hxxps://visitor[.]paysmarti[.]co[.]uk/universityofyork/BookParking/SelectPermit

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 07:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://visitor.paysmarti.co.uk/universityofyork/BookParking/SelectPermit

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5984	msedge.exe
5984	msedge.exe
3472	msedge.exe
3472	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe
4596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe
3472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3472 wrote to memory of 4328	3472	msedge.exe	83
PID 3472 wrote to memory of 4328	3472	msedge.exe	83
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5808	3472	msedge.exe	84
PID 3472 wrote to memory of 5984	3472	msedge.exe	85
PID 3472 wrote to memory of 5984	3472	msedge.exe	85
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86
PID 3472 wrote to memory of 5468	3472	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://visitor.paysmarti.co.uk/universityofyork/BookParking/SelectPermit
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf32f46f8,0x7ffbf32f4708,0x7ffbf32f4718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5892 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2588 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11688765338489168565,755113663170968137,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7076 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
43KB

MD5
4d14a9a9cf4ff65476d4d9cd8679684a

SHA1
39f92fbd45edcae86aeb6959f649302dabf2fdf1

SHA256
a509f62d3d83d2a7b5d64324fdd8eff4115adca9d065600f3e33dec9a3b32e8f

SHA512
3967ca34e70fff8dcf6f33a72a1c31d20cfbff4d69802c36952a4453f8193f3aaa4540bebcaa614781cdee18b8e0bed2962b2e76dd89d92b9e236a36bfd420cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
133KB

MD5
a8a0b5a1736e850c23ae3eeb43bde71f

SHA1
8d55a067df085c0a683e297ba80b6b2e8f2d28d4

SHA256
4a76f7226db92d625ac35d769df490dbe6bfb17b3a718ba808de3e3b9a42f71e

SHA512
6c688b8055d305c9a5842da3ae2b527a75c9930b1e41709f1fb21ca8ce5497d58c61519dfd77d32145509433835ff905bf3437a24705283ad42255cef61c4985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
98KB

MD5
4dfafe2dcf295c11cb49316f4b78192e

SHA1
a82de8ab0ebe9b8cee82f5dcf0de2b598d98c65a

SHA256
3822ee16fbdb00af9444886828331e6d8c5a20c917dbb53f341e901d306293af

SHA512
df34c35f16236596dace4498d67bd5844d77743525938feb279bcb9cf53df86783fe4e1e54dda44376cf81f91e0561b7c2e4e1fb7e738e7f7f61ef8e14a16103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
16KB

MD5
0a1aaf089faa95d4a4e23017100d76af

SHA1
3e9af26c293a484888b838761d4d9cad7fb57ff9

SHA256
6544ac520ca66cabb00875d778248cd7ed5e8f491863c53e882be078e645136e

SHA512
1d0f8f014a96c5c9ccf99f3e55eefe9211d21a45ea1dcc12a49ae6f0836c39350e9b4738feb06f89ecb1276eefdb725feeff8bf475193a266408c1c51af7baf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
56KB

MD5
78c2b586d013f22c00a7fba84f1b17dd

SHA1
297e8185e03b95dc9ac1d3bd61d7fa6870af5e22

SHA256
296967c3f68bf40c880602e4f9332488b55e6b901d7f9abb0190d391e2c1895e

SHA512
6904ac1bc42db7d8e0b7470369dbd2de6936f90af3e00c247d773ef2b8c20cd4ba54ca6fd3983f37052f8d74faed449d14d790ba500ad0ac72a3d72dca82a077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
30KB

MD5
28b9663c85f19833c132faa76d265ff4

SHA1
d2449036f55bf14432f12b1b5d27e9dd0218158d

SHA256
1961283ec96618b772e691db368e7f270c1c6d3e4e30f9e90628fd3be6f79c83

SHA512
43e9e340a7906a4b4eef98f7c044f88370d21f3650de385230343671621c371b5af1a5a74d2a003e538458e50b5950df295ed914811e6c421be6c1a31ce8afbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
18KB

MD5
b2150fb08f3ecad22a75b5bbf418a44e

SHA1
4e05d5ece6ce7404fad90681e39eb452a3488045

SHA256
df1deb13cd650edcdcf9c97cb95b054435c42f87afcef33a4f9165d3376821f6

SHA512
5fc4f5b6d2913f211ef2d65f566a0bb908d943d2f06f2e08f47265eb7bc5bc5636fc9cd2a13bd98cf849212dee9e89e2f6c5633e11cc53e1baa6dfcda7a42de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
108KB

MD5
b1028ffa35fe707c022c54ecc19cfa32

SHA1
9e6083ea72976356399b30e1ee225edc71886745

SHA256
c7b7811968e250811969a23da10f25d8dedd0d0459fd29262a88a9599ddfbc27

SHA512
f005dd7fe69c595333042ae236885eb82b342397f2036d22fe44de8e51fd0590ae1570605eeaf3454bbc4517bf29341c61d163409d534b8115ff298f12ab01d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
36KB

MD5
d90047f6a5198560aa5e6ed06599266b

SHA1
61914cd40f7fdf47df3e75c7915975867c6cc4cc

SHA256
4cc91b2645ae24db94e889c96e74ee32636c0186e9b88a65f4db95b36d2eb6f0

SHA512
6a54bd7da8a7d5a8cef217699ac7b891297dc64d79dacefbc303613075522c32cd96c6988d7da92f167f67652fe827f95b702bacf8ddf2e64c4a229fe636ea1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9828ffbe3aedded52c3e24d6f391ce16

SHA1
71e0dcd12693761d99ea6956bfdcebb24db0ed6e

SHA256
a5bec53c04967e3686c3d3564aae030abb061b90e1f36e4538431a24da91d177

SHA512
9594bd47cc7fe6631aaf566f560e780b1c12588b8ca7a4e6cd832b12a94ad7138a34e5d2893f19d0586c54fa2c762569b31daa8fd8926bbc297023a82cc33224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
735dd7126fd6eda64d9c52d47c7154aa

SHA1
a0b31eca7089e765927d93fe4f14e49236c41b2e

SHA256
c52cd84477ec37fc2333b7bb6293a8809d2cc47bafdb7458b25de011a3957ab9

SHA512
427c3d1a71d16d4b01e7364906144d5ec16e898aae755e16074810d0e42b11e7dec4105e1f7bf3cfece539160e0fb162a4489ec4ee4e3d7893c55236d7da08c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6f28d1d517d5d7b248365e2f6b8a548

SHA1
5fa64119ffbf3a175ed9cbc4a407527da37b926f

SHA256
ef62c59c92feb65080fd3f1b72ee858a26f229b9fcc28a01ac1a94d0e1b9332b

SHA512
c6a1231115f54dba3c1989f02b097b451e9070e1964ee763c8b8d2507a85685e2fd2be60209f97422e718eaab4098664a08293a9b54b52540c4f5e6c2a30f2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cea523a4392f2db85d9042e2aa3c0793

SHA1
ceb8c028b08ada7f52ae42d1db1fe1a5950096a1

SHA256
be8c8356d0620dc98421a97713455d33313cefd3f7bbe8f37e0f0d07b45ec430

SHA512
9b696bee7fb3a05d0aec7d052bb1c335062886e63144c4484dca371719f2d84b6b442661a5dee82f9d8ffbc05a7eb160d5c2000ca775694b8dde93415e36bef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5b3ddaa691bef2167d07662578567cf7

SHA1
53ae2f1e98de0fd96a8e969e0cd02fc2e059c5e7

SHA256
5ac5ad0689c7c9801026c44fa6bc3d75aa10b22e6b63919c8162192ca1a675cd

SHA512
a3f65b24f8615914b1d8f25f77bbd0108656f4afdb0a47349ae49d39a0365c7b08aa94b5bd8d90e76f255557c8d66388c28bf8e07b93619fa3da0a815e6f37f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de84b5558a59ea28fcc8f628c8692042

SHA1
b0aa1a37e1a7bc026e5e6014f423d2c87f680c53

SHA256
d6e36780a32c666a68e2f1db4b3d6abf52e9e9cd67f17aa16a4ac1642d2b96ad

SHA512
9f98f8fff5e50b0cc3ca1648c125043641fac76b56c82d16121719d5a33cefcbbc1c71b26d0ec0ff78af6a7c322622564b5a56e060833d9bd2d95e23f9fd0133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
52ac4409b68179b00fed792dc571c0c6

SHA1
9faf71b1e4914d363f437b49d1e54187be2383ee

SHA256
65f44693594392c4551ec2cfba84b35759402a40b1fd5398e581084bf96d9c52

SHA512
59015119e0983056dafcf3d4e25e5f43a56ae5c390bd512da900949709cffff810baf78cc6d77fd9d78a11a446d665816c34d70a08997129bed77dc8d20ba5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
99dc5f8864689058dc95a777899475c8

SHA1
912e94592652b279cc9586cf5602746a8fb23e7d

SHA256
331382089d1e69cc680896c0e102c39f4b3d0a920edb8bd318577f5ea91bc8db

SHA512
803552d859563ff747393003f45c34636be52d908f244d779c7b115ecea168c7839f583866dd3e3bed690c6e4323eb6b2ab3951ef0538e6b09e651b65e8be1b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4b6a389e3aa5684760fe066132b3a5a6

SHA1
fe8adf1f2d12b306694e08316ee467db451935c7

SHA256
7e457c0dd69e0ee22a35e9b8b4e56f1990808842a97c708f0f1ce3d41a593df7

SHA512
52d6cd31d1a46fee388425d746fe1ff972bb496b67614738f6bd5f65e092a63106f0856d710e71dfef82c175708b0dab9f50bec6d09568ea7cd36e8090aebab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5812b8.TMP

Filesize
1KB

MD5
b50f278edb566e96190eca3b00b96836

SHA1
f339e1402cf9c5807d41000295a0c048bf668f2c

SHA256
42313e49c5ee573a73ed08d977f5adc97de34603a71db1f82f57399db4abed25

SHA512
d6234f8a8706f767b13083861ddb23d4b9ed2fe4cea4a6bb05ace679943acf067e3b6abfc764129cc36cc3f9226bff5d225e96590710744da62b7be1ab24c15b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b67d7a2f53a446b1d94add3c1c9fc47d

SHA1
22ecfd3235001b6122b26493238fbdcb93b784db

SHA256
9263861a8bc139c439994047f22936af775ef246720e32d6c0bcaca9b78871a4

SHA512
fd00de04199cb09fe3498014f85d83207f3ba8330717d58a1c6a0d553ebb8f6268c05ccfbaee5ac94695049fc08f80b77cd42a9f36543d3e29016dd305342f3c

Download Submit