32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864

Analysis

max time kernel
1199s
max time network
1201s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02-08-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

zGcEBjDtWyzuDy6angPx1NkNyNZ6bOF6LhmoTKEI.html
Size

146B
MD5

9fe3cb2b7313dc79bb477bc8fde184a7
SHA1

4d7b3cb41e90618358d0ee066c45c76227a13747
SHA256

32f2fa940d4b4fe19aca1e53a24e5aac29c57b7c5ee78588325b87f1b649c864
SHA512

c54ad4f5292784e50b4830a8210b0d4d4ee08b803f4975c9859e637d483b3af38cb0436ac501dea0c73867b1a2c41b39ef2c27dc3fb20f3f27519b719ea743db

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{554F00DE-D87B-4234-B510-891D75A85234}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
2212	msedge.exe
2212	msedge.exe
3712	msedge.exe
3712	msedge.exe
4900	identity_helper.exe
4900	identity_helper.exe
2552	msedge.exe
2552	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe
2724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

Processes:

msedge.exe

pid	process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe
3712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3712 wrote to memory of 4600	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4600	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 4756	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 2212	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 2212	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe
PID 3712 wrote to memory of 872	3712	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\zGcEBjDtWyzuDy6angPx1NkNyNZ6bOF6LhmoTKEI.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd101246f8,0x7ffd10124708,0x7ffd10124718
2⤵
PID:4600

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
2⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
2⤵
PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
2⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5060

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
PID:908

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
2⤵
PID:1144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:1252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
2⤵
PID:2720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
2⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
2⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
2⤵
PID:3580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4068 /prefetch:8
2⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5308 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
2⤵
PID:796

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
2⤵
PID:2828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
2⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1796 /prefetch:1
2⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
2⤵
PID:452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
2⤵
PID:2400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6904 /prefetch:8
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
2⤵
PID:4028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,4512163657823352620,4212693771220571796,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7192 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\070E0202839D9D67350CD2613E78E416

Filesize
230B

MD5
654441d46733e04fc925bf0bc49670a5

SHA1
1aba3b421f3427abc751be2e31bea2685b8a2aa1

SHA256
54bd6511cc51b6a094eefcfea0025225f3edfd677b6d3485dc81fcd359209488

SHA512
6488afaa7bde2a294e720cb5c4fc2133a5ce682eb892b19ab9219668ebfa04698887a716dc8ae74c3c54a45d42c252ec39825ca4ef6271f1add8839d2d202676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
83KB

MD5
95ad70b0720495f26f4b7dc7aa152c13

SHA1
d325d177460b579980d6b36a4da2defbc709d6ce

SHA256
7d40765179bc45d7b2a36b9f0d49d12c2048abb154ed0ecfaa2433417fd0cdbc

SHA512
ca9f7e4fd11ce28a5eacee9cda062c8418b4d6cb440ed82328c03d7c1d1835d7aa175a2ac5e35ce2ec3ab6a37ed2fae0bf2eb61c7b08199299b6dae9e5194fc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0ef53dc0f69f09e95b76b336fbe7966c

SHA1
c814817a342ddcd91ca828e06c2b72d324c07f92

SHA256
f28d6e2031966dbca456e1b362f1d4134c5db8bb2276e8e9337d8e36de7c1475

SHA512
9e218796c134552d7daf62bdfece0da518b1b664e2b36637bdae34c5b861640e22e3232efd6d7849155b20ea9ae8533e94547f59fbe898f69e1b7d21f968aa2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
fa3745a508ca360577f250d8f21170c4

SHA1
d92c9848eb2f58af1dae99899603e72b45b24f09

SHA256
e22a5cc7430ea6f6e15f26fd7d71883aebb7bce8fdd513f7215bd05b42216bd5

SHA512
78fcbc9f4df56f6a8456d8451d84ee9f1989b080e8d2bea86d6064c249b7982a7856fe1696cb3612598f79369b6dd9ec59a1e003435475b72ea965c3357ea659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d190a00a6055b71b636b505edc5c9697

SHA1
7410bd51e7030bfba834773350ddd023044f05ea

SHA256
1c34c6b02d96b8eda4b6c7e77246a50c393d595edb5bc82759437da303fc26a6

SHA512
a07ad86bbf60ac10c0483be17b13e0e90954466eba3fe1cdccb35784cc0b6f74d96a082cbf557968e20a4d4495a3eb6a6946eebe0e8ee97940ff474f9eb6fda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9bfc6d6f2b75cbfab4d04f8909d3aa42

SHA1
f37e7259fe2c5287f4f5adf375e3594a5c132ec2

SHA256
8ae9ef90c2f3b4c3fb4beae260c60e1e5698cb9f896d41dbd4e2c845b2cf268a

SHA512
20bf224b28bda1f8e9585d0068253eb1f1cfcdde0cfaaf4f2e6742178b378cd3b159aa423c9de3313d28178c58123c1267c917d023b363b78b1ceef3f251973c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85d6ddff564d213c3f8f237e8050c7b5

SHA1
b722d4659e5a14195442f920fc2a5062fa654f54

SHA256
0af28882609c50161fa8af58fc811f99d13b99830ac3050f7eb37196aad3b1e6

SHA512
3aa79891a2586cff7f2ec771daa7de3a9115ee689a04c0bb30190b8a53734d22c571ecbb6666403a2e9017ebb046d0b28618948716bf104cfd65ba7b172bc21a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a25dc3ceb1627ca18de661578e43f13

SHA1
1216ba30a15378f849c151cd0865c54fc8ae4fd7

SHA256
95ac1c2a0e62ccc613f2a4db5c2b2afdf19ed436bc4404b23be91638eca0d35c

SHA512
4a67ea66ae3465b73c7cc58c987fb31fcf6e8bc21e3f32f037bb234c3067987c193370e7db123efdc1f44c99fbc558b7d3ac3b7da2db19d8d795a9e2e7a4b68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e5c500322152c12cb7cc6192403d793

SHA1
2da5e020b31a4074f9f7f2c9ed35a33cd74a80cc

SHA256
73418eb5fb87850fb66cc67a126397c12062e7486b2c2d73f00c2d7c273ff63c

SHA512
d5f8d6a1eae494285025585735d60be4d11ed4e951e3f6997444bfd3c9ddf9da5f3bc2cb0e701bb287be71724d8465393851f2f98d1f4bf77e30fd544d396d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66fb295d68263d1d5039a829e9014ffd

SHA1
f865af54f12d95999b7f1ff731a415ed3cf32dc8

SHA256
b85f181b4df2e644c18f0ef54286396b1e70863398c2ed399aadf6f054680553

SHA512
0545d72dd076721b4af59aed0d4f833e3e47b26067059bac759733d56f7e679885ce7bbcf8cd57df4d042c93c143f3e8507e234cc70271529381069d6d3542e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9663e5ff1e6b79be4f3459283054ee05

SHA1
617022c06feeed81af681cbeb842ddd87af40e58

SHA256
944c325c457a1469cc6beaf92e3b340d11083527b1ec5bf57a46e72aa0fa3cd0

SHA512
2139a7d98412f618b1fc95fec07506cff4dfa5eed009d2a703fc7dd6af935d19381fffcee078f58951dfcad88e70ae0fe1615d19039454ced5345642a2a79c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
780fb40012b970590a18644c8c4e5452

SHA1
51724e034d19806e01b5f4157f3b8ccb6ce7546f

SHA256
69badcc795156554cedb4e8f719bca3d8038aeaf7002f48c641366080c202120

SHA512
bff693d232ce5fe4ba11cb358b462cc765ca5267cfb98b6dccfc8d16aba76d361513634c0abbbb2fecff48fcabcbd63b2f92a707476e03a607126ca9cde83f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1d31ca94c915db0b06a5a508a53b11ce

SHA1
af4c22611310375e140655cf4b470dbf299afc41

SHA256
a093a8e3415a364288a9ca879172c995857cb71c8e0d0bc8bced811293abcb27

SHA512
ae3a4dbadc0a4f7038766e366e505ef798917d079e042578233426b6d343ab8115d81974ae5cb8a340ef497c272aa73d320d9a721c4265dff0dd8ac38800c530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
33e8210d8049fe0b2a2e0007fdb1b4e4

SHA1
380724ebe68774440a42ca1039635bd320553a7a

SHA256
f39519b554ea73bceaa73f1ed44553f109bfef0b5ff0350326005eddfd4f6659

SHA512
68c1229b74dc89161ba0eb7493411e73323d73b1ce6eb321216023c4e60a7d661862767bc350d4e8b970b488537be47d75bfc0c2e7001ef4354df7ff3e7ba50e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f836.TMP

Filesize
48B

MD5
76304a512a2483e1a8df100dab074969

SHA1
d8d6c97629d2327363368e269b7b648ec395adf4

SHA256
14ad5ae4aba544c080b95e6af2356f90e7e091f8fa080ea389bc1490c3bedf06

SHA512
cdd53312fbe0227d0ab84782e51f1e322d9dd6e772fe4d2025ae521c3866da2aadb4c623749d2e18e62fabe03d0405081293113ac702678521819bf6ad5e12b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
423fdede9a6c4777f1e78876ac428bea

SHA1
12ac3fd74412573a59c94e7ca16c8ea10127b5d5

SHA256
45bfe9d83f3668d2c035781863af97a8a3f01b870565e119517da003d3eb0130

SHA512
ab4feedfb6959b04ccd4e16ecd15305d8a26ddb531ad4b842ef218f59896f4e63c6fec88253c3cf7e7f6eb4494ca5cd70a0a4a363f20a9963a38d4f2328ce658

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d3233c3d9f407e3007cea7d7d10d0b49

SHA1
2d57a17d4e7b01c8953f032523f4cecc4c5aacc4

SHA256
a9648b12f7979e4581a351646f54fb497c5f90c2fe54407ffe6558f5f48e79db

SHA512
cd90f2f5de003a7bead62ac4c3ccdf09a3abfc7e3932a11708e22b693387c115f6de15ef1ecb3fe0abd7556f66641492474cc44c416a0e394b24f4891473a871

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c03e.TMP

Filesize
873B

MD5
afce019c95687fdb82e8670217950fdd

SHA1
46f102c9d90a26dedfa8ecbd769f17db81ae4f6d

SHA256
6fd5e4c735358fed9bd620241a643eaaf63cd490908571cfa4a70e0c4f7cadcd

SHA512
f9d013cd916e21c8bea1b4c89493ed71840ed07846b98bcc376cfbc33590d86a4d2a1b20e22d93fddbad224ef4582fb74faa107875c1e8f68de648080f64ff67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
01cff0dcb91c575bb4b21bad43752396

SHA1
b9930a5e565ffd3a4877dc7ace242a5ab0987104

SHA256
c6ccc104b04349678b77938331983a5e205b384517d428c1b990ef28cf66041e

SHA512
39e1ebec27b7c8e16a079b9dbac139efba0abadc4a643b5d9891157ea44238d4af1ed01f90f8dfb3c6ab7b11740fad4ffb8ee13ebd26fcc6ec10ee1e1b55d237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e4e5a29e711cdbc8dab2c7bcae5862b

SHA1
4ff6f8aea8dbcdac62db2b7549a6b0021ec24343

SHA256
1c374841c670bdaa456e5a891cc1a03062d9ab657719d7d788eb60c0bdb72ea9

SHA512
b94977c09e3930131623fe1e6a38f208a312822225faa5fb9d82c495bbf04c645b5ebf76ebaf4bb808bd82fa5e45f6b47fe38cf037d110a0bf023b442465273b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
10a1b184f5989facf027235a059c5c6a

SHA1
1b558851f95a5c3913f619ca4093ae52e59255f8

SHA256
c548a107049d0c45b516d5fcfb88371a527b82d087a94fe91b86b43e000ab49d

SHA512
2646f9c655f57b1eeab2c6d9b8a84d43dcaad8ad9cdee55099e16890f8162966bcd8ae8c73a75f8f80f525bbb08b668e13e9232b6d53a89e457a481bd5302a47

Download Submit
\??\pipe\LOCAL\crashpad_3712_PLWJKDYAWBFIMIDY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit