hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbTFWS2VmaEVFcVh6Y3RSeExhd3JuTXI3Mzd4QXxBQ3Jtc0ttNlJUa2JHZmxtaTAyZFBCaUdCU21ocjJLQ3ZLNWFBR0hsZ1NHVTVFM29EXzBWYm93TzY3SHdGd3d3aVlKN0UtMGdwMUtubHpIR09HZHl3TzZXX25KYnkwRnNBbjJhNGNHVFpJYUd3cjVLZUdmcS1tSQ&q=https%3A%2F%2Fmodsfire[.]com%2Funxxrks4A1gGLX9&v=-a4PKNLOmcw

Analysis

max time kernel
46s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 17:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTFWS2VmaEVFcVh6Y3RSeExhd3JuTXI3Mzd4QXxBQ3Jtc0ttNlJUa2JHZmxtaTAyZFBCaUdCU21ocjJLQ3ZLNWFBR0hsZ1NHVTVFM29EXzBWYm93TzY3SHdGd3d3aVlKN0UtMGdwMUtubHpIR09HZHl3TzZXX25KYnkwRnNBbjJhNGNHVFpJYUd3cjVLZUdmcS1tSQ&q=https%3A%2F%2Fmodsfire.com%2Funxxrks4A1gGLX9&v=-a4PKNLOmcw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4620	msedge.exe
4620	msedge.exe
348	msedge.exe
348	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe
5980	msedge.exe
5980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe
348	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 348 wrote to memory of 4004	348	msedge.exe	82
PID 348 wrote to memory of 4004	348	msedge.exe	82
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 2420	348	msedge.exe	83
PID 348 wrote to memory of 4620	348	msedge.exe	84
PID 348 wrote to memory of 4620	348	msedge.exe	84
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85
PID 348 wrote to memory of 4324	348	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbTFWS2VmaEVFcVh6Y3RSeExhd3JuTXI3Mzd4QXxBQ3Jtc0ttNlJUa2JHZmxtaTAyZFBCaUdCU21ocjJLQ3ZLNWFBR0hsZ1NHVTVFM29EXzBWYm93TzY3SHdGd3d3aVlKN0UtMGdwMUtubHpIR09HZHl3TzZXX25KYnkwRnNBbjJhNGNHVFpJYUd3cjVLZUdmcS1tSQ&q=https%3A%2F%2Fmodsfire.com%2Funxxrks4A1gGLX9&v=-a4PKNLOmcw
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6200 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7084 /prefetch:8
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7400 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,17034733828367633741,8274911331672409958,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1bf58e1e1f1d1bb3515657678de09da

SHA1
d17f4c649012c1c0c89a4e65563a29687cbeb3e4

SHA256
6b580c2532eea669c60e0a804e24e67a78d20756fb1c57d1e99d92189b3590b5

SHA512
59afde3fcfe17d2f666a7777f7b602c3491699b5a0b68ea2ad7689516a6ebd21fca95565b153ca8c18c7f62f329ac018b6714f8ffc1f4b5a0417dbc1602efc12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b610bb5358e607ff447400b0bac676c

SHA1
16fa11c21367c92e9cb093a7f15caaf118fd9d64

SHA256
6b1415b1239e700b4d6b5c84064aef708d74dfda5701f8c55bdeb72bebc3f4e5

SHA512
8933036948806391c1e1a87dd105235bb54d6e25dfadf77e199bfe8c53d785c9717a8ae782383b30c11de106ccf876d299f15353271c7930974fe173ddb5b89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c29bca23d7291881f58b4acfdb885d8c

SHA1
2c2d9cd50a9f130a290747381e484de7be7bfeb5

SHA256
204cdb12bd2ca9695af43a3342dceaa637ab9218f7b4a67cb12656f617d9ce90

SHA512
9d0fad6567691d344126cc458f21ccdc3420a44d3bc4713543043eaf86f1b259da319d6239ffd3dfeec039f146b1e60d4802655125bf6fdf72ec831799d97c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8b9539163056e4006808be09a8dc0c4c

SHA1
366eb9800f1146d12bddb05df8ccc63bdc2dc3a6

SHA256
faf1c42bc57f958615d35628e48e8b87401d6b90293486bc10f9c57c01f3feb4

SHA512
ba571cbda2897559a7a65c135a122e4be4dbb2c68fdae0deac955083bb237b8c06078db898fccdf0b40d07fe728cf438db49b99202f4fd38a58b229db8bd44ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e0519442d5f6ea14ba65dbea2f3518ee

SHA1
6abaf79048d1100c0b44e4c3e5de18361251ecb3

SHA256
90cacd2262390bf2ff9091bde018e81a4e8725262820eb7796c738933647851d

SHA512
71ecb40f84ade05beab4a6614b36df5f345c5a5788acdbe73989b0400c38bf81dbc4c06fd66f97f67f856f141af71362039eda7fa52f06913516d1018c5e89ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3e2d3e2390f3a1ec0e6d9c0b0a4b8fed

SHA1
c5584eed65b962203cf652abd5e11c31fc36cdf5

SHA256
3c792e01a940e9c455850b0388a69d905c692e65acba2f33c8faa6e3aff4a2c8

SHA512
ad12c22d110261c183cdabb57cad0b81341737db767448d4a12ae649fc29ef702374f2dfef992016f0cd9a7cdcc27a30cd5892f2f7ba23c34fe8adb052ca84e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
164bf1542a5e4d4e3d1e0c438e5b0d6d

SHA1
dc06777cb87ae5e79154d163d9b63e71ef52ae59

SHA256
91e5d91ca5b7f24e8000a1d6c89e604c1a75374522d8ff18d15e8215c909bc41

SHA512
3ba90b561d23afe135e1b168464b54973ee0aa9d2a4d96e88c81deb639c807611b7de9a6e6351b162e8e88810ddb8776f87940477c4b8d34a965cd222206855e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579ff9.TMP

Filesize
202B

MD5
0553b9697e4094d8f81e9dafb9cefb4c

SHA1
57d3bd67a170e5111b0f6d34492abb2524bb2847

SHA256
658a746e407a6d26d071ee24cf8c6ae228411a373aabf410344d3ec05a39659a

SHA512
597e006dad87ba5679089b89e0c3dc294b4c274d798da70b2b12e50c1c783710b54388b0fc6ba15831ef203bf4d3c8c9c410ac42718c4286113d4de5c49d0d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a3f225cef9a76ceebca89e9285679e87

SHA1
a7746912545eaac34b6f61c318ece5267e594f13

SHA256
174567089820e2402fcca74c8c6c6e31df2d44323f14f18288ea9f1421b6cbb0

SHA512
6385d61a567b5ddc8cf13a52f233dcc29bb97f5f0644a092accd1e4aa681d3c85b1a504fe1909e5b0d5b9c8e9b41464a1a20a71ec7c4f73d83b000b260c9945e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f568e73a848ec1120726794d2b5ac5e9

SHA1
5e44a30631f8cdc85fcf5196dba1c95ad49e3f17

SHA256
f03bdf637705045221eae6abdee051209b7215bb2ee8d4f38ef0709c046f4390

SHA512
612edb7016aea05efb7467e8acb7f35f42c841a668d519aea448ca5f78ffa9bd38dbf56f8f3598c87550033bd3974f1b0b31b680028adcf55a1cf91a7df45678

Download Submit