1
646cb14614fd8925d51f97262347be8547157049

SHA256
f0760c285d2033fc7b11382bad4592660752904d46504bd1d0a2e408e3272798

SHA512
7078a1507fc57312e3b96bdc93dd5a3801974b69c0ccd35a1b8c3c98b08897d5c1b2694b03c7c56226bd65a0187cdfbfcc5c46585f6767f334c3376990994a8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
f658006220c88b9fd1029bd3e0e6db32

SHA1
b49befbed57d1d77696889e050d5b9f1d0294566

SHA256
c1669907d00ff2d6f449d00b050f92438b8d0cb7ed61ad4768670404792636e4

SHA512
ba098902c00099dc78a56b85af6da2c2b238697bad36936bf3211725b8d55115710dc6f278a6bbf9e5e925e7ed7f02019dd2512c42cd730cc14b0049ac8bdc1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
85KB

MD5
45a177b92bc3dac4f6955a68b5b21745

SHA1
eac969dc4f81a857fdd380b3e9c0963d8d5b87d1

SHA256
2db3b6356f027b2185f1ca4bc6b53e64e428201e70e94d1977f8aab9b24afaeb

SHA512
f6a599340db91e2a4f48babd5f5939f87b907a66a82609347f53381e8712069c3002596156de79650511c644a287cbd8c607be0f877a918ae1392456d76b90ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
1007KB

MD5
be0e32519269d069a423233a9b5b3b79

SHA1
3bfc535a82f4a8e6eba298076b5c004c299f7fe7

SHA256
18faa4b80f55eb161ed1997e0d67b3aad78ce2b18fd2cb205d35487b901f58fe

SHA512
0ba573da584f06983769205d12cce06da32464179edafa108eed4a17042a041f0793ae159ddb228e6ccb4aa1a1817f890f13778b64447dfd1a518672f6cb6ddc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
33KB

MD5
c2e3c144f359749c9e9808eca64257d2

SHA1
eca75b3ce4fbc041f8256689a81c7dc2bc5cc2e3

SHA256
e42091356819da9dfa73cbbf17d2e9e88da6eda201c38627165d29baa04de1a5

SHA512
cd717f7115dab4fd4ac7ec6a85915e6ba803ed9fb10313d8315637e95b46ff3859e4bda3247fb11137f53c94ef4dd74a49f5b7ad51acd1a6a201161d2133f3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
35KB

MD5
28a851f37917dc4f14e07fff7e8885cd

SHA1
85e2d16631c711b2d83321a2e921cd03fd643e49

SHA256
a2fd4c5abd44c8156b1e6771874287a449a0c9e4c94f27a7bcb793b1f0cb776e

SHA512
679dfff30cea09b49817e833f3de75d0d9d6c10085fd9ad8afa78ec952ea15aeae7b267afb33cd692a220019c25bd78244d53fe92e77b4af6ee75ba16996f258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
74KB

MD5
c60fc26f87ddbef308737edf34ef65c6

SHA1
cac72a52856bd8696a66563883198d9d1e685410

SHA256
23e360f2d680bac47c218b199d688c80f72ff2f829a5150c74993f1fdfce1bf5

SHA512
ef2ad3901b32d3ff817afba6718ac6a5ca600546662b2543473bc32238a3b61c601f7803078f48020658fca8e2bca9bf8bbcca8fbbf52b503f30fa2b13758956

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ad703a30db2c762f7eae264d10829783

SHA1
da7de99563f255784e99093660ac9b698c1a76d5

SHA256
c1b428f47b72a917995130d36d64837158c503c903d537165b541b479a3b60c8

SHA512
e3b71f86430f7ca05d461564194daf15a6bcc420251f2bb8742074c76091b5b026d6daacbaf0356cafbc2c7acb4791019c995689a6228b4ba787f71109fc2ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
280cbe15ec3a86c1bf2178d680e30d2c

SHA1
878215750d73111b10990f440ed50f9f54a0fd1c

SHA256
df91ad917b7a7c01c7ffc385ec3ea6d587c1988f137105619706e2d86c4ce99c

SHA512
0d3ee7ba756bd5969c5e2ef2e3846fd523223187d8a23976f2e1f9aca28cb65a6e6744c357aa379216fa8ab71b287cc0c084f45b58725ea753d1b616ede46e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
c5810cba382f0b2b3e93a2b10d822f9c

SHA1
8b5a66a0bacb1e59614d42e52dd92da8f067dbb6

SHA256
58c1527d0f7a38c683cee02f0525d1ca9a73fb285f637bb50ce63f6db2b888c4

SHA512
f0955d43fbf88074e02efe1dd0b1a5de00170a0d4b04fe50f47dd3fbf61def2778fb50165c3759072b6350993257da9b0a1c28ea32317a9adf9540a06410ba66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca11aa56ef7f382d0c78f8ded967c9d1

SHA1
a1591fd568b6c071fe343d4c9e9375b5fe11267a

SHA256
54538754865d81618c8051aede08a025153387b4057d98435d2228708f486bab

SHA512
1d433dee2fe1d48a0718c2da1ad9620c66167945a9dc35d0b209f85597e0f3c1aa72d27c6d9149685c63eeca7fd8407b76110886bf96061e81eff2c14d456d99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7975cd2d7cd5fd2f2f138c09d82cbcec

SHA1
20a67478bb33d0eca2c00319361ee31228a4f4a9

SHA256
2f57f976d92e7209b1b92f9d89ed1041a27291a33f9819b861789f53832e741d

SHA512
4398be86ac0957be3ccbb511590351a5b32a7fb90dac28c2eb2c279b8d3769f633e0a2d6757696dd45697d374803c5c5ae0d656c6f1a36cc76f44a04f9e4120b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
89324b36a75ae97266f8f9b004127822

SHA1
d3049aa228431700976e9d0373fbbedadb246cab

SHA256
97b91fa1af639067d17fc8edaa9e207a1482e2ff2d03c36785173a457c3a130c

SHA512
5b8e500df0ca136049b4be66b843e5eaba85b85f892bcfbfb2412ad3eb4c7306638001e4bbb18452d7d34fb5e3d56150e751b86502524cecc95a6904d15aa572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4bcbdcc372f7587a326667df4d3c5435

SHA1
58c789c08e2eafcae93c7e7b732e13e0f46f7cab

SHA256
619d3b8d15fb67448051c4c666e1d166da2554e750e8af3386884b939639f5df

SHA512
05c33ed0c915e3e68aaf75de9a4d7617ffa4d9330ea4816c4b3df53726f6dc361ba4e1f52d89b71226d0d1bc61d1ac4a89563664dc87f0ee214522a0b46a499d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9d856cf4b3c6d2cd9dbbc1cc39a3bb8

SHA1
f1e20aa7116ec8bfc39d73bf65d1fa358b9ea7cd

SHA256
e8d145c50f37cd38f20257b2c2be5351d258a7a133acb9db912e82d19f32e76c

SHA512
eba325a09dda98148136407eba912c2969ba17c4d99eb6db1d19e6a62cebbfd52df3be0956630f08ab47eef1f00c91f336bc2ea60450b321d316fd5c0833b3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e85e3181fc4eeec6ee45bb9aa630883f

SHA1
676bf66b5667aa12627eb0b074bbf7b825d24d5c

SHA256
94d6441f84cb51a0e37a105c8bc613e6ab94fc6241c874bfde1dcd9977dda6c2

SHA512
364d2ef2050c0122534e228514dac47ce2d06a98ee3c8c570ea24824c33011135a8ebac6b152931ed27f67bda6277c556276a941451f4e9b44169cee3ed0c219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a01f8e81a8a024d25822efbfab1a8c67

SHA1
e1fd4b0aa9b5aca78c941aba59fe78f7734b6e05

SHA256
71bfe16ee6a7b5dfaa8eaffc8faaeb92465fbb174018de774de1af0c14e60028

SHA512
d96eeb80068e1f49803626f9cf430aa7d283f400744ed238572e268c441a8728b80d94c9460a54ecd15024833ffca7c5dd6344d96041869055d8c8a9551d5742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f1881400134252667af6731236741098

SHA1
6fbc4f34542d449afdb74c9cfd4a6d20e6cdc458

SHA256
d6fcec1880d69aaa0229f515403c1a5ac82787f442c37f1c0c96c82ec6c15b75

SHA512
18b9ac92c396a01b6662a4a8a21b995d456716b70144a136fced761fd0a84c99e8bd0afb9585625809b87332da75727b82a07b151560ea253a3b8c241b799450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6bf37c6c42ca831bcaaee7a2a2e2bd5

SHA1
30397d55f25b4c2d3e806df1995f7b49f7203cb3

SHA256
c84ba6439dac99655732ec6539f0d93c26a5513aeec188acaa84b22d54d8718a

SHA512
81af390e9a130bede09817d12b3a096ce1548f65cc1d1067897f8010268921778b18c938dea8fcfd4e681aeea7a7af8c367a605eb0b060a3e93f553be84c147f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7f3e68fb0ea30cea44d9fcaf1c1b8206

SHA1
980d1608d4c7615b99be10160c1ecec8d7d40373

SHA256
3662a3392ca45aa7009b739cc5afd3c269f47d6c74f93399d7d284d1487570ee

SHA512
b8f8562c636b3943af11fc4122271a3c1d2757819773ee2e992016f67dc2b8b380ecbe61473856c2c91903d89ed2406438385d2e2704efe0f0a4db6ef58f54ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
3ffadd2e14bfb28ec53c877a9d9246a4

SHA1
87ffd300f1f045e38107f06eab9b834a62fdf414

SHA256
e968a6e5a1b42250daf52de29143cd3a1a1181a2c500fde2dfaabc3dd2de5b69

SHA512
aeb4d4c641d41258c46575cae6202679afcb64dd20ca411e0d6c02ad58990e345a2253bdf97dae297773bbf9af275c55f48b72c64607cbccb91f41be27392ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
f7bac9c8c765740515f779482f4fb904

SHA1
03d585d2852701ed470a10c844021c2d05d7045d

SHA256
458b733f5434172918cd94bfda8809bb3e434e280822834f6175bfbdc0c7f9a5

SHA512
cfc0b19d0b731064800c359d328e833bd8e40dbb7fb04ff41fc5223ca8a1508e2c20a722613715a8c64b31c05fd844653af22d6481ae854c717567f7e69da47e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588bd0.TMP

Filesize
538B

MD5
eb411f4a040d403a9452cdb18adf0145

SHA1
a32891642079a43d6552cd77b11f30cfe3464b7a

SHA256
36a0618a3c80d83102b9c81e602059727e43ea7b00d0d8cfe4056dd3d856dd1d

SHA512
7b0d16751b2390da02cdac557cf6af33ceb97e7863cfad92a1ad5f609ff27bb66298b64f98f6b1a7c22e5d7f458adf0bc81a649c5182285dbbe6e643b8e69c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
17f69fd253322abeec514bd1b9a94e87

SHA1
ec67ea252170d2090e9274f4244cb88d0f6c47f6

SHA256
c872826626e14daa09447a9f42c74b6730acb89a72fa269e0647fd1c0772b57a

SHA512
6a0bbddd59876f14c1fb2c0e9b8deae22d4eb2bd5e076b34b8181a122d6aae23bcf8af49773978071cfd61a745cc52bba1ac01dcd158a0821f5053de84c188f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9a7689b76572385a534b3af50382d56e

SHA1
383e21a49afbe4b37c6e5c9abc0f100545276030

SHA256
2f527f02eeddf3c4d56e9e3c25571ac8f8aab99892579620d45f7e20f4eade51

SHA512
f83950c6298bd353683650830c1c7bfcb43d9d7785a43106553e5b9ff934455158937ad10c4b0a110359e2a4ec2e1d22fb1d3c6018994923bd517a5796e3115a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
32d1feabadf0074aa4600da6d8411b0a

SHA1
6cb96f76e7e9604516077c59254141687b478b3b

SHA256
34adb7786bd61b3dd07688f89c5c4b142c014c49bcbf34e7cf526bcea4294f1e

SHA512
b9a7173abffdc91d042acb774b1178ff73b5574ad862d4bdcd5793e82746ea7e2e92cbc918a4d44e57980c5a1de156107d233a57b17523a001debc10054aecab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
915b70846d1f51563d182ce7c3e09441

SHA1
2f26d290a15bec1a2c87ef2266ed96b9025834a3

SHA256
7fa48650f91cef39e705e04b07eae8105995f7b0bfb00f38502abd9394673b99

SHA512
652e2596d64ac0fe073793794b72420a7888d01c0af101af406412a05ba3e14a0cbd4a253082b4c1728a00f6bf7ceaf17dc44fb011ae87be662a164871db6b8d

Download Submit