hxxp://dmmail-occure[.]dossiermanageronline[.]nl

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 11:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://dmmail-occure.dossiermanageronline.nl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
872	msedge.exe
872	msedge.exe
2840	identity_helper.exe
2840	identity_helper.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe
872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 872 wrote to memory of 3644	872	msedge.exe	41
PID 872 wrote to memory of 3644	872	msedge.exe	41
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 1464	872	msedge.exe	88
PID 872 wrote to memory of 4476	872	msedge.exe	87
PID 872 wrote to memory of 4476	872	msedge.exe	87
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89
PID 872 wrote to memory of 1856	872	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://dmmail-occure.dossiermanageronline.nl
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc898246f8,0x7ffc89824708,0x7ffc89824718
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,17863389135068291113,7531598483817743161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:5400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
84df16093540d8d88a327b849dd35f8c

SHA1
c6207d32a8e44863142213697984de5e238ce644

SHA256
220f89151a0f978b8bbe338b937af90417ae8c17b72a53f2acea7be2ac171a8c

SHA512
3077ccda8f86f47c41978d6cbb1dcad344e36f236251c8fd8c58d1c48a59106aecfdbe306357b7ebcfe3300bec8ea10ee0e59434c799e8c40e40e6c3c1bd4098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f3a65faf758d2563e879efe9f29c5704

SHA1
f99d6d6b47db1cef319fbfbcbcaecb90a8fdc3f2

SHA256
329e10e15bfd34ffa064cb0d6ed04e6819cce2ae2626f5e3459021a59f0c8eb1

SHA512
9b9c35ff66eb558ab9bfff4612baa7525f5e599c56cf5e51b2a4956a3d11cddb1301f2e77291bda1449c89b730f2ab728210d13b509fdf4fb4283f65ae7f0d34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9579c2001ee6d89f5330187e4f9a0a76

SHA1
1fda333571c734f97ede18fee7835e57cd990b8e

SHA256
0c7576ef5827c7f65ce0d80ca3ec5bfe6aa8ae23d3f92763b2d73d2380ccb2c6

SHA512
baadffe8bd1a288b81320713651aa122b8a4dd589be0a4519050273cf92da6bb3b7c4efba2eddbb18f85df412842f728b36e76827adf0180f5c1b2516ca0f649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c8a2e40ed343555c82addaa3cdf11f59

SHA1
d8e965f621a8f9687bf054158ae49a9dad6c6867

SHA256
4d0b607031a221f847b449772c792b4b46fdb357f2966478edee22c8449e8e88

SHA512
897d1e619095eb2aa949ccd5953b724d83f62df92dc432abc908379fb2ec2df99040dd51270462afab88473cf5ba3160934700d1b8b1b53f7f2c57472d9284ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
502ea678044788e5acfc8a309945751d

SHA1
cc8f32975532b48c55eba1867ce64122a2760501

SHA256
5d9ce514bb4b78709d41254c2e9d38698fe2e08eda64fa8e8e020f4e08c9d82f

SHA512
9dbefd17863d7de8f546640d00f8991fadd6e718be56fdd40002cf898aed96b46161fde9d8b08e3d99de82e04f8e5784b8b6ddde2dd33b714d031b8c7ca2d309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9617a08ef0be7558a5141d2af4b935b9

SHA1
1fdcd548528092c4e413729df98aacf7c7f6bd67

SHA256
6cfe213dd0dd1a0d0d89e6ba1868987a7319275c2e1d77bf7ad089c16ecf31f2

SHA512
1dbd962dd2ea9ef010690f511c3422778b4876319cf6cb97d54f1db524143f326a617c0d2a2a6126ba8e235623c992a19083567a4140b39090bd69560b48c3bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1de9742d5b57bcc214965e95d45753f8

SHA1
41f7bc9f3c4fa5168652031d428c66b1199faf65

SHA256
eaaab8abffc7643b17ae7152a24dd54932ceed70b2e2c7c4fd02203b64a06978

SHA512
764b4b540ec4296eb5de3fe68e280f804c451053cd35cf5b2506bb4903d50502f944b50308e0e53be7d9f6e3b8c8245a46e33ad400ed429a790bcf5398bdf8a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b682c2d92255f54eb7b24deb8dcf84aa

SHA1
ace3bcbffbb0fc1674d89c60df107512caec5ade

SHA256
269ac71f6797bb5595db8c39fbca60f12602cf896d1af29cbf3935fcc0227c81

SHA512
823c2801b1c6021ca53d18817051d131da3da858ca4a6385b099f536a40bd8a04b30cfc7fe3f3f9c3d3e4049e4400cd8c1d0e15e6590becff39075b1a37da2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e69494453431328a097fafddc5885001

SHA1
795fefa9ddc9a05e291e4c713b185aab7d18d343

SHA256
b89cd2768628d4e59232d146cf179c126115ab78d29f0a8dbd25b0be2c945022

SHA512
7c9ca0692080dc980d4877f7ef125d94345ce3b22925c994a65fc65f5051110147055d10b366bc3e20286014b73ca6fd8b8aecff5678475ca816d5bcba52e626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5f9c33a48a575beb735ebe4724f030a

SHA1
c3010ee9396cb3edcda6da940a31acbab16cdbf7

SHA256
696f04b3600325c5c3db5d286f6b9d05f0e554d153b34d0409fa5aa1b0a3834a

SHA512
d44e87bc7acd35e13925c1f135c8e92e7e8eced04222ba5e2688017a69d0708329e3a2285e4a15769b87b3cd4c7a6b4f3f9a9c0ac942bdeb4b35f3e91984a3bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
918ecd7940dcab6b9f4b8bdd4d3772b2

SHA1
7c0c6962a6cd37d91c2ebf3ad542b3876dc466e4

SHA256
3123072fba0ea8e8f960dd213659a0c96ce2b58683593b8ea84efac772b25175

SHA512
c96044501a0a6a65140bc7710a81d29dac35fc6a6fd18fbb4fa5d584e9dc79a059e51cbe063ca496d72558e459ffa6c2913f3893f0a3c0f8002bbca1d1b98ea2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8bf61af2ca3537146b767846f1d8e5f5

SHA1
d473a779bee67205344b4553a45605823c2485b8

SHA256
cebad89136f4923534706678d443ecc212012cabd4cd688d8af92bbecee80001

SHA512
37bd9a3c256399cad99ce9c75f21387fa4745c5b9d20adefeec88c4537c2c7a71dd4ee6723d1eb0cc7d739dea13b967e889222b75fa8f0a3c5933f2838bece61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aec04f8cb8eda97f6c030756ee1ccf59

SHA1
6ce3739ff641fc14623752574d63f18ff55155bd

SHA256
0dae9cc4c06cdf5f7a73393d809963ede21cc9b4c22c2e41e5ad22d826455079

SHA512
da06294f135ec277dc1455bfc1d02bde56cdb86a48b7fc5bd7482121ecfda040aa0451c5d72c1d63c95df11347bcc00e3f5b29f1e2a33ee846ba1114ae4afbec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c2460fdcede2fd6ae8217a0250219db4

SHA1
2a7da7a542761b475cdaa2a9614fbd5695d87ae1

SHA256
93f6b9b5df0dd322b2a1a0dd150663bf7c5372b74dc4f83d78c4eb447764abe9

SHA512
80e0f591949b2248d0e0cafd9f8f841130ac89bce74ef4bb46ac04587a948c27f69b7ab59980838166c1dcdd93718caf3e7aa92fc84f5bd331ab758905bc7e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
501baa2c85071071586102702ed5aa26

SHA1
61cef6997e8c15a78d3bb7867b4d4201d375690d

SHA256
248fe07a05e1710b6acb0be31f57453de261a4d5d901189e7fb0c965b3884496

SHA512
1e16685b80f762a5112e450d2e5b7c5c6bc6d3af7ec53a98d5eb59d0c5e4520b59fb23573b765582ac2e0f3f4574cb8f94ecdb8e0a49ed21bccfccbbf8b2202e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588e8f.TMP

Filesize
371B

MD5
3107cb8a30688f8be2cfafd32db13e96

SHA1
0349f9f69c2eac804206185f7c1114f3f80c8471

SHA256
287f8200495a9009a4a9a5cc8023ce7c781a4fa2f77ec7e85e6bb4c553ae24ce

SHA512
5302d73834ac7a69e2bc69678c51835e1879a56c77cf812895b851ba99ff15b800968e5d320d43fe8b45992170900445ccee409d40ba79ad35211c3af7fae708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f754d631-dcc8-4e5a-8ed0-d717b5d1a942.tmp

Filesize
8KB

MD5
d475b7df2bcb379c11bb5c9feef720b4

SHA1
564353fc9f9762d7d6e8aadf78d17785e6af6007

SHA256
706750e2acdbde17d9080b934abb9ab9cc2cfe910103b07e79281ecab18af6ad

SHA512
6632256bee4df322666819eb86e004fa9c633d49676a04b60a18675233a1a23c0a1574b14ed51d870cc2a7942b92f2196106bebab138386e1a83ade795335677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
eef310e62305ab5795cdc0fae4ee0cd5

SHA1
186e5b4e54ebe630cf21c4399da8c3dc5e54e292

SHA256
7815398a0915898d7ad534fb306bef8721767dcd06e10907a2bdf78286682a34

SHA512
4ad05ca15ec537613475299b22a6e65c85a26f9177ac61334447a95c3184850478eb9455ac6a7ad79048d9875a16f0f1b03ce0ec8e0d25c36fcddb844ab748db

Download Submit