61f38b94683e91869ebb95255b4c64ba164e0c021c994780436bd850eda27740

Analysis

max time kernel
867s
max time network
870s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09-08-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

tests.html
Size

1KB
MD5

e3b10016bad321082a01a1891d7762d2
SHA1

5669e51f8b6e620f9adfcf1b0a3a5670c325ef51
SHA256

61f38b94683e91869ebb95255b4c64ba164e0c021c994780436bd850eda27740
SHA512

724b421d3000cf27069e350c215ca4e64521449759a095af4295ddbf07b519ffc8b443072661cef105637febf14e7881990fe313b3e7a695cbfc3fb384f5c89d

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4776	msedge.exe
4776	msedge.exe
3296	msedge.exe
3296	msedge.exe
912	msedge.exe
912	msedge.exe
3136	identity_helper.exe
3136	identity_helper.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe
4808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe
3296	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3296 wrote to memory of 2916	3296	msedge.exe	81
PID 3296 wrote to memory of 2916	3296	msedge.exe	81
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4716	3296	msedge.exe	82
PID 3296 wrote to memory of 4776	3296	msedge.exe	83
PID 3296 wrote to memory of 4776	3296	msedge.exe	83
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84
PID 3296 wrote to memory of 4856	3296	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\tests.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff88bb73cb8,0x7ff88bb73cc8,0x7ff88bb73cd8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4792 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5464 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3376 /prefetch:8
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,8450038440076190171,7592923074462954367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
a954d5124315ab0c17a67ef3edcff7e1

SHA1
963b951dd0cdd4f461543a96b66d7575c8d9300f

SHA256
779c7d446454b1a51681f0d811d0f5511a2a631b325580d20370abbc05e38d3c

SHA512
1916bdc51e9e398a641bf5d20a877262e9c85020f4240c33484a0c20ae1441f1abc42b7cedd561b1d2f57a27447d35cb79de6c715dda010d151e40945d629eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
4735b26873361cf62224537628b2a456

SHA1
e54db7c7034107ff86878aaf7cd6cba5850ed6bb

SHA256
9c4e342e78a212b444e5952d9af60110ba2d2a5bec86fabce77bb16921834214

SHA512
5dc76b9965e7dfecacd63c8f7c64d3358edb7b0e3aec931d3cc1deadc464d061392289acd54bbe4a4fbce13a0f019c46e514701f8389566e76ac267c59910ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
04896fce756ba32e2fbb97c62d1b04fd

SHA1
5a3361ebdd17c75f29f178efcf1d0f2adc02ad92

SHA256
b5049b6d6d0857e74f417a207f414778e5b1d2bd1f7a6429b736f65f21c80ad6

SHA512
b17ef06f5d55761184000137a8dda526673878bf9fb1da884776cce4b899d75c906225eb719e18b49be3b57c9579ea375361b931ced6941ba6214078c903c493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
449af86de3552263a958c64b9dc72a46

SHA1
b685db360ce046f49a93475905ff74f493b413bf

SHA256
0394a2fd7ecce1da8a036761213b6d4240da6bb2f663ee7db52149f78162aaf9

SHA512
8d782d1c186ce6321ee770b00331a32e75e6108a0bf900487e237da05f452328c4029bf9a292f0f46431042f0794548e2b22ba4538114e6fd4a5b9484d54a737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
6e98949113c32dba3c21be11618ca0d8

SHA1
7916bfb099b2a3c0a4df9906b6ff0b34e0d5a1d9

SHA256
3464917af2950c679afcc5a052a9c27bbf13d71d917b51259e1ac1224c3924b3

SHA512
566e45ad73dcce56cf70ccd0291c9218f2230460f69e5cee6ad5f402996fcab2c27d70c7593ebe250f4a90eaf64f3f6957e5aecf960819fa617e22fd33eb9fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
b38c0b434edaa9e2f24d0f554ef91feb

SHA1
a009dda049be6a453f241c15ac6131be147fdc07

SHA256
108a4a5ca9cb917c5d982165ef45492f53a6ddc87c4bd98fd4761a1180068c3e

SHA512
8ccf693c0568adb2e62190953e31cd74c8096f463802f8517038030bff0c908df52cf3af3d4457ab5a6ee2b19b363ff2fa72c7a67b86ef55ae08cf0aa2912ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
8a317fbec89a8ca52e85ff7e11631155

SHA1
6e50aab59d5ec83125e5b8fd1dc8ca5b3a2407a6

SHA256
edc412898676334bab374023955c143f8343f20e5b16147942125f8914d6edbd

SHA512
a473dfbdff80c6e6f2dda49b2b5ee497d012594b5cb8371af37702117941970fc6da728f15d5363d66289b5fae44566891afab200d431330568daa0aa034c01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
888B

MD5
881718b47f7066d96172d4598834c47e

SHA1
e52776fd1ce8eb4221b46046481acc32ad6cac5c

SHA256
51c88e791e4dd5b9490d17b700643ee7aaae2f784a54e5a888208e66ff99c0b7

SHA512
f3d76fad1042929405d20002592691f74d25c3a7e4bc32e1b681bf0548e106317166f5cb404d6769b57b9396b9f54148f22ea3a86b3eb23ba1ec252b4fa5b631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
728B

MD5
b0c3e60e6b040f0684f1f0812f6807cd

SHA1
ed7519ead693594ab235c4939749cd2f998f4f27

SHA256
9eb88657aee87227f45f5655ca2989c6a5a3be992f9c84bb3c0af8fc43b98412

SHA512
dfe21bfa6f4c3dcaea6f18389d4e326a7da571c3497e173cbdcda2db0f1c56ed013af7618fdea5fd6b2716bffe4d4d480e3cb762e0cdcbda1aa4e7d72b152456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
a522c23744c29d198909bbb5e13b4e5e

SHA1
fe03e5a8bbcacc582c53ece006a4d7dfb7a7a21b

SHA256
c5f91ccb0fa6774fc6a930c5e1b60610a198ffaf6d0bdd92dab036b4d2ef6a07

SHA512
c1bb8254f1cfd02dbd0aeb0b36f10f59b9714f165cd19193caefa722bbf409471d4e824cf029f8a2ad2952a5ded4e85086061a2013a3880c6abcba1e8d9450db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
09dff8c89411356911387d2d0b2db949

SHA1
f20990ab6070313de98cc2340b8ebc77c7ed1174

SHA256
a35bc363bda9d301ea19fb33d97f3f448493f89f110af553fc14b4e8a8c287f2

SHA512
8a42a86cf9bebe83f1bd11d7259fd81310f8e71cab111902956e147b76db7dbe68d7a57d0d27585307e9c9e8e3961b65095a387f235969cd18a59f01954e779f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7254a27e2421c91addd490c38efcff70

SHA1
1f3b767e9347e12560ed1ec94552d21771b84f09

SHA256
fc01169230cc968941fe6d4f23b6c80fb75645ed7a2ecd7e5441230d0ac1b1a4

SHA512
00549c1cecf477df922fda319bd0d96cf49778747735fb0a2931aca74509d1353b130cd2fa03bf5c7f78bfa9db1ff0ebc4eb5007cf5da3ccffebb26849b9bcf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f6a44905145c230267ffc360595082aa

SHA1
7345d464284755b93d4b0eaa1a06fab04d3f8a38

SHA256
01c4a0899577b5e406ba26e085640f375fb3255e57c52a24c3ed6b95be498294

SHA512
0f5ddc7f21c8aac9eddd25374d3b0cc77334271337140fea81c8d839e6cdfd8ef8917e2ef4e4ef95c086a0351941aecc6ccf2519d7294fa51024d50919bcc9ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d36529f287db3ea2fc2e556507f7a4ee

SHA1
ba39f894f58567366ca19e5d12311bda99608cf7

SHA256
9f3894c650f1326f91e20b20b27783c1a5450c94a998c98171f6df8570f31f72

SHA512
d0c5492445fde645211741451a2cd443f100545dc8f10c30e37fedb92c9202c1f3c5222ed845288fd908b49e922cd7f195f42269c860b0831a4b07e36b20a37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4f1391bea1d2d155c95c22ac13eda1a0

SHA1
b14d629ba2cb36db902154d918c907f22c9af322

SHA256
d89c05265842ff501b63e6fab3e89d8ed39421d73de36fb4df13f08f9e6a4889

SHA512
4cbdbd312eec42834b943994fec8efda3da4a833c56bbf8b405f65eb259c298f658fe49cf50c98a9b9c6c4a616684504302ee6209ecf629ee2531fa9e852d66d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
174529a10ad265d697507b6bb47a870b

SHA1
d7c01b007ab6f473604e129c6098131b8563f2b7

SHA256
0df85151a1168f4c6bff18ac73810f0d00e24bb78474bd26aec675ad3e12c705

SHA512
53d998295797c0d03034747fce09fea1e28fb6a556bbd83d8fb377434d4c41f8bd8a1c5f8a14a8d8b2158c9ed7f9f4772b9d53c056531f089311c4fb24ef6bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
7682aa3a50702ba61fc6f8fde009f951

SHA1
6e539e7e68a4dd13f09f67c68b509f168f8296b6

SHA256
315939390700db9913412ac5857f76b96dd86ba316663efb9740117aaca78f5e

SHA512
f662bd227cc86ff3d48949e73dfe3a20a82aa2ee477bff9d6136b983506ec36904ee1d653858d8b1eee61e9c24087018c8a4537192aefb2e9f3cc4d9df45fdeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9188354e5381d46ca96097fa3a136fe3

SHA1
770432ae71181ed1987e9bcf833f6254964a37fe

SHA256
1bfd96afb06a9291d5d36c8032e1d700ef253384fde4b7b00497e5522cdb2ded

SHA512
916092ddbd575b4a26f797501b04c0e34d8a3ae5e9a1c0ce658b5579004edf21d6fdffc0ea19fbe2dee8e00b24ef2688244379c617e5796e86a6c02ef5825c47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d9c1f79b053e08c5a725f67910fbe607

SHA1
3e4ed454dd623e788187320943ef3e0e7b3e742c

SHA256
310e5142ddacf0a396e0ae9f7bc81da534778213b2d9868969f7ae6616a1a1bf

SHA512
c2cd29dd18ed25117afde61d9952f5b740f03d1f30e4b79f7146a06589515789f6c61e8666f8ee6edffc73b65e70ec4a3047650248ac131ac8206f09ccb7295e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
52e9aeb17468353f88a91c5ef8969523

SHA1
87435d84179de627d84bcf640a105c2a4fbc815a

SHA256
4e7f5164d3a143bcd8925fb2c05082f4fec7c39ccea8e5d3f876839cd9e91b9f

SHA512
187d27502cfa64d4ab321ae296069132f6fe195d2d47f7b7f1cef78bcea75bba1369c4299526c105eb12abee9a0c83cbb02c4b3b6ea79c6bc9936657a5985caf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d63e8eda37a41b52e6dcd1d7da7b58f

SHA1
bc62611c314ab2adb7cf66e2185780fa07294085

SHA256
7d06d5041f758a115c3de722d45bbe9c71b65a507f83898e3208df10baae8066

SHA512
d205eda126f6d02706c9ee9645e8b67da807834891321e6fed427172ef4aa34e650ae59ca848670ebb944885ffc9e05fd53388bb897353f1b1a8272a13859d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea5a6fcab5154982a9a3c107516a0343

SHA1
9b7efaacabf1a66b501c5373bfb33b9fb3125d0e

SHA256
f651f3eaee336f1143fefd61e200c4cfcc829a04bb68c9bb08675d2985fe14ca

SHA512
0474ef7209801b24b8fd555af6c04fb718ccd607981a383ddeafba251285e76669d9f5c377a353e6df3ea22bd81d307a589a6dd7801f7b6bc69e657978ab372c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
099ff3c075c305297a6ee9a05301f97e

SHA1
2c1e9b107a8052593d1bf976a4aaab64b065b988

SHA256
35f8612f0a976e298c39e242d7758cbab4adbb890d6429d3c1b6f9f0c9dfd709

SHA512
7dc0e60e66202a95d8f5413066c1d9f2bea76c67aec30134162929e8906eae1e81a2980f0e07e910177a2e732880b4eff5d8ff5a43aadeed514219a3d5c01f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed592a9430fa40d54ca2de33ab2c9527

SHA1
3a0366548b4812b84ddccffb233d166b7c16c7ef

SHA256
0a856bf10fe6991cfc11cc471bf23eccfc4aa194000ea3e86202827a4e938e56

SHA512
4ed5ed45b387fd16e0c3b7618bedfbd35291d043f77ec7060235c5c068e79c024bedd250cb29e429ead1cef2023c51735d8ffd9ad5e3a243f6315064d634f4f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
e88bdb17d73a0c96b8adfe143e9b6e4a

SHA1
debc581a9dc5990c61a4aa6f2cd683860eca0850

SHA256
9ee43817fc9accd4dd7e09f96226e78379f3129c30f409eb4ae141cdb1135e74

SHA512
9e18bda44463b43e4d25590db785b05ea69a6427fcb7d9b07f756958fbbb42e2d4d94c5dd57d0c478157f6619ee96f8d28f200fed12093a4bdb04e6e09ad6037

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
482dd47df78f6c8495f0f1aceca62410

SHA1
e5a4536e5677b3674499ad649cca6384cd24023f

SHA256
9fd7ff148eeb1dc001a88451665f3865991d8f5567f1d741b1fd74173d7eb1b9

SHA512
1b30b469dbe5598b975888c1715d6c3ccdf3330add508b632cb1b5940d6fca9b166cefd8d23973e8ee572ac576217212ec09ac6233e783cd9427663ba1c03381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
0083395544ac006f3bf012d437f05453

SHA1
c0132866f58f4151564ba2cef3da7f1b4c11c220

SHA256
8a0f1d238c0d54c7d310208f0cf5f1ef3cfc2949ec77a685ff95939354d3d085

SHA512
59b8071ce7bf91340b3e2811dc01c3a1a7e61af53ec531da5e5712b78e93e7745116b857d36e8f17f742637d83dd1339c88afe7916f08643c668206ef53d7e00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff0e8f01c30dbdf95dac2cd56657fa83

SHA1
fbd6a288819c20d74dce242cef9416edad0b3936

SHA256
38f01940602dd90c5b418dc3d6ce578b24889a63484712c02dafeafa1cf0b5a1

SHA512
6461b07763adc1431546b2d0c9fccfef1697d3b38fb0a2789913efd17ec4bda2799f94b0cf19a63bf8f1150043b02349a4a4060f6ae5348a7ea62fddcaab9a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5884bb.TMP

Filesize
204B

MD5
6cb93aa4d7a818598f24569102e1a7a2

SHA1
c8235247c2dc8d0b93da340d813d6b9948d6902a

SHA256
466cf3d2164994b8bd8b5ad42a8ac9f96624950aa325658ccbeb289ac12812cf

SHA512
66021606f3774ad348195590565ab53a2aa7a992d1515dd9fcd26d568ca0f17ad06ed5b2f2ffd145637b2ccd01e9f84c8892473d3daa12a69c025438f4d4de17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
292fc46b55ce92fe61c167fcd1d1645e

SHA1
97fde29beae302362399fa92b9b2fec38922a7d2

SHA256
e488c0ba750b3d35885f170190801b60b9c8d1ba96ec7880d4b12ca2b5b9bcb7

SHA512
ce7fd09bf90d7bad916b9ab76477087bfaa4abf6981a68b7d22e22a1399f1e5c3db49529748beed8001601f7954038b2fa77f1d83284e2fad3c6e49a6db69077

Download Submit