hxxps://shorturl[.]at/crOU6

Analysis

max time kernel
150s
max time network
152s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
05/08/2024, 15:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://shorturl.at/crOU6

Score

5^/10

discovery

Malware Config

Signatures

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	13	https://www.cavenderbuickgmcwest.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ae7bb38db1663ed	3

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-131918955-2378418313-883382443-1000\{7B2D4074-E43B-4592-A6AD-DE28F811A309}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
948	msedge.exe
948	msedge.exe
3532	msedge.exe
3532	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
4500	msedge.exe
4500	msedge.exe
3612	msedge.exe
3612	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe
6136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 2736	3532	msedge.exe	78
PID 3532 wrote to memory of 2736	3532	msedge.exe	78
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 2744	3532	msedge.exe	79
PID 3532 wrote to memory of 948	3532	msedge.exe	80
PID 3532 wrote to memory of 948	3532	msedge.exe	80
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81
PID 3532 wrote to memory of 4736	3532	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://shorturl.at/crOU6
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffef9473cb8,0x7ffef9473cc8,0x7ffef9473cd8
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:1328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1976 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3904 /prefetch:8
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7264 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7532 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7824 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7460 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1928,3505299768534332877,17190487059375174545,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2556 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3e681bda746d695b173a54033103efa8

SHA1
ae07be487e65914bb068174b99660fb8deb11a1d

SHA256
fee5f7377e5ca213c1d8d7827b788723d0dd2538e7ce3f35581fc613fde834c2

SHA512
0f4381c769d4ae18ff3ac93fd97e8d879043b8ec825611db27f08bd44c08babc1710672c3f93435a61e40db1ccbf5b74c6363aaaf5f4a7fc95a6a7786d1aced8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f081a02d8bbd5d800828ed8c769f5d9

SHA1
978d807096b7e7a4962a001b7bba6b2e77ce419a

SHA256
a7645e1b16115e9afec86efa139d35d5fecc6c5c7c59174c9901b4213b1fae0e

SHA512
7f3045f276f5bd8d3c65a23592419c3b98f1311c214c8e54a4dfe09122a08afb08ab7967b49bd413bc748ce6363658640bc87958d5e0a78974680a8f9beadf44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
d07407b629fa5b0e668538b5cac3dddd

SHA1
5c8364b28bc1860cdc886e0b195e10e44db2b0ad

SHA256
b5e4f41b8d66518bdb157f71224d965598260de2dfa4b3335e344a169db2a124

SHA512
f02e6f6a9662d13b0695b033088938b7f44b28df89dc4cf78c39ad8fd8e04d9220f2c3fc0ef1f0fa960d15cdcdcb8bae33e9a079c411a7a1b1dd8357ac603bf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00005c

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c101f24ec575aeebf982c3a812dc7659

SHA1
8eb1f44e79dda9c25affb96c5d02adfae22ac570

SHA256
e87e799a2e4862cdf6b2181faf67bb76d4dfb212fbe1cb28d2bf67f4345404b8

SHA512
01df1de5792ed27cd56edf9fd80ef51f7a6c5b2638b6e06752beb7bc80d5605e7e1eb67af783a5ec66b53e6350c9ab33dcd8f60437c7a39e05bf04a97cbc0208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
1ecfe5c0e13d6f7a660700ca84015aee

SHA1
12e04d04410d2dea2011ed74ad52c86813597865

SHA256
96fae8dc148c9597d7d29044798d83bef4d71c37d27ce57143cca2b1d611ac02

SHA512
bb123a457792bbb78b4893123ffc11b84b086f49d944b5fb5e55fb70666e6630185100368af5ed698dd6b0c0c802698716a237137635097d9d97437de3f719d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
51ed8a35b114d5b59b8ac0cf8e82f4a7

SHA1
1953f5453bc624f2dea42540a2251ac935a84c24

SHA256
f5cd3c6dc01e83a709208d7353c7cb36c20706c00d1fe10e9ee3d333bb7fe75e

SHA512
7c56bc602be0434ebd688d38da6aa16e87bd02a3218549df9591598f419915d56559d69c8d29c146b20fbea60f38cd6cbf87c064a91e8747ba8d64c51f53e936

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0dd6531317cddbeda3ba373770a7fcca

SHA1
bb3ff5cd833068aa8fc6a9e63a160a119b3ced9c

SHA256
cb0a97606030d871ee20e2c820506937e21ff7800c88693b4c186e75cceaec4d

SHA512
461bef322cf8ea9ff3be8000980e06eb9cb7de0a0d11a9a163b48b9724c10fade1d864d07762d4c410e85c2c110e7908958d34af6dfd4836bd09ece2f7292e0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b7262f23461863a8849329249a7e5a7f

SHA1
62f5fd729e816de2feae4b9443222c6e65d14a9d

SHA256
8b87fd2a4f1fe1b2efb7d6444ad1462f740c3b6274250ecb640dc805a730cdfe

SHA512
e2bbc8805f3355601a78bf60d6f9d3a0c1ab23ac4e9932ac26937d2a043e60c91259e828b1033638ef74cc20212f02f19379dc6fa39117f4488f5c77a151fa8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
cac47312429b38bacb98a2d94fdb1005

SHA1
d00413bd0821520ceb5accbf5fa5992a776c7e47

SHA256
0a560c473de5a268d95b9cf90f7da712df3eb32da7d78dc16d3aac81aa37b8e9

SHA512
fc690e0212049510c73d44cbc98e03bbf53ed63ee42f75db3a00f0801bd11a746d8e4b9ad1f136ac6831902de48b3049f1ccddb9f2900137d486763030ab3002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f44cc7f4f07a81a9cf0b2221932d0471

SHA1
0865c4263538214bbe5e0db29d5f85a7a09c8cc0

SHA256
0562ef71af1e56b9805ef8fb2cab8a35c426a52ee069b317f475b844547512ae

SHA512
0332c76679b48775cea273d6e307f34129c90c3ea4cdaa2322a1b571eb9f49ae4dbf64526c20cb403c4b81d305ac2d4de2a836551ee2ca28efab736ccb8ac597

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c6c199c0df6b266cfc9e2ce9d193a2f8

SHA1
6319c1f858cb6d864b9daaaf7e637464f033de9a

SHA256
a477bbd4a73ece74b98c2eebc03c664d1e29eed36036a9b21d2dadb2823350a1

SHA512
17d44d30e70c327d015fa08dab0a19bfcbfeda74b5eab173df6042153f55ba40ac304de8a9c7134430c6ee2a774492371e11d613dc854c2a0ef5804929f5707a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
77e60dea890bcece2ad86b64dcef4a79

SHA1
f55b1c114d692a01f8ff2315caff19b467cc6ea0

SHA256
6e2a1fc21100c4ccd6112e04984e4559c94431a1b80da1364218d4698a5e8bed

SHA512
6cd8ec3077e5fcfb95548660e7c870768c2366f9592ef4fa9cec9308dec17fee364fa73d4e7e1e3a94a2cb69b6b84d9200ddd4aef6df4c78ae541b899b75c2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58acb6.TMP

Filesize
48B

MD5
670aa10054b4f61ecc5f4a044fc0c3df

SHA1
bb2cc5bc8379f4acc42fcb82a5867be587f1e0e4

SHA256
e7412c7400a5c493b08e50a575340db0a00db4fdd0a35c76c465c0cbdd0af426

SHA512
9fea9b3da30d76fe53dcd1e1985980d5274d1911baa3f9acb658b01d362d5873720daec6502d1bbc8caa9b2e3e232f994b27aa35a05ceb7de05670307466b7f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
a50f33e01c361ad8e416e47db5dbe9de

SHA1
a0519ce5c1b8f3ab692598991d6bbc80e6773802

SHA256
ec7b64f6bde997fce099e4d64618839b9b5489b0968d5235303bc76406fad723

SHA512
387ab75d6ab8cc47c05902ba19dc7ebb23ca33bd60708c4ca5a88785ecb37e19e306da499585a0940420001d25f288ff18fb6df95170323ca41c7a884929b821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
e74101c7e42e4707e4eabad8f0ed598e

SHA1
061263cf934032e6063896e7314ed30f10c003c9

SHA256
97229675a40f2d86077a7dae9a0824551a8e004c305554ff4fbaa92823bad274

SHA512
a1ce233844910801d51f99156a8a5b85c079e5b71fefaa7971497be54230a8a5c0cb4b0b7e916639ec4c601746c325d91e006e0395ee54a5200c0746fac3edb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3308754543d875f0e619d30fa22d6b32

SHA1
3b4aa6268a2c5a22d330338c1834e62eda0dcc84

SHA256
03c12681a29da0d435617f2941e62e57293df2f0b74db662f08af3a819c87fc2

SHA512
f81af11e8db4399a9dc92cd8d74b4edba759e8a3ab686df56ad80a97a6137465fb1abc54b429fcb644a7129ac2ad764e30fd71ff86f2ce5b3aff9063c6cb5ce3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
1d5e2e9162a2503828fed948424b3435

SHA1
4800e869638e58fdd0d760473a440a9acd27a542

SHA256
0a80d00e80528a01340fb536445f5967d65c347d0e68171773b73db80e54c4f7

SHA512
63574363f108a727123d6075862ebbc2b6bc6b7082ddab2ed3a87644c115a3b901e9ea01c4c5deef7da9cc9aef184162450110f6a6c474cdbb6bc830fb6b14e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586fad.TMP

Filesize
707B

MD5
f18a978dbfe85958c38b9acf9e8263b9

SHA1
a995ead9afdb21f5b76a3dfe1c8a456adc5823e4

SHA256
3b1724a6275d5469a87c4e1228f881d89c55b5cd9ede45841c0d800c926b5742

SHA512
f650ffacd67b0bda9467b5b2ccd88d8505b0a4cf7133956be4ab1240d55460275918863f9ffb9b3a5e05f2167690ea3570bef509c495ecdfc6ec87eb4fe59684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
192ad11d4943d5ccefae450702fe27f1

SHA1
5d55b63f52048e61846e123ab06144e83336f4b2

SHA256
08f2b8b865c8ce55bbe5a462d02309fdcd81d5178858b1c9a15af5f1fdef5217

SHA512
4eb25e4c9c8338da2d09adc621de49c180722198ff0000d99a1409af19cff932dc1a6538313092263c37443214251062a8a112f454dbed3f5e5895916e11fec1

Download Submit