hxxps://jimpl[.]com

Analysis

max time kernel
237s
max time network
238s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jimpl.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 56 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe100000006e6a2371bd68da01c09fed3cc768da010d3bd3390f75da0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Pictures"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2727153400-192325109-1870347593-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3680	msedge.exe
3680	msedge.exe
2952	msedge.exe
2952	msedge.exe
2016	identity_helper.exe
2016	identity_helper.exe
5604	msedge.exe
5604	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe
392	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5604	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 524	2952	msedge.exe	87
PID 2952 wrote to memory of 524	2952	msedge.exe	87
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 4960	2952	msedge.exe	89
PID 2952 wrote to memory of 3680	2952	msedge.exe	90
PID 2952 wrote to memory of 3680	2952	msedge.exe	90
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91
PID 2952 wrote to memory of 1060	2952	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://jimpl.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8d5646f8,0x7ffa8d564708,0x7ffa8d564718
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,2634903060490349103,14872193130529247428,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3172 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
73c8d54f775a1b870efd00cb75baf547

SHA1
33024c5b7573c9079a3b2beba9d85e3ba35e6b0e

SHA256
1ce86be0476a2a9e409fcb817126285bc4ad83efd03ee06a2f86910fe18d4d94

SHA512
191344f5830cfea68499bd49073ffa7215a42265a9629d203d07849b2417c0ffdbdbf288bf2c669e91009a0d7e8bd6a6b378c92fc283049141231ca7bf4da3b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b206e54d55dcb61072236144d1f90f8

SHA1
c2600831112447369e5b557e249f86611b05287d

SHA256
87bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b

SHA512
c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
d6d1e7dd954ba6d6d40943020628e4e9

SHA1
ff21bb23bc72d6b523c9d9e6d5a67df6a7561498

SHA256
af7788b954f7d5bda174f934249443c931557c86bc89dd0ed1c70fbde3e5937c

SHA512
fc982f32aa326dd99a757bb0f69546318260257d7a10e3008e09ba07309694eb0dd0986674d1e17d43f8fa06a653d2c0dbb2626868b60a86833614c9a708198e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
3063a7e62c0b62d1df750848304a77c0

SHA1
2e93091ad21938d525b69cbacb1072cab03281e8

SHA256
bafc3557a30f9a45ae9feef34f3bf71d46d5c23c462ea584b131384adb712d35

SHA512
359be0ff7f43d7a2d21dbb49c58734e8c2d659c29b1e45b8392fe1adecd2c26e6b49e8783cf0449cb802dc5ec68ee3d3d822fa57c8f078df2b49a3bcb4e29475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
de2ee266135bd189fd2d6b3b3c5ac265

SHA1
825c812ecc474a46c8e13f0bb969cfa68fb1cb0c

SHA256
7b56199f0e05e28b47528879f8e62bed5870a3dc0cf9f0200476ba3857892c58

SHA512
cd2cecb82e3b95172d045c58a0b506ff7183e929c05326dd9300b687299ad9cb305c85840c9c976b194710949d6c64bbf4d9e7be2d0e492efb551b9ab1f34a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
70dd4bc89cff84d85bebfa850eeeb3e6

SHA1
12e35ac606a9be68febc820d5c40e6fb0fcfebad

SHA256
32b88f856251a4f528ac296ede76bf29e5cbd73242313d317e0c7afc6887cf4c

SHA512
035a97b7e4ad91571e9f0e9c78b61621f1289de7b590afc40d023973443befacf3fa707f76b4d73cf1a8b071986330391218e38d99f5ef819264cf44f9a9b771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8128ffe8a9cbafec373e96d7cb7f926a

SHA1
2a1d1d089c7659ece25d1abfc96a594de6ebfdfe

SHA256
a296d513d33ba2a30f01d09c117c7654a3372bba97883d709b6b6be53ea207b9

SHA512
3b0f224134803c798b60eb23d0c22c9255e6c4ca3aa0a5f0e23939ebc53785baa338d4e93f479206e97be22ceddf73dab8b6da9d19430e4ea97b2967b7c90a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
733d72589853f0f4b5c6ef7714d7d8df

SHA1
00fbf4f4b791fab50792f0e1de5b646dd7c96bb3

SHA256
45a4132836879cb21bfe9ec68a9fa526b860eab8e04b4bda723747bc1a03d678

SHA512
e8ad4ee32b85471682e36d1742a9dfcb60785401ccfcb9bb78fbace2266868e1c51f8cad35796bee6cf1495c29b91eae903ac5735a3e2d8713250e0ac6979ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a3e0a54f83097c02a47df55cc7834a2

SHA1
625fd6a9ac0403a5527f1a637b9c4105572197df

SHA256
3bccfe901b2440a7f352a5139399127394bc7de22ab17a57a81941791e0d7698

SHA512
e801dc0ea73cb0e22ba9fe029b23a6ad8badcb9c6d9c7c5b95ec273925b81640b43385cc7d09f522381f3172a823d33bf687ed64acbe91ea876d5d7e82e55017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6970f55031c03059f7df4761de1815e4

SHA1
d4bc13293f513009051b2374350ca13eb4346462

SHA256
85dc670debb7a5833e9845c0e7bc0e25e7906f2e9e422c64203fe1050649ab41

SHA512
7e5f57939a2f3ddd4f7e4d4cfbc4f705afea975732eb7517540e2cbd1929bed55a2095abe3e3408365cdebae579160b2a6a168b807d4f7f9197865df5a050ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad92a3c6fe6dca975ae323c63b280cf6

SHA1
7fc84c78d2275fba04de409b632d2a52dfa11650

SHA256
6257302856edf561b3abf6736678b6bdfa3c6c2bcaae502d20083eb74990806c

SHA512
ba7670412db42ed0589a741480ea731aab37d93af5db3f62e77a1c985cd977ebfb8d292881be8a029d1c8e7edfbb60e0f36e4869b0c0ee01121d7724f96066d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
dc4107f9a88abca829d4c1f2eb0c2cc5

SHA1
bc492e0f6e639920994fca9faef1d928ae4666dd

SHA256
25188fb26e409e959915f59a1096c57e87f47432f2e2485ee7328f6bdbafcbba

SHA512
35597f0d89bf57f52f431c655e8d1247cc82c692dd9cca3778e461372616a24194154730e64dcf928072559ee4ba24db6c4aea9b79d575e85293648799a2db12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f86a.TMP

Filesize
538B

MD5
f135f2f433f8ac245a2628905e4e83d8

SHA1
fa14fb790b732e833cd539414a599a97c7e986a5

SHA256
35c7f9dc3b216423ecaff32d895783dd0cb86572f076147560321209f8ce0fd6

SHA512
72175df12d23a3460fa7a4ea33260825c1f023185dac13b09760ff514bb74224573c95bc69c2473954f1651a8446add025bc38f93ffeb10d7d6de783f15dcf78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9c0c8be1cddbcef61d00c246ff1c0d2c

SHA1
ea897bc2d99734ea566ae73398edefbf9e9b2ad0

SHA256
fd1ceece4670ee2e63a756a1a27875b58f7b3b633a0c88b59ed2aaf69af45226

SHA512
55f9cec67ea986b5db0ddfe41bece426ebd95136706ced7541e478af8a77a7da55d3d77127f14a478d60d998052c7bf4b7681f296027fb4277b9c80c8935f96d

Download Submit