Malware Analysis Report

2024-07-28 06:56

Sample ID 240614-ke5bbswekm
Target https://bt.com/business/myaccount/?s_cid=btb_email_N3CDBreach&kcino=4518276228
Tags
ee phishing
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://bt.com/business/myaccount/?s_cid=btb_email_N3CDBreach&kcino=4518276228 was found to be: Known bad.

Malicious Activity Summary

ee phishing

Detected ee phishing page

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Persistence
TA0003
Privilege Escalation
TA0004
Defense Evasion
TA0005
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-06-14 08:31

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 08:31

Reported

2024-06-14 08:33

Platform

win10v2004-20240611-en

Max time kernel

63s

Max time network

65s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bt.com/business/myaccount/?s_cid=btb_email_N3CDBreach&kcino=4518276228

Signatures

Detected ee phishing page

phishing ee

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4076 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4048 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 4052 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 3292 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 4076 wrote to memory of 1100 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bt.com/business/myaccount/?s_cid=btb_email_N3CDBreach&kcino=4518276228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffccea246f8,0x7ffccea24708,0x7ffccea24718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,995997976297941048,7999628827774430557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1

Network

Country Destination Domain Proto
US 8.8.8.8:53 bt.com udp
GB 213.121.43.135:443 bt.com tcp
US 8.8.8.8:53 135.43.121.213.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 www.bt.com udp
GB 87.248.205.1:443 www.bt.com tcp
US 8.8.8.8:53 secure.business.bt.com udp
GB 193.113.11.145:443 secure.business.bt.com tcp
US 8.8.8.8:53 240.143.123.92.in-addr.arpa udp
US 8.8.8.8:53 1.205.248.87.in-addr.arpa udp
US 8.8.8.8:53 145.11.113.193.in-addr.arpa udp
GB 193.113.11.145:443 secure.business.bt.com tcp
GB 193.113.11.145:443 secure.business.bt.com tcp
GB 193.113.11.145:443 secure.business.bt.com tcp
GB 193.113.11.145:443 secure.business.bt.com tcp
GB 193.113.11.145:443 secure.business.bt.com tcp
US 8.8.8.8:53 btbsecure.business.bt.com udp
US 8.8.8.8:53 assets.adobedtm.com udp
SE 23.34.232.228:443 assets.adobedtm.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
GB 193.113.5.72:443 btbsecure.business.bt.com tcp
US 8.8.8.8:53 dpm.demdex.net udp
IE 34.250.64.99:443 dpm.demdex.net tcp
US 8.8.8.8:53 72.5.113.193.in-addr.arpa udp
US 8.8.8.8:53 228.232.34.23.in-addr.arpa udp
US 8.8.8.8:53 55.36.223.20.in-addr.arpa udp
US 8.8.8.8:53 btbusiness.demdex.net udp
US 8.8.8.8:53 btbusiness.tt.omtrdc.net udp
US 8.8.8.8:53 btbusiness.d1.sc.omtrdc.net udp
IE 34.251.227.208:443 btbusiness.demdex.net tcp
IE 66.235.152.221:443 btbusiness.d1.sc.omtrdc.net tcp
IE 66.235.152.225:443 btbusiness.d1.sc.omtrdc.net tcp
US 8.8.8.8:53 consent.trustarc.com udp
US 8.8.8.8:53 static.atgsvcs.com udp
GB 18.165.242.12:443 consent.trustarc.com tcp
US 8.8.8.8:53 img01.bt.co.uk udp
GB 23.62.194.178:443 static.atgsvcs.com tcp
US 8.8.8.8:53 collection.decibelinsight.net udp
US 8.8.8.8:53 cdn.decibelinsight.net udp
GB 132.145.57.130:443 cdn.decibelinsight.net tcp
US 8.8.8.8:53 lptag.liveperson.net udp
GB 178.249.97.23:443 lptag.liveperson.net tcp
US 8.8.8.8:53 rules.atgsvcs.com udp
US 8.8.8.8:53 resources.digital-cloud-uk.medallia.eu udp
GB 18.165.242.12:443 consent.trustarc.com tcp
US 8.8.8.8:53 js-cdn.dynatrace.com udp
DE 147.154.138.18:443 rules.atgsvcs.com tcp
US 151.101.189.230:443 resources.digital-cloud-uk.medallia.eu tcp
US 8.8.8.8:53 99.64.250.34.in-addr.arpa udp
US 8.8.8.8:53 221.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 208.227.251.34.in-addr.arpa udp
US 8.8.8.8:53 225.152.235.66.in-addr.arpa udp
US 8.8.8.8:53 12.242.165.18.in-addr.arpa udp
US 8.8.8.8:53 178.194.62.23.in-addr.arpa udp
US 8.8.8.8:53 6.39.156.108.in-addr.arpa udp
US 8.8.8.8:53 130.57.145.132.in-addr.arpa udp
US 8.8.8.8:53 23.97.249.178.in-addr.arpa udp
GB 108.156.46.113:443 js-cdn.dynatrace.com tcp
US 8.8.8.8:53 consent-pref.trustarc.com udp
GB 18.165.227.97:443 consent-pref.trustarc.com tcp
US 8.8.8.8:53 230.189.101.151.in-addr.arpa udp
US 8.8.8.8:53 18.138.154.147.in-addr.arpa udp
US 8.8.8.8:53 113.46.156.108.in-addr.arpa udp
US 8.8.8.8:53 97.227.165.18.in-addr.arpa udp
US 8.8.8.8:53 auth.bt.com udp
BE 23.41.178.27:443 www.bing.com tcp
US 13.107.246.64:443 auth.bt.com tcp
US 8.8.8.8:53 accdn.lpsnmedia.net udp
US 8.8.8.8:53 lpcdn.lpsnmedia.net udp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
GB 178.249.97.99:443 accdn.lpsnmedia.net tcp
US 13.107.246.64:443 auth.bt.com tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net tcp
US 8.8.8.8:53 udc-neb.kampyle.com udp
GB 132.145.57.130:443 cdn.decibelinsight.net tcp
US 35.241.45.82:443 udc-neb.kampyle.com tcp
US 8.8.8.8:53 27.178.41.23.in-addr.arpa udp
US 8.8.8.8:53 64.246.107.13.in-addr.arpa udp
US 8.8.8.8:53 99.97.249.178.in-addr.arpa udp
US 8.8.8.8:53 120.154.120.34.in-addr.arpa udp
US 8.8.8.8:53 82.45.241.35.in-addr.arpa udp
GB 132.145.57.130:443 cdn.decibelinsight.net tcp
US 34.120.154.120:443 lpcdn.lpsnmedia.net udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 bf20149cip.bf.dynatrace.com udp
GB 13.43.126.245:443 bf20149cip.bf.dynatrace.com tcp
US 8.8.8.8:53 245.126.43.13.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 198.187.3.20.in-addr.arpa udp
US 8.8.8.8:53 57.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 241.197.17.2.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 b4a74bc775caf3de7fc9cde3c30ce482
SHA1 c6ed3161390e5493f71182a6cb98d51c9063775d
SHA256 dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280
SHA512 55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 c5abc082d9d9307e797b7e89a2f755f4
SHA1 54c442690a8727f1d3453b6452198d3ec4ec13df
SHA256 a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716
SHA512 ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

\??\pipe\LOCAL\crashpad_4076_AZLROIWQQOWNRQKU

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a435519d-09ab-4d83-a99d-bf27162316f0.tmp

MD5 9c3660e9168adbbb93cbc6ef452e1de6
SHA1 fb3705142bd109f02b708df6959c88bb67fcdcff
SHA256 ade80dad6e26d2348da553711d53bfe3bf99d971ebc227b93032a13730aa3116
SHA512 c8cee8133f071cd64ff4d158ed40d1dd02fe02dc9d8de83696a33b8298a7cabb76eae15daeced724b3d53ca90273109bbfb0f5d8402c7c3d584df148d009de88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 57fb7a4716716de4b75b6823db0b5c70
SHA1 5ee7caa96bbf5b57aba36c8eb27dbe4ffbdf50bc
SHA256 cc1220355a49cd2de8157b64eda4ad0f618600142f96cfd90fa1f0272c80e487
SHA512 8e7bc03e495a7689f6ff12b888a957eeb0ed20a4067edecfbd748db45403ab56a2f006a0cac5132e6186ffe1ec55216920332d98b799a5c4619c9cc43b461261

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 c9cede7e442dffc2db0e508bd4c75418
SHA1 b1d74d058beece322b12393305fcb86feffc546a
SHA256 28afe366f76d0a7d9c4fb48d40b435aae6a6b78acfad4ec08d63d53d84a07218
SHA512 fa42953fa6815222c23f92710cef084d1adae0baf4282e214fd439efa1b9a24711a1a7b41a0a0a08ecce390fffb76e7aa6b1d22a2acc954459cb82bc616b1f18

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 5b8f36f321b19fede13c4eafc5c73faf
SHA1 f0f4b61b9db1bd6a62aa1768211df472ad139179
SHA256 c84b474f65cf77472bc680342efc6dcae8cb038f9d0538c6eff74b7e29e419f4
SHA512 b67137699ade10bbe768b542bebabe0154c1bb00e2e7d4e31849f40f1295cb43baf60746b606981c637c5715baf94c3fe9baf49d03cf2d03fad5b08a91fe0b00

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 cbbd527213d7c9aa0406d10ecc5de704
SHA1 55a491ae9f6f5ec1a87f1e20ea900ad09f45a194
SHA256 3880d56c563449c39bcb65253fc8609f9fc0fdb498bf3fe335197fde19d74205
SHA512 1bacb7f4df8843be699152e86bcdb2e69b20c26909dd1abf42979f75bac096388a4113417745e95f3be0909d26624ec4c3d135a2f53657153107a8b3aae0118c