hxxps://tinyurl[.]com/2pwv3kyc

Analysis

max time kernel
300s
max time network
301s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23-04-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/2pwv3kyc

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4220	msedge.exe
4220	msedge.exe
3008	msedge.exe
3008	msedge.exe
5812	identity_helper.exe
5812	identity_helper.exe
804	msedge.exe
804	msedge.exe
804	msedge.exe
804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

msedge.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe
3008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3008 wrote to memory of 1328	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1328	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 1524	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 4220	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 4220	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe
PID 3008 wrote to memory of 3916	3008	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/2pwv3kyc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x44,0x108,0x7ffd718c46f8,0x7ffd718c4708,0x7ffd718c4718
2⤵
PID:1328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2360 /prefetch:2
2⤵
PID:1524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
2⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
2⤵
PID:4936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
2⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
2⤵
PID:2104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
2⤵
PID:312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
2⤵
PID:4328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
2⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
2⤵
PID:5372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
2⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
2⤵
PID:5824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
2⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7408 /prefetch:1
2⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:2684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7332 /prefetch:1
2⤵
PID:2996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
2⤵
PID:5556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
2⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
2⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
2⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
2⤵
PID:6324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7920 /prefetch:1
2⤵
PID:6776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
2⤵
PID:6940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:7076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7880 /prefetch:1
2⤵
PID:5960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
2⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:1
2⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7056 /prefetch:1
2⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2268,15267958284634369875,14255259402437772828,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7948 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
30KB

MD5
6fb26b39d8dcf2f09ef8aebb8a5ffe23

SHA1
578cac24c947a6d24bc05a6aa305756dd70e9ac3

SHA256
774379647c0a6db04a0c2662be757a730c20f13b4c03fe0b12d43c0f09e7a059

SHA512
c40f4771c10add1b20efb81ee3b61fc5ede4701587f29a1c2cdde8b6faabd1c76d769bf8b99aa19082012f95d99ba448a472463fb9056acd2e43542e14e605cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
62KB

MD5
6e8834a3945e6e2db4bec98445cf2267

SHA1
2d5300fff3e83ba0624f83de12bdf4bf1f9e9bee

SHA256
5960ba2a57cf6f6297c7eb019c4bed7e1fc4e9d6230ee9c53da601fe799543f8

SHA512
80e96f5a7b787dba918f523fea87a1a45461a44cf6f28b27009bde247709697e617f453263f8cb4dfd43f6f6b2fe9e938dd487dd9e2c9be235eabf94eeb4628c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
31KB

MD5
7ad7f8b226329acba12aab120767031a

SHA1
1700a9c957a574aef1e80ae5a9b8de0e00f64295

SHA256
e780b4f5e426db26bb37add473fb6e21dd07a3bb2667be7068d39e18ba6d4906

SHA512
2039e35310ac7b98795e406407a417b210198ca01fd9a65a9d6cef778efa2f39d4daf7a669dad10bda62c54394183eb94d1f17afc3376589011938fc493f80fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
99KB

MD5
b653d5f9b8dc18815e540493f916c72e

SHA1
8a777f750b8f1764ac561455242a00e7ad471ebb

SHA256
6c3afe16beb5e1d163a65ef422af118d812a88b4d5be5f38b5495a1c5a649ba3

SHA512
edd3e6eff3859bab04ce5ba77289ddbb1a71ec29a8679fa95659f2c69779673e828f7d4b1b96b4929c1d096cec8da19f7efa0dfa2b2f6ce517cf250f1421abb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d
Filesize
132KB

MD5
ed91d07cd5e43f34266788b4c3c5db58

SHA1
6bee3d7cca8cd0f677ce3635d5125069d97a341d

SHA256
d714741ff614024875ba7369e72038d6322940c4d1e5c08596324699cb08c048

SHA512
c490781ccab977e8045aaf063c3ff7ac53c41bf3498d4dc8b38c098e67720eb772b5cc57a0f887ac4d8afbe548b19e0d8f202648ec90ace0398d92cf6a7fe0ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e
Filesize
243KB

MD5
0d2dc4c04a97fd331759d4b4f4d7e4cc

SHA1
1745cae06747f7777f809fa3220cca4a8210dd84

SHA256
b641d2012271bb75f7e82c5020f99d2ada0684651fc1787c70912b877b707bae

SHA512
e86eecbdba2de835514cb6a4ccde7b830818f4dd0c3e9aed17c6d35961bee2f53c2b488c32dde29a3aced6d032bdbae8106058ec88d7959076ade2f5ce1023e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f
Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
Filesize
115KB

MD5
ce6bda6643b662a41b9fb570bdf72f83

SHA1
87bcf1d2820b476aaeaea91dc7f6dbedd73c1cb8

SHA256
0adf4d5edbc82d28879fdfaaf7274ba05162ff8cbbda816d69ed52f1dae547f6

SHA512
8023da9f9619d34d4e5f7c819a96356485f73fddcb8adb452f3ceefa8c969c16ca78a8c8d02d8e7a213eb9c5bbe5c50745ba7602e0ee2fe36d2742fb3e979c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
0b04d66caf238ad3db78be4a9772c06d

SHA1
37691db07a74719a64439847809177d67520a95e

SHA256
d5cac79cd079007a14a060c412df09c7dcc18c2fd4462c72f66171389859dae1

SHA512
d9d0eb17b0e96a926e3d19027f3f1a44bdb9c23a156ae97b640753a768125518b7530c4f8e3f4e5021ac8dcca4a8ac548d6d20ef7466f2b2f14bc58a8726e9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
ac6a0147ea4b1d750de913d619b2fdfb

SHA1
df57ff06ca99d26afdb147f9d3720cca78b026f5

SHA256
c01e24b5ffb88a6a557080bb27c905905663fdd4a42a94309741fc3a2c5da2ef

SHA512
a2502386012190b9dfd7b65ca62fe8189fdce88f6ebc719e4882355b74208a027822988b256f4d57fd58d259acec1c3145339502cbbd15b15fb9f06b6c6e6dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
5c9dd2925b0aab4e0c3bc220d1072d71

SHA1
4ba57e9bc987cfddfde3d33c4395227a38a83c6c

SHA256
fbd75e178203faa81ab2a7a773fc1958623066ca931663ded24157f245e44518

SHA512
972f50eb54b78e7712b702538a805777048fecad26d949d5249b4aa7fca6ea7d5cf13d2917957aaf4322dedf460ea023afdcc58e2070bbe3a6575ab66cba0b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
9ba1e02df7197557c96c3ac04a0631ea

SHA1
ebcc09aced34b7ed602fac63f23f986dcd65c991

SHA256
bf2947bf60ad2f3dda67795dedc4ac8b489ea6629b494ce4a71ca637c57c2022

SHA512
6877fd2d316a623b84bdfe5b7deee0822db446cc8abd3bdb2ec395a591eaa879e85fe47e209af675ec09c9cacff6fb3966bc55b03ec2e7117580d370127268fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e730c4b6939560fdb70cdfacf3f50aea

SHA1
88b94044f30e339c76b03b13954369b9f95d085a

SHA256
b4d5e4e60959683068737b19be48730a427a6e80f41ed7fdb709fab5c775cd73

SHA512
c4748bbcdf91871fa37731ac3d91890639b225aa128208eb56d72c91a8d3c16f047c46fa4b96396f079362b067a55a9be42cdaf06cdb2f9da3cb1a1c546f721e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
a88b8221e2038b1bb59c66c78e24890b

SHA1
419b80448d7684c606694848f21bcab7d22258bc

SHA256
f1d1a062238aae7a95b51c4847032c7e9e1d0da1a23f6061c1e506f8de4c29a8

SHA512
dea88b37bc126053f2a0c170a35a1360816726c6cf66ddd87603273fecf9ce9bc3240fb38cd057f2dc8bb67e3ea5d4fc9b8adbbefd570de183aea9d1990abd5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
df2b025f05cf96b23d2751729587dcde

SHA1
f476eccaff5e3e2a2be636273d735b1e39725a5b

SHA256
67479318bf7a8fe888251a2306696b38f0f3469a0140f600cff7a1791fac3409

SHA512
6223eb50055ed6aa25a0b4b6bc9311f4ee8746cfd04e716c494971f6b4c15dd12652d82d4e61536c9821417b9559ce3fdc5df3cd4f6bf905ef75a4f4e1a8acec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
ecd39217d4e8c36d7913c8674e99e4fe

SHA1
cd1e592c5f5b97c8c3ec745f20e85a1d62d470d5

SHA256
f62ae06de20a6e3ad96aa5230e3ab0723c949bb3520654c5c97273766082b779

SHA512
1d519ce745bd4ff23638473e30fe9e8f6a6e3c2bfd250dca7ddc403c26439fa9e0035cb9f43f14ba372fd8c4639a222d2f2b062213b4e6098a6246de60f48d4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
65f2ded425a34777734fee9461b471a1

SHA1
c45d121f6ea2b4860ea5d9b98f18802b2381d671

SHA256
ecf52399533467f015be785c1a6dce6f9cd6ea60dc9610352435fba7642e3242

SHA512
54aec4cd9f0a0808b4d84fd84f24dcd64edb27d4043612d26f97b7ea77013ab23309543975515c6d0452739cb71482b33deb1f3b8b1c099ceb7b4017e7fbb838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
c9e234867b72c547f041cd600c10993a

SHA1
6f58760cb19adf67e38079473eb7d44ed4bcda45

SHA256
5e79243a061158bc89aefb02f2c2a131148b0c0f5d47df9f8e0a174dd2c0d4c9

SHA512
d28c9418592552280180214fc0ab1f89bc808fc1c76d1e46a539e063b1f5d23a08f0f6eaa5d9b7a38eebd43cb96d1cb96b84aac567b46b880e0db75a0f08ee1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
2be164c7c146651d3a260611293d76a6

SHA1
22f83f4e7f597b79e85e0bd5d59b75884858f7df

SHA256
54e81dbca19a32b3e1065a895d02c65c0386668b63192ee9dcb7b087b0db4d05

SHA512
aee13163582bab5f08e53b65c4f23bd2ba4a22233179dc2cef5879d3689afc69dc1831980b86a4cd802ab8ab39e1b06a07ef9739ac357539f25c6093f0531864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bff4.TMP
Filesize
3KB

MD5
3a88d8441c601d76c254f2ac9a1a213e

SHA1
2e8eb0eabedb20b98c9a0f76957c257a33950091

SHA256
2f64e77d4e9364f78d44649f60356ce5e71d87f2b76d6112c390cbcb0f71330d

SHA512
0e0ac2303698c2625685d7ed8f1cf15ca732c3e6e998bb19f6ce600a64f573b302070ebc458266bc754c3c8f7a4e95f93529784d849ff9016b12a0e7803fd740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
53020893c889b65fa7827decac0851de

SHA1
22ccd61f571fe914d5e8a1d18470ce942733b44c

SHA256
ca09029fe99279fb41342ece271f806b6fbb71d1f538dba29bd355a48a6d57e2

SHA512
8193c5fa37fb619c6f39d5b6effa48921cc8e71dfdaa9d025b3b340d3fdddd4a7b3361c6fd5389a47969905d1d6f2875e36dd20ec312982cff79bdc0a1a34cd3

Download Submit
\??\pipe\LOCAL\crashpad_3008_ICAQKQVPBHUKBEPY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit