hxxp://url7340[.]postier1[.]com/ls/click?upn=u001[.]vnP3142JEFjaodMJP38kOmKa2PcyEunS1WS80UsdB3Xo3xjifCKSTkssDXhn0X-2FwvR2wFI-2B6JVCfn6nnndy7kGLO-2FCyLVzYkv8BdaVq-2FCSCeav4wNC5x8mLOcb-2FdpePqytRJqnzEJajXCoy7HEs6dFemN50BzC-2BYUVkdU1oGf53rxQ6h0yMYhCL6ZqbNVSN0xZE6_s4xCr9gmwsNXyMXon4HHLAocQYFaA87sX3XHcl4x6uSQN7tdwkAUN-2FAP9hlnfpGBNzX42Ns1zwjRzTlkyLGxIMnU2jYhbsTA-2B8L-2BVGyfd85VrRS-2FBIyqVE6AonBG-2B-2Fd8FJjgWuS1-2B2GAWOKzpZW2Ih3Zx9EthPjhs61hp2QTz8NOkxIgGt2yPS-2Bjc5fqLUtvhmG73tYn6p0-2B9JFtW06GuhE5dP-2FSE3aAwiMk010RsuwG-2F-2BAAH5W4qArMBhhTAm-2FfmfbauQP398aIAG3Ds3PbLH3NXbL2GyYjqH8m2NNex5lJ46QBMMfjvKPefEfPCrgnsHxawEjNMkoQV2QqsvpwdkkCzYi3oAfSLeSXDGFPC88thAx-2BzCVGET7VxgedFXklJhYSGrL5P-2B2R7lwzE9A6wVcFrtqmtzGE3e-2FEDqs1hdGvQLTAQcPpH-2F1F3-2FFrmsgYtTezTjZ2sG897C5Iwm-2BEe-2Fhw87OYxLRzBeW8yLHgc78I1CWQvRxkWqBtzYIaMorHp1D9h881TYiDGIMs9gap9A-3D-3D

Analysis

max time kernel
300s
max time network
311s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/02/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://url7340.postier1.com/ls/click?upn=u001.vnP3142JEFjaodMJP38kOmKa2PcyEunS1WS80UsdB3Xo3xjifCKSTkssDXhn0X-2FwvR2wFI-2B6JVCfn6nnndy7kGLO-2FCyLVzYkv8BdaVq-2FCSCeav4wNC5x8mLOcb-2FdpePqytRJqnzEJajXCoy7HEs6dFemN50BzC-2BYUVkdU1oGf53rxQ6h0yMYhCL6ZqbNVSN0xZE6_s4xCr9gmwsNXyMXon4HHLAocQYFaA87sX3XHcl4x6uSQN7tdwkAUN-2FAP9hlnfpGBNzX42Ns1zwjRzTlkyLGxIMnU2jYhbsTA-2B8L-2BVGyfd85VrRS-2FBIyqVE6AonBG-2B-2Fd8FJjgWuS1-2B2GAWOKzpZW2Ih3Zx9EthPjhs61hp2QTz8NOkxIgGt2yPS-2Bjc5fqLUtvhmG73tYn6p0-2B9JFtW06GuhE5dP-2FSE3aAwiMk010RsuwG-2F-2BAAH5W4qArMBhhTAm-2FfmfbauQP398aIAG3Ds3PbLH3NXbL2GyYjqH8m2NNex5lJ46QBMMfjvKPefEfPCrgnsHxawEjNMkoQV2QqsvpwdkkCzYi3oAfSLeSXDGFPC88thAx-2BzCVGET7VxgedFXklJhYSGrL5P-2B2R7lwzE9A6wVcFrtqmtzGE3e-2FEDqs1hdGvQLTAQcPpH-2F1F3-2FFrmsgYtTezTjZ2sG897C5Iwm-2BEe-2Fhw87OYxLRzBeW8yLHgc78I1CWQvRxkWqBtzYIaMorHp1D9h881TYiDGIMs9gap9A-3D-3D

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-609813121-2907144057-1731107329-1000\{4D99574B-8348-49EC-AF1E-5EB0BAAA3F93}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
640	msedge.exe
640	msedge.exe
3388	identity_helper.exe
3388	identity_helper.exe
416	msedge.exe
416	msedge.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe
5924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe
640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 3196	640	msedge.exe	35
PID 640 wrote to memory of 3196	640	msedge.exe	35
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 1928	640	msedge.exe	90
PID 640 wrote to memory of 4976	640	msedge.exe	89
PID 640 wrote to memory of 4976	640	msedge.exe	89
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91
PID 640 wrote to memory of 4640	640	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://url7340.postier1.com/ls/click?upn=u001.vnP3142JEFjaodMJP38kOmKa2PcyEunS1WS80UsdB3Xo3xjifCKSTkssDXhn0X-2FwvR2wFI-2B6JVCfn6nnndy7kGLO-2FCyLVzYkv8BdaVq-2FCSCeav4wNC5x8mLOcb-2FdpePqytRJqnzEJajXCoy7HEs6dFemN50BzC-2BYUVkdU1oGf53rxQ6h0yMYhCL6ZqbNVSN0xZE6_s4xCr9gmwsNXyMXon4HHLAocQYFaA87sX3XHcl4x6uSQN7tdwkAUN-2FAP9hlnfpGBNzX42Ns1zwjRzTlkyLGxIMnU2jYhbsTA-2B8L-2BVGyfd85VrRS-2FBIyqVE6AonBG-2B-2Fd8FJjgWuS1-2B2GAWOKzpZW2Ih3Zx9EthPjhs61hp2QTz8NOkxIgGt2yPS-2Bjc5fqLUtvhmG73tYn6p0-2B9JFtW06GuhE5dP-2FSE3aAwiMk010RsuwG-2F-2BAAH5W4qArMBhhTAm-2FfmfbauQP398aIAG3Ds3PbLH3NXbL2GyYjqH8m2NNex5lJ46QBMMfjvKPefEfPCrgnsHxawEjNMkoQV2QqsvpwdkkCzYi3oAfSLeSXDGFPC88thAx-2BzCVGET7VxgedFXklJhYSGrL5P-2B2R7lwzE9A6wVcFrtqmtzGE3e-2FEDqs1hdGvQLTAQcPpH-2F1F3-2FFrmsgYtTezTjZ2sG897C5Iwm-2BEe-2Fhw87OYxLRzBeW8yLHgc78I1CWQvRxkWqBtzYIaMorHp1D9h881TYiDGIMs9gap9A-3D-3D
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff283846f8,0x7fff28384708,0x7fff28384718
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6852 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7072 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,16369021499097990830,4198694130702801754,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6476 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36bb45cb1262fcfcab1e3e7960784eaa

SHA1
ab0e15841b027632c9e1b0a47d3dec42162fc637

SHA256
7c6b0de6f9b4c3ca1f5d6af23c3380f849825af00b58420b76c72b62cfae44ae

SHA512
02c54c919f8cf3fc28f5f965fe1755955636d7d89b5f0504a02fcd9d94de8c50e046c7c2d6cf349fabde03b0fbbcc61df6e9968f2af237106bf7edd697e07456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1e3dc6a82a2cb341f7c9feeaf53f466f

SHA1
915decb72e1f86e14114f14ac9bfd9ba198fdfce

SHA256
a56135007f4dadf6606bc237cb75ff5ff77326ba093dff30d6881ce9a04a114c

SHA512
0a5223e8cecce77613b1c02535c79b3795e5ad89fc0a934e9795e488712e02b527413109ad1f94bbd4eb35dd07b86dd6e9f4b57d4d7c8a0a57ec3f7f76c7890a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
195KB

MD5
873734b55d4c7d35a177c8318b0caec7

SHA1
469b913b09ea5b55e60098c95120cc9b935ddb28

SHA256
4ee3aa3dc43cb3ef3f6bfb91ed8214659e9c2600a45bee9728ebbcb6f33b088d

SHA512
24f05ed981e994475879ca2221b6948418c4412063b9c07f46b8de581047ddd5d73401562fa9ee54d4ce5f97a6288c54eac5de0ca29b1bb5797bdac5a1b30308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eec6c880dcb1240387577c86be80b59b

SHA1
4b0158096c7a891a89a2b840a1ce1579eace8d1d

SHA256
ea87301c31395612c4aadad095769d2cdf001f37302e249f3547245922be02d7

SHA512
d2b519df1733c06e450d74e778eb1c585725eeb2d7bbd8bbaaf91ff7b6e41f283a9fdb702b708d9de85b607cfef4e030d0eea9d7d8e5ea13a6d750160714cc6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5f3dd5edceec81d4ade33029649a5211

SHA1
a00ab43e26080dee1bcd41fd7efb678043e32146

SHA256
e7aabe9221fedff17cea1a7799c958dccc86b57badd7df107e26d82e378c4433

SHA512
001cb08fb0df3380ee3a8f7bfb7b810e2d5d50d3404a1c021f9b95c1feb9361acfecfafb88c88cedc5907136572cac6571639755174f1e927585dec6e5bf3684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
99d8796542262b61a871c535d1386c88

SHA1
3cd4c220fc4a912dc15d41756ef742b45e936b5e

SHA256
fec684826256d963f9c93dd2b058475be12878accc94427b6d8ec13d022f8b88

SHA512
c1950b319ed918f4749357efdffe212ec8e25db5fc2de2c38c74dc4975a588c3b328c95531410ba79f075f776160738af7da5ed7a951132d4237cf51b5843dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
dacbf5640da482136da70aa46b194064

SHA1
7c694b2edfd3542aca425eb39808e55c466e8afa

SHA256
04d1b869b208365bdc08ab6b3fb9022045b7a89e12fb91606be246958a4f3827

SHA512
24d77dbdae93e6a95bacdcfc1ae2a5d607d4c2bbcb4b237d0fec28acc839700c7843393f50c575812c8b0f72ea98dbcc11d16e56706645ade6ab03bc376894cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6593143ffa052b687ec30c73b52b74de

SHA1
c1a52232f4b59e013971a517591d53d7b01ff36e

SHA256
621aa0a3c84fd4a86df1408385a45a1aeff6492a6bed07cb53169bb488a65017

SHA512
4bce895377bebdc717f5a0ce84a6c402fee5ecb18eff3de7ba89e9727195952789f55fee6de702d0b62ebb2dc5f3cba24ee45c25cf4eeff13f6b7678d0ab8735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ae074aa926203e1e55114eade9e6b4c

SHA1
e4ae5fd3f4a228f83894e3089762731228930dc3

SHA256
527d08f8e4328b25725cd2469eb5def40d70bcc70e9f630a87a379c60621a6a9

SHA512
72b2836172fce7cc05aba00b1c14fcc46fe957a4702ab5a634b51c245775fbac7f43ba7b271268b25f7ff18f52895b00ead9256d57c4d791eade9f4a35b97921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d5d55ae52732b87576e0eaeba933f1a5

SHA1
d31bffa4ab042160ddaedd27587ef074b09a340b

SHA256
b62f2e5556638e10092d9ba531189368854d1edcf9594e2e9127fb27330cf9dc

SHA512
1cd5196208cee3e013ac314186db08466fc1a6ab2fb173d13198dcaa3ad170c7d806eebab15b997aff8938c4f34f5abbd504521a4fda4eb3ecd4ff31a3fab063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b9060156ce71c35f9da4e8c28b340361

SHA1
085e812ded8bcd729c811dad1d2856b6bdb44031

SHA256
4b3b45fe42d9cb265b2332647fd1260705c8f42dd083088fcfecd68ab229cc87

SHA512
341c8fea24d0f456fd870ce0990a77b3be3a695a90bcb4299ba52bb18d7f909b71852e8ade74927c2620e718db63197bc14e772b2eb86c381036c58957ea4816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
b069cb99d708c548f13a5609786523dd

SHA1
73b915ad7bac1a5b68f7eabac6a0a3f5aa2e4da3

SHA256
ed4fa05e5d90856391e8b90ddef4afc547e0de216dfc2c7f10299897bc74b549

SHA512
2b0a769ef53776139d9f5590ddf44e0de1e5df45f3f11c92d2b14bb1f1758b3a44b34bbc2116dde6377f125c477e96f6514af1c65eaeab481404548be5852a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b234.TMP

Filesize
48B

MD5
54479efee608f2dfc8384116a1c5624c

SHA1
82b5b714901ab04e9e77387083a57a6d4a14b947

SHA256
feb59f872b81daa2b5da59e92c044dd51f4b5a381a523f5f3834e1248188e3d2

SHA512
045833398ce7a6f0ff37c43f694c878b819d9ae80491d471c7c0fcb072407a9aa5375eb5fcb0e9202f8338cd1c1ebe4135cb0fdc80b54bac38c735ca9dac882c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfbf297aadfae17ecdc19b66c3d08055

SHA1
aafc19676be19f2e7eb318884c767c18924f7abe

SHA256
9871fdc223fb115d3295369eda475ce74b8bae1cad7bb67818a41f9705d40521

SHA512
74a8272ca00df5b14baeaca433cb8266743117d258462d752ae0cfab5a3049b1e04b563c0eb2d09f87a3e5466b1c030513b28f5902ea2b5a00607f3d7787a744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
533B

MD5
1645243b2dca45e2565f2f9fb1e81125

SHA1
58a720128c0a313c4048d6c22a03056a25b81a23

SHA256
f9b6240b046dcc31cd7a37d0c78d0cf2fb685d3a124b91f0fd09270b9a877edb

SHA512
725987032f43bcae567012f53bf79118ba80dc8c5dea8218f97d7f36f1940b4653f60cbd410f6b33bdba78d5bcb7cae94c7f77bc042c7a21b35d987739373316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5855fb.TMP

Filesize
366B

MD5
6c39aa9e72d6a34e4acccd078d0a4abc

SHA1
90a061644c34f66144db569d8669cdd7ad15feb7

SHA256
94212e96f9ba077090aa789c927628e03b14dc042f14451617fc8740bbe78f1f

SHA512
5842cef5f2e7ddf9f4e2a69b82884c5ac66cf4c174972cfaf687eb36882238dc3885864fa139e191a2a68c2657144447f0c237a35088ff86f762e0e76bd5cd98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
be076b16cad9550aca8d0529f24e3db6

SHA1
3c4273e620ae68bb219d46938e1b4ab34de63ab8

SHA256
3248d59f49c18ffe91b44c3c958c2dfc7fd36e283903f0b82583ab6e605856d0

SHA512
0cfa128be64137714cddd27e0c298f25ae78bdbf95008a02608f1e14e9aa7da6c4310ffe5d4135e922cf002fcbafdfbcb2a0ebdcccbb2b1d2c0fc0b1bab7fb1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit