7155e9922b846beb8a867d928dde0b1cad2292c24fd9ddfd566cc63f03276bb1

Analysis

max time kernel
1680s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 10:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bUNjkIKb.html
Size

2KB
MD5

0a48b881aeb046ebefe266af67b13bc0
SHA1

ba4a9b03ac7ecd99bf27ef79f3870aec36d5cf15
SHA256

7155e9922b846beb8a867d928dde0b1cad2292c24fd9ddfd566cc63f03276bb1
SHA512

e74d66c0d7dcc2d010740a9509d36962f4338b050f6e6c50a47496c28f8663c674d9634dca09d9c28c995d3fa7bf287124ee77ee273703ce817420bb40a14242

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1344	msedge.exe
1344	msedge.exe
4356	msedge.exe
4356	msedge.exe
408	identity_helper.exe
408	identity_helper.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe
5708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe
4356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4356 wrote to memory of 1748	4356	msedge.exe	84
PID 4356 wrote to memory of 1748	4356	msedge.exe	84
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 3932	4356	msedge.exe	85
PID 4356 wrote to memory of 1344	4356	msedge.exe	86
PID 4356 wrote to memory of 1344	4356	msedge.exe	86
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87
PID 4356 wrote to memory of 1712	4356	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\bUNjkIKb.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb870146f8,0x7ffb87014708,0x7ffb87014718
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2328 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7216 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7480 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,17293281578275437056,7828478638911995447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
22KB

MD5
ad9449e5c3e35f9b03a9be3c0720a9d4

SHA1
8e952fbaa26ba1b165e807f530bca0be108db4bf

SHA256
537f4e532a9fbd88df3a59c65ba5ac67fa5e73a41bb701dbf56894c8ef3a72d2

SHA512
6d0332da0500c678e3819546080e546dba6524ffd8042439f0924ee5a460d14ebb48823d5b710ea17bf4831f623f8937f67fd9033616d2838ef89360c231f7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
38KB

MD5
31f95c6c861dd854263854a5b054a21a

SHA1
20c49d3566f95686a3d012b259012ca4b88ff7f8

SHA256
3cbc8210e6a1a9a5521ae8e5831219c0a9f5c337c805fe41dd769ee76e4e52af

SHA512
a8b1a01406c71499a2c993c5b00234c8db390e98af4d98d554add3f93a1f2d8513fcb3ebbc923f758a93d5ef31c0683a01706160395c9072f8c2d7bea57c1c43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
22KB

MD5
9196e81f8ed7f223d765423c1f9bc8a7

SHA1
88f9d5c2a6908cf36b8daae803578ca9e1fd2929

SHA256
a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe

SHA512
e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
68KB

MD5
66bfe390b6a6874ff84fc45799166e25

SHA1
0a4bd30e2106d6e57ef9d234394c75dc4ead6bc1

SHA256
717839367693a90b1b9151d8b3e4df18dc3fc5e5b7ec8952c2a22f76d9b4535f

SHA512
92d65f853abac12cc20a1b34c8405893135653bf2e2cf6c292b5328eb3e93c9a7b680bf2534af8d5fa522a24afef32a04527e84cf31a288362378f0e2c509a47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
47KB

MD5
01a815f69f87bfdc3c02d9bfb4731e2e

SHA1
bed2f558cffb34e51f1d70513adc2dfc74af0ccd

SHA256
216be4b56ac0c2d9ac8923ff4870fde36d91328a9974d94959444c9ed6cdc6fa

SHA512
a8deec491a7c3e2d5798994df60584cd69c3064409be37b68eff704c81caee8207f43daab592ebe73a644482d3daad681e1c7c4ef9a08c25c7fc6a0777c9ead5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
a5872638c5169b68a6286607917466a9

SHA1
f331d15d00aeb957e295a32ad84032a61a67f31f

SHA256
f3641a320a56174b560b1b5a2e5d9af26662830fa1aae21b4fe35104db957187

SHA512
2614d0fa8c019120dd97b6a11b0f8c03f6700b4a3662e0ae8edddbc0dcf643c6538ba5957f0810780f437f930a4b26228d2e00f8b7f0f5c1b0ade0a745131516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
e3fff76e76fca5045aba3184f9e242b5

SHA1
474f16c68c475375a03b6f8eca9dc68fdf925b56

SHA256
44715d222a790b28ef723457564c7160297cdc2c8ac5ad55801b764c9566caf6

SHA512
fdf510ce4a33ae264437009c82e938b0ed3fce8b02ebb8c018153ddcfc4511d5f65f00dc0dfe09482aee1a3f76e0873d5aac23e7dd40aeb053e419b1cb582ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
229KB

MD5
e0f369b578846dbd57e05e6882142b52

SHA1
d9725ec9fa2ebcf3c55361f69a7e936beb949f9c

SHA256
7dd73e2d2fd4d8bd1a155cc2c5b3bbb0e83d03aaffff91475f05d86020e770cb

SHA512
6bfce123993b5ecae3366a909bd96ca95dcd1264da9f57604f201a19f74bebae5aa58d888177161cc3054d5d49bd505b698ef84e3aaf56cf2a53b0c1ada0c684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
29KB

MD5
e465f101f881b07ccfbb55d51d18135f

SHA1
0d76b152ea1ae4aa68db36dcc7bd204acdc571d3

SHA256
6f5ebfd0fc9a520adca234fdd34b4dfbeb106942a6f44e65fc1ac54f7d2d6498

SHA512
2c1f730db5108dde4731f22838ad7eef4d6698ed5ea0c0951b81b21722df8051623923672c46f9397f81e74741cdec794f03aac37e532d1223a1a1ce448c73aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
25KB

MD5
d0263dc03be4c393a90bda733c57d6db

SHA1
8a032b6deab53a33234c735133b48518f8643b92

SHA256
22b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12

SHA512
9511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
256KB

MD5
6dfa4adb07e230eb92a44386cf37a260

SHA1
c739b1819ce71060b4d9fba1a6c5c93de6610ba6

SHA256
88cb61ce72cfc2b148c9d0e0da740c1164e01511347ff2f027aa3fea444c384b

SHA512
a2294edcbd2f0bf8689ab0ceb1ad201933803dccae8f245da9b7d4020e901e7a75a43526265fd66fc66fba9cc1774a5faed374acc819648c716f18e2b5778db7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
58KB

MD5
d64e27c255582bfdf91a0031e15098fc

SHA1
efd8f560e9959483bf5b3ac2f32d45e706daac7c

SHA256
9aba33a3527ff6136556534082c289e8ad7d4428c3b79d3fae7c31e023a7b967

SHA512
cdc6d2656b9734bde82a2e7edbdcb4f6baae4cb447f0f7052090da822327aa1324907f2d789c4391cc342cdc483d499c1be981b8c74bf7322be05ed3795e5d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
50KB

MD5
1271a1c5d6f720a7e67d7baf824f0fff

SHA1
bfae5896c4dbe5dff9b950b4e767293b65101b4f

SHA256
cdb2472eb6fe9d7ccb0f8bea3c2a3d71dda7622574fe24e8b0daf7255d4f2599

SHA512
c88bc90e883ab09008bbbe5dbca421d79d053f68167f7cb5b830a90db4652b4fb277126ca95aa93f9256f630c250de337039c2e6a7d8dc72ab10fb1edc1da46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
51KB

MD5
3fa8c23b89d34fcc51359db6d0551837

SHA1
69750d3260f6f371a516bfddfe15ca26cf068f44

SHA256
4218aacba68899324cbb3f9b7e09967916e41477312ced5dfde41082c6e147e6

SHA512
27dfd1aa035ba829b8d76dd8f8012a98dcd06178a9bcafc32a82886b7b06affbd72afd2fb093749a719b43a61a966165d991a2a377a939da24649da288bc4688

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
40KB

MD5
b786554392ab690a37b2fc6c5af02b05

SHA1
e7347fa27240868174f080d1c5ab177feca6bd84

SHA256
ebe47cc89c62447316148809bda9095bd07bd5392a99ab4b8ac8b9f6764cda51

SHA512
b71cdb76464a775fca909cabd0a7435c34de3ee4e19c40f5bebba6415295f0be2f82532a2ecda043c787ea4e8c23fd4e582a4d4322923fdf603a56e3fcb8b567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
21KB

MD5
586fbd03a7f8e8efcfb44c02a0c721f3

SHA1
9be4c35c9e97db3dd6a6d16604ab58c170f70232

SHA256
c676919c631bfdf174da2ac3dcb2e3102be25a93edb1ceda7187cf8165ccf3b5

SHA512
d79b99b84daadd575e8979b5b076358cba724e522673f43962e65dc9b81da438bc688cbbea1d378a79c5674c58514048f622e8ccea0a41059f2abacc7afb7701

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
908a123a5af4de413e210b3259b9d49f

SHA1
e1fe3aab7c0b88285432dfb09dc2d604b600cf39

SHA256
95ad67d9734722362d3ba2821daec5ab8ccf7246a89c1944c329bd76d975ec75

SHA512
689e031e941e0aa17e4d33d2ad2d59237d0d5d83df911493122d0b3701b7be3169c54322707753b71c0ae13c224ad84ebce9bd709c5feb01eb281000f0a9d40a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
de48c57173f65bec3154b76f1dd7ec2f

SHA1
a2ad4c790b67802e5724fcf01af26d3172d403fb

SHA256
311a15db9a9152403ea67377397d7890c97a8175879fd625c291604368f6df74

SHA512
bd320168ede5c34240c228ec4616c044cd53fb1c01a0e01ce6ebf42e8004a8cb5f2af94564fd42f94a7d8bf09e014a8cd5b0a89acf42d547a8c74ff6f86802fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e716bebe5852cc798112cf72f9579d6e

SHA1
ce3a0f420aaeea25f17486863031777e8bc19e5f

SHA256
18b6aa0e4773b69c0ddae638f1f2e736b306b313d7bdf4313ef071a11f5c7b0b

SHA512
b8ed73ed37b2a0ad29064f570be263f875b5838edef39f314ea43642b3d71755d4261753f3050792087f58b83bcf7982d77c4c0ee8530deb42be4987271d4022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
702ac8f4f8aa38494cae79d55c3be5a2

SHA1
ca8c1ed6cdb4297dd9f27e742b014bc6c14549b6

SHA256
b95ee1668108349041f6b10dcb4201d16306b43384967c9e7ec33d913950edd3

SHA512
780ddacdc4e7077ff215c21886f42ac28c1b93ff981b1138676de8824e69f9a31bfc51e9a020e8d0fa5bbd4aae9774be96b3de5a7e9f659b887736d972850c78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dc5d2de0cde5f2ca8d795f5b2a985e2e

SHA1
d582098f2f724728b9eff83f1a7e7747c0917615

SHA256
d73e41bb807c3f57a73922dffeabcc0f295e1b3668afc6dfb405092e46d26da2

SHA512
1315505abc604902460791aafda4f195f2afecaf95f90db3780c3c8d91ecc9fd329efcafa51f996c6a954a66572ed98f41ea0e9e493c825f6525a144177b9ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
de8d5458226a3f2869524526e9e689ce

SHA1
a28fdd1fa7714279692fc39eb3044be7ef3422ae

SHA256
7b226444bbb6cb9e024c3b3cb539707f267e3dfe9aa66d6166eb068cae604c79

SHA512
ee268934058ad6e3ae67a61a02fb572f85d1bbf935c05283ec9a850bbe55e8af5af31a56764e508360d63925917248471c8964e81e00d00417fea77d06ca9c2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe594c51.TMP

Filesize
1KB

MD5
8b01fb54cd1830e762586ef164c4deb6

SHA1
a29291551f90a13542642d4d5f33dfe513f2fb7d

SHA256
ebdae3c6475fcb1a1c5b0f70a1414a072ab5217869b787d913b406e96ac1dccd

SHA512
5d20b063d58bb245e59c4822efcf691919aa43a36a246bc53cd037535e64690f126c3aae83a5c111bf4d3b2ebc3ed27081dc5757abc69959abdfb7a31f324fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a8c7b5d67fac32d14151a46b113430e4

SHA1
6b4270150a0b177f6da4e6274a452c9206204717

SHA256
faaa4e21fd292d9d7b80bc8e7987bad8a6a0eb59d4c164807203d34fd5550d02

SHA512
059d329d6b2cbba2a09c232512272364d93bd5bd4859729661b11f2e9ff9d99732d2995a0be20a78dd59e1bd1702016acd1e310b31b41d0953d057827e012d1d

Download Submit