hxxps://zupimages[.]net/up/24/11/go6e[.]png

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18-03-2024 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://zupimages.net/up/24/11/go6e.png

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
1444	msedge.exe
1444	msedge.exe
5072	identity_helper.exe
5072	identity_helper.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

pid	Process
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe
1444	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 1936	1444	msedge.exe	87
PID 1444 wrote to memory of 1936	1444	msedge.exe	87
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 964	1444	msedge.exe	92
PID 1444 wrote to memory of 3448	1444	msedge.exe	93
PID 1444 wrote to memory of 3448	1444	msedge.exe	93
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94
PID 1444 wrote to memory of 3240	1444	msedge.exe	94

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://zupimages.net/up/24/11/go6e.png
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9533d46f8,0x7ff9533d4708,0x7ff9533d4718
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2500 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7620 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:6268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:6488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
  2⤵
  PID:6660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8780 /prefetch:1
  2⤵
  PID:6672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8924 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:1
  2⤵
  PID:6836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9296 /prefetch:1
  2⤵
  PID:6876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8968 /prefetch:1
  2⤵
  PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9476 /prefetch:1
  2⤵
  PID:7116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:7148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9324 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,7506957136601508302,11527028926471723033,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\65de7c8a-d7c5-4fd9-8131-60e1947640d2.tmp

Filesize
5KB

MD5
32e8e3a4b69a230c4640c72cd50f2c98

SHA1
1042583b7fcd66a27445b3d66877a26d214ed846

SHA256
abde0d86df9cb7859266971424fb97cf44b3a68c935dbf208597dc23c7dbf39c

SHA512
2051f0db9dc3e92bed10917f7453a5fa81e58f02424b1a8f758efcc3f3922dc4d612d37612f8ca7a9e7f42b6905d3a71c92b3197e3498c331b1ee1f3598e3282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\79b0e451-2c44-43e9-8714-e756b0428ca1.tmp

Filesize
8KB

MD5
3148c76e4397ca64ae58068cddb5e187

SHA1
ac6857626ebbf3b68cb9424026cc71605daa5376

SHA256
aa55fc2ebffe6f63d24400d1290b73f79d77dcdee9a54d83644db26cc0e55ced

SHA512
5c1bd540ee86dfdb221bc5a44d168562f1955b2dc55c5fa99d3b5c95f7cf934c885531854f4bed4863639f4e8d5215b216a5eae4e6da02405f749fbb8ca4fa86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
135KB

MD5
6a640d34f2ca275d87a9e62aa7eb1274

SHA1
d2fb6084eb2c0ed0ca9ad720a14ab6b0c260ffc1

SHA256
48ccce53aa633e105383a572baee3ae87297ddf0bff6ad9feff36c32237cba5e

SHA512
ea2e4a804ae3fa8daf2a7511c490359dca615b8d278ccda4ba0c54bdf8912fa3a2d5fe1aadbc9d4b6804c1e63489943f7a252b030a43268eda31c5ff88ede96e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
180KB

MD5
8d657011ca448cb1893928fa62d6b273

SHA1
30ae8bb92be2f224a5d56b3e0920627191cf896c

SHA256
67b867baa954605031b456db803d9ae26dcc19816468fdeac158ed7ce8076505

SHA512
24bbd9e6165a9857063dff7052606dce3ab4c9e2fe6a1859ad45e340eaf042b0d57dda839e84ddfabf700fee0560004043c9865f83f0ebaa0b88ca579152fada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9e590425c20f304a_0

Filesize
6KB

MD5
e42a52846eae3564799876629bca660f

SHA1
fd9134b41ba70cad2709ecb70abe7e5c16c1549e

SHA256
21a3daa23ff8293ce6e3f8b62fead341b49afba73b2cee8d9050f2de902e83e9

SHA512
f20076b3f2aa1a895cd963413347abb1cd0a4e9bd568cb84ac33f6219038b054d48088919e8dfb5611c1f0cb8474ad53d709c3404d006c65ac6384aa36d0a948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c15961fa5543ad18_0

Filesize
16KB

MD5
ff548b5684e79b0ff0dd0e665fbe7399

SHA1
dc754249582f23318a833c549dd24262a32215af

SHA256
d28c788239ab2823ea06990aae0a075b2f329f55cb8c00bfc928f7af3ecbf279

SHA512
8c31b5f1fc18f83eb3b94f2f407fb20983b02a4cc9b5ab8c9e218faa964ba61b19f7c009e9ee95edf40ddea3d5734c67909947289d55aa6d9f3e609e411f6819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a4717e00e320400fcf1807bca4d72802

SHA1
7bc4026ce71186025e3ccc5c12509888ab92f071

SHA256
824eff06ff9ab3719fb6aa0d7b9e1b39ab6f9ba0930ca2c394a08410489d6b16

SHA512
36763f05d6a77d6ca68fac6770d15a16a3ab073f7c7b2b1676f14c3fdadf53c812ec1548b70d16e21cd43d77fbc262a7dba6f2913db0c23a93036bcedc59d1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
659ee326b9cc610ab237c4681a6700d0

SHA1
4216d380fe55b20afede02270f902eb33088f46a

SHA256
a7ca10fc58355933635ee21f84c6ce0ab7f396de5c329fcd9609b7e99d4af268

SHA512
f2b819e72ffeeecce47f514e30ada01e93ddb23f66cedadb8a13292cee41e223babb04ffe0fac732dc3f8d591cda43a8cf95bb8560d5f2a8a23a583d465596eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
d126961a5c46e43e6fffbcf192440d5e

SHA1
3ced94eaac0e347ce61ba779633f4be5a772b87e

SHA256
0aea9b231e1f5bfb3bb9608e79c6f90f1cc166fb479509b9630234604df51220

SHA512
0034d089e5ef689e7d63406561e2ec01b7eaf32bec83aee0c125e9aec6579b679ad2489056b7a550589de11c21616f712f3be752307f188cab5343b7575310f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ae43edc44116fac4d4e3a5f9092648be

SHA1
fee898f4348e28df672092625a9b959bcae8405c

SHA256
3c86075ada9671b766942157249bb793c3cc03f7fcd28554c004f6e015a77bd8

SHA512
3455e1b62729c0f801b489ef17761915928c8eea8dd6717d7531262094f4d05520a91016d8a0c0cfb88320eab33794fb3163f75727f6423ecd80c83ba7668c89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
2c86b5697ca51ce37b4566e106837c94

SHA1
3c9c0cfbadaf0e9b18977099ff4bb297b233995c

SHA256
e4ef45a7d0145695981ed758647990c9503b357258b4e671e291fbac1dc3eda1

SHA512
ddd748c9e480a676b8b87a97b51159e907dafd77cd9fda28e12775cf1d193fdaa395e9441e60d51adf840f8b616e30a4d0c6e2439fc07403b2b5adb22aa86061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
83dca9e78cbb554afb20d727de7cebca

SHA1
d42c0c8d152938ca54eb408310aefffbc399a2a8

SHA256
ebbda57ea1141060047557bbe94f65954c4845586286f1d91fa0594ad0ab414d

SHA512
9c372c37e04f460760a09168b59da5e71719665984bb7d151faae800004ab93ae2406b121b11d683c49f055cbc8b8ef6d6dd25fbc34f6c2218a0a062dae62eaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e3ccce91b69df982bfed850d67c71816

SHA1
8bad2610d0a839f51c494f95a367fadbf82f3a4b

SHA256
e9d3a93794c924470f26cf9c8f1979a03bb52e1fb4f7ba1a4de9041ef45e6dda

SHA512
d3b1afebdc6cb74b4ccdf87972cd48856c9f53c049dd645db20dd9d7c1d3ae66165146c77caf6eff357569e59a6edc6ba5e00bc972c5b3c4fd6052fb53d6c9d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
4f0dee4fa8c5774ff163ac938fe32e7f

SHA1
b9a72fcff20dcbb89ce9ce8148acc86c5acd38be

SHA256
ee080642db5d67146f90f81bfef18dbbb4e535315c11e5e13aa86ab820669004

SHA512
e9a586f5aaba88437c84675b710321f0060fca6ccb8da9f25464baf49bbe817c5fb5fd78faa271df8c4df51526196a6f5acbb8a4361c50c3362449e3d0113c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
cfa85dd7c6d27413cb7cf6e59722118e

SHA1
c576de9479ff20f3d22b5aa5ecd6c016404368ad

SHA256
add93758594817f4e638e0e27268503259fa78774e46d00e8125539a7d77b842

SHA512
f299e76c48cb1a6c365b0584d7fc6ce418d933a3db63e3c74ebb29cc8b7026af5764238afbd8f15da6413f9481f968a6ca3fdcc5eef7e1584162506ec5786932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
569b30db6d4e68109805c474e8bd3482

SHA1
ec05d897b4c728dcf854d69c6710a22e186972ae

SHA256
17d00f1f4b9b00d16fabf5792f9a40dd61deea11b069a902d67d71e566278e94

SHA512
5eeb2ec01362123200ca48021a579fe4ce3f44450ba2f0111de409291972dd551aecee38840c392b7633a533053af8852510f329ecf0da7a2a42f2d1e0054621

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
bf3f4db4d809ad4097c94ebfd2e900ad

SHA1
ca1e9661b933819a2f8cdda705a5d570d741ae29

SHA256
5028f52b0fef1c04ebc70e3f00b7b5aee080598ed29c707d789919f024c3d050

SHA512
9550261f845d68d43956863b8b7b0c5acfa62c96e403d67f118ffa376a22f38de41a47c8be0aa09761a57e6aab1100a9fd8ae39247f56cd97fef412fd7b63077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0236c04edd31a80ec430aaf7d0bd12cf

SHA1
cd300c4bad9a3142bf3384acf8d0d6f1984fd3cc

SHA256
9ecf5593ee25cb39d56c06d2ad5a3c8afbf4cf689246725d53495cfaaddfdace

SHA512
d63bf39b509b7b7f4e2d78ee62e32bb4e412336e79eecdf66f3c249c279228b327ffd792e5df9244eac12ea1c3f631f3d31ccdbe208160a2088be9efd69b7964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b7e6.TMP

Filesize
1KB

MD5
26c8105c75cb75aba759a3e507f6821b

SHA1
364ace6a188639e99fe8d58b46ca3f4896447ecd

SHA256
89195c2becdbd9f4e8eb0c0eb9610daa431532b9380cd48df307722c8cf53ca0

SHA512
b7edd6fb7fcb04fc493e31820dfbeca1e48a324b59dd0f7c284fc9bec170ae0210e7062ff53da7284f9611bdf0bf4c4aa2e4ba08e52ef88c31a57418016a891c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
95c784e269912b81bc25529112bc2eba

SHA1
76249520a80b35cf636f430e8a7194a91c73d8bb

SHA256
a9883c95945e9259e1aa696b755d838b8c88b0f094efd958737b8dab7c8aa4d9

SHA512
7d1a7ff84c1c964e5be808686eff2387461905c6e5e9932743b297dcb1883ae3bf8255c1c39a19fc8904626ae84ee413184529b556b5efc73136dff13972d9b5

Download Submit