hxxps://action[.]azurecomm[.]net/api/a/c?r=AIAADMXOMASMO2YSE7CAHLSY5ASD6X3NNVX5SE7KUTWV5UAWPHGWTNDI2IGX2E6HQC7ELSFSBOZZ45V6H5Y2LQCQ5UEC5E2FEJ2OLH6IAQJMND5OTQ7ZXQJGAJKF5IELDXYRU5TEG4VCBOLD23CI74VPPR4MC2RMCACGXGPTMRVKCTEUCZYCCMFVYTF4F7BBF3OHNNS3HRNA7DTJ3EZBZRDDM35EMDK3EM272ETSYOTWGPBMRKBICBYTZHB2HQA5OQPNQRJMUBKUGABNI4QCROXCMWYYFD5RDHRO6G65JZN3C7VUFOXV3ZVUO2O56JVR6AAVWXUGHGLWGQV74WG3CIPM5PJPFFIEFGAUASOV7VWZWBYXWC5BLVJWC5Q4RFWMDWIAHS52WV5GDFXLNGVENNGYDB3NOJGTBCPGVQQEAQN32ICTP2YKS253XN4WVQRGVEOLII2Q6D3NSTQJNYOXLUAYPTI4OUHHEIDEZSEZWKKRFFT2NSJIXG5HU2U4IOB7LR223GQM4BFKI2S5JAIDYPCFEXDUCL4XXP2OMQOYC64XBAT5ZRAM52COQA2CXQV227ZCSCGUULACESUITEOXR3GXAUF2WXHZJIJTPPRH2FXX4EQQGKX6OUIWCW3RPWBUXUM57LNVWW5JRPHYHWOB56VIOOLMTJBIWTW3DYZGWGAZSLQO2TNX5TYFBIFFH4375JAA2U4J42UCVIMHOI&d=AIAADYX276YSILG4J72TNMQDE4K6ZPZHVDF2DZ3VMVMRLFYYCZJTLGNFJTMGIZR2UBZ7JPKUNJNSTRWMZ66K76QMEOLFG4JFQXWHB4W5RCJ3BJHTN3DWPTWKUROKXAD6WEX6XUA3J7O7ZAMP44VMO75EZYTYW36DX2DZT3FFYB2VB4E75AKGFWWE5LFWX4JO4MAQ5PL4MSOBQO5EXU6XOR3QQQVDIM66TJCPJY357YUVVPF7K7VTGHAOZKFD4ZQXPDFFAK5AMRIMNDCCBYQPRVITXKRWIAY&url=JZBtb4IwFIX/EW9Osy0hjq1gJGtdtQ7pl6UWIoUWWKk6+PUD/HCTm5PnnJN7C2Pa7tW2uRS8MprxymqvZ8WM4BZvlB1kh1zfcj0uQHStZD2ZoFxPsszNejYCZpgf1+9uWsnqi4TujqQDFHRgp708JPgFkmAJQTXAD1rQcGKOPQLYQ4Qr5kUV9+SKJpO+9eJ63z2YQKVeZPgmaqm3jClwelhWT6inJVffRbaRHj0+uCxBPZt7QheV4dPIubCEfzsQDDuwXSBwUWmyJ/QUe+PMWQhAxRL3Pvuc7XIHLg4uU4MJCvHBcWAYbz6Pc5aBALtwwA4ieMzKovHWgi+QSBOkx37/56qlb9sL/rxyGTtbTIo+vynWd01TW/dGjx/rrCy/rX8193kuRc30W99chZUrJuQ/

Resubmissions

03/01/2024, 02:09

240103-ck634seeg2 1

03/01/2024, 02:04

240103-chgenseef7 1

Analysis

max time kernel
0s
max time network
313s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2024, 02:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://action.azurecomm.net/api/a/c?r=AIAADMXOMASMO2YSE7CAHLSY5ASD6X3NNVX5SE7KUTWV5UAWPHGWTNDI2IGX2E6HQC7ELSFSBOZZ45V6H5Y2LQCQ5UEC5E2FEJ2OLH6IAQJMND5OTQ7ZXQJGAJKF5IELDXYRU5TEG4VCBOLD23CI74VPPR4MC2RMCACGXGPTMRVKCTEUCZYCCMFVYTF4F7BBF3OHNNS3HRNA7DTJ3EZBZRDDM35EMDK3EM272ETSYOTWGPBMRKBICBYTZHB2HQA5OQPNQRJMUBKUGABNI4QCROXCMWYYFD5RDHRO6G65JZN3C7VUFOXV3ZVUO2O56JVR6AAVWXUGHGLWGQV74WG3CIPM5PJPFFIEFGAUASOV7VWZWBYXWC5BLVJWC5Q4RFWMDWIAHS52WV5GDFXLNGVENNGYDB3NOJGTBCPGVQQEAQN32ICTP2YKS253XN4WVQRGVEOLII2Q6D3NSTQJNYOXLUAYPTI4OUHHEIDEZSEZWKKRFFT2NSJIXG5HU2U4IOB7LR223GQM4BFKI2S5JAIDYPCFEXDUCL4XXP2OMQOYC64XBAT5ZRAM52COQA2CXQV227ZCSCGUULACESUITEOXR3GXAUF2WXHZJIJTPPRH2FXX4EQQGKX6OUIWCW3RPWBUXUM57LNVWW5JRPHYHWOB56VIOOLMTJBIWTW3DYZGWGAZSLQO2TNX5TYFBIFFH4375JAA2U4J42UCVIMHOI&d=AIAADYX276YSILG4J72TNMQDE4K6ZPZHVDF2DZ3VMVMRLFYYCZJTLGNFJTMGIZR2UBZ7JPKUNJNSTRWMZ66K76QMEOLFG4JFQXWHB4W5RCJ3BJHTN3DWPTWKUROKXAD6WEX6XUA3J7O7ZAMP44VMO75EZYTYW36DX2DZT3FFYB2VB4E75AKGFWWE5LFWX4JO4MAQ5PL4MSOBQO5EXU6XOR3QQQVDIM66TJCPJY357YUVVPF7K7VTGHAOZKFD4ZQXPDFFAK5AMRIMNDCCBYQPRVITXKRWIAY&url=JZBtb4IwFIX/EW9Osy0hjq1gJGtdtQ7pl6UWIoUWWKk6+PUD/HCTm5PnnJN7C2Pa7tW2uRS8MprxymqvZ8WM4BZvlB1kh1zfcj0uQHStZD2ZoFxPsszNejYCZpgf1+9uWsnqi4TujqQDFHRgp708JPgFkmAJQTXAD1rQcGKOPQLYQ4Qr5kUV9+SKJpO+9eJ63z2YQKVeZPgmaqm3jClwelhWT6inJVffRbaRHj0+uCxBPZt7QheV4dPIubCEfzsQDDuwXSBwUWmyJ/QUe+PMWQhAxRL3Pvuc7XIHLg4uU4MJCvHBcWAYbz6Pc5aBALtwwA4ieMzKovHWgi+QSBOkx37/56qlb9sL/rxyGTtbTIo+vynWd01TW/dGjx/rrCy/rX8193kuRc30W99chZUrJuQ/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3984	msedge.exe
3984	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe
4272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4272 wrote to memory of 4208	4272	msedge.exe	14
PID 4272 wrote to memory of 4208	4272	msedge.exe	14
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 2308	4272	msedge.exe	26
PID 4272 wrote to memory of 3984	4272	msedge.exe	25
PID 4272 wrote to memory of 3984	4272	msedge.exe	25
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17
PID 4272 wrote to memory of 4596	4272	msedge.exe	17

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffc4a0946f8,0x7ffc4a094708,0x7ffc4a094718
1⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://action.azurecomm.net/api/a/c?r=AIAADMXOMASMO2YSE7CAHLSY5ASD6X3NNVX5SE7KUTWV5UAWPHGWTNDI2IGX2E6HQC7ELSFSBOZZ45V6H5Y2LQCQ5UEC5E2FEJ2OLH6IAQJMND5OTQ7ZXQJGAJKF5IELDXYRU5TEG4VCBOLD23CI74VPPR4MC2RMCACGXGPTMRVKCTEUCZYCCMFVYTF4F7BBF3OHNNS3HRNA7DTJ3EZBZRDDM35EMDK3EM272ETSYOTWGPBMRKBICBYTZHB2HQA5OQPNQRJMUBKUGABNI4QCROXCMWYYFD5RDHRO6G65JZN3C7VUFOXV3ZVUO2O56JVR6AAVWXUGHGLWGQV74WG3CIPM5PJPFFIEFGAUASOV7VWZWBYXWC5BLVJWC5Q4RFWMDWIAHS52WV5GDFXLNGVENNGYDB3NOJGTBCPGVQQEAQN32ICTP2YKS253XN4WVQRGVEOLII2Q6D3NSTQJNYOXLUAYPTI4OUHHEIDEZSEZWKKRFFT2NSJIXG5HU2U4IOB7LR223GQM4BFKI2S5JAIDYPCFEXDUCL4XXP2OMQOYC64XBAT5ZRAM52COQA2CXQV227ZCSCGUULACESUITEOXR3GXAUF2WXHZJIJTPPRH2FXX4EQQGKX6OUIWCW3RPWBUXUM57LNVWW5JRPHYHWOB56VIOOLMTJBIWTW3DYZGWGAZSLQO2TNX5TYFBIFFH4375JAA2U4J42UCVIMHOI&d=AIAADYX276YSILG4J72TNMQDE4K6ZPZHVDF2DZ3VMVMRLFYYCZJTLGNFJTMGIZR2UBZ7JPKUNJNSTRWMZ66K76QMEOLFG4JFQXWHB4W5RCJ3BJHTN3DWPTWKUROKXAD6WEX6XUA3J7O7ZAMP44VMO75EZYTYW36DX2DZT3FFYB2VB4E75AKGFWWE5LFWX4JO4MAQ5PL4MSOBQO5EXU6XOR3QQQVDIM66TJCPJY357YUVVPF7K7VTGHAOZKFD4ZQXPDFFAK5AMRIMNDCCBYQPRVITXKRWIAY&url=JZBtb4IwFIX/EW9Osy0hjq1gJGtdtQ7pl6UWIoUWWKk6+PUD/HCTm5PnnJN7C2Pa7tW2uRS8MprxymqvZ8WM4BZvlB1kh1zfcj0uQHStZD2ZoFxPsszNejYCZpgf1+9uWsnqi4TujqQDFHRgp708JPgFkmAJQTXAD1rQcGKOPQLYQ4Qr5kUV9+SKJpO+9eJ63z2YQKVeZPgmaqm3jClwelhWT6inJVffRbaRHj0+uCxBPZt7QheV4dPIubCEfzsQDDuwXSBwUWmyJ/QUe+PMWQhAxRL3Pvuc7XIHLg4uU4MJCvHBcWAYbz6Pc5aBALtwwA4ieMzKovHWgi+QSBOkx37/56qlb9sL/rxyGTtbTIo+vynWd01TW/dGjx/rrCy/rX8193kuRc30W99chZUrJuQ/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5948 /prefetch:8
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3004 /prefetch:8
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3928 /prefetch:8
  2⤵
  PID:5620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:5828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4572 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6624 /prefetch:2
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2758819787068080716,11068379108590335235,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
201KB

MD5
e3038f6bc551682771347013cf7e4e4f

SHA1
f4593aba87d0a96d6f91f0e59464d7d4c74ed77e

SHA256
6a55e169bc14e97dfcd7352b9bc4b834da37dd1e561282d8f2cc1dbf9964d29a

SHA512
4bee876cea29ad19e6c41d57b3b7228f05f33f422e007dc1a8288fd1a207deb882c2789422e255a76c5bf21544f475689e7192b9a8a80dc2e87c94ee0bc6d75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0abfe8335eed5bb1237e9f70cdbf0f84

SHA1
a3a3b31d9d27dd1e3c9655a9d9f75a3354bbb4e1

SHA256
604a79f7510722ca96d3e9a5a4be1c53c9f80c7bbba843e1f1a1f292a93e6109

SHA512
b0cecc9d22bf243f7c697380ae3fd9c4f743b1c33d99480c15f327fd581324edca8737da5204ad519344f106bb8930c03c6b531222e8708a6b1abedd10d1373f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2b9a6f5cdef22ef0d59031744db9212f

SHA1
075a153d932a38e07c728f2bf5cd3fb3447ad12d

SHA256
618db510a68b7da50d6b62e30e1fc9e68b6ee5e34c60203b801928e73fa3b468

SHA512
4a09af98b407efa523bdf90e9e98faafd5c34c7c27967f2c05a57a889aa295510e14fec9fc0135023a52078453404aac3b3d678c8fed2087dc3629b44f3a81bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f2e303f709b10a685747fd1cdb0b4f00

SHA1
98261a260496aaf3adab3c0abe4c9367d30e8360

SHA256
d5403980b97be49d42e367b1e9da345ca201b7b03c857d7f89bd316e05a75d1a

SHA512
75f2fe1d9de6e75cf339d38b4d1fd28774d084a09e0a24a7c34b1226b4bb9d9a7e51381ce1dfc876312dc8d195132a43fd44ac13aab1dcdd18567b79de3d5108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
804B

MD5
d36641dc3de2ade174613912d5dc0ae0

SHA1
345bd1fe9d62cfc830ca901ebe52deb241987e16

SHA256
f1f4347aa34b4c71943ee729750299befb2e5674a60ae87f93dfa5a7bd3debb9

SHA512
5a0df6ab5d63354297945f6cf8142e87690a26fa768f34eb1257885ed4e8df409356f84d59804bfced26348c2228ca17af7a89a51af3a10d5abcfc7cc3971626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07d04cca7a076f9302274facc3762802

SHA1
eff4432bcd883853decaed5a67e87ed2a8d20ece

SHA256
9a77718f8c91a77b5c8b5917d7c46413f7d045148aecfd17fad1ef1233d3526e

SHA512
dfdda1502bb5ddcc9819ddc6a98283efd7d7bb30062fffd62e34d5ddf25fed8d10c485d7ce73669a77e98116c50bed8b04805cd0bf5e08cf35e26def7f4fda2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e82169df30f818ca8e114e719409c216

SHA1
7d51e05b384383485b744da0602c5442cfa95daf

SHA256
301ad5c8e6e25a1d131e269d3c266da36e1705207e76a9cee97d40600efc0b63

SHA512
515622f9b1c764589b0c836419aa617744433e0029b6893300f0754b126b15407fa75e0643c9862616c4ea54061d96f46caa6894788512164f59c56c04094e68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0102fed43eac7331c9b5280e201f8f9

SHA1
752f3f6f5c01fa0f5eefe2e7f6f1a786a8c9dc65

SHA256
4a6b50034354d6c01224e0b95bf411ebaa6afae44029baf2b105f5331933b5d3

SHA512
d4cbae5a51d875477bae6dbc038312ba5e7a4be55b081e57089aaecca91d22d47ec5637b57b88d9fad4facf16766acddb1048bc0154bba8a5ebb44dde9bf6db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58b292.TMP

Filesize
538B

MD5
af88683e84a5e8ce22fb97183e561415

SHA1
845eef2fa1fa43a0707d9f75197fabdb0748ad35

SHA256
6eebd6fe89ac792d6e097a6e41153b05bfb631e6ee5c10d8bb02ffb70107ac34

SHA512
91560789e570285a2103f51a750492664ad2fcdb371c7d46c46a5cdd2619a3feced4784ed1ba7816f3a3ff087c82bcecb22244418870ec8f95bf35683ee63f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
459deb916fdf0487227b36346bce0124

SHA1
304cada46e53b1607bc4878d809292df5c9b0350

SHA256
6e5667ad54434625fe85a5c6d9a2a064bfabdec02e3a56a7963065a4cadfd496

SHA512
34c077d136e177c9515773ae91dfcd2c8921dd7f1786e57f777438b783994c1959f4e769cf702251b8875eb4f38eb1eaac8674f7b209e963581662d770537e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fb2f2a39816269f359aa62eefa4e684d

SHA1
acfb3f45fe2c74ba77ad9efd120d3a2113d9f905

SHA256
eabbddab21dff39c207da6a4dcb68208a7385c97dc2503af19760fb3da774ee1

SHA512
863f4abbee86fca58fd748b0a39290f3b9ddc15a5a7475171894c8c1a5a4d0db8af000de06a2528c9c9af18d0ee212924415926dd75be2a0d83d34bc0869c8fe

Download Submit