hxxps://viadeo[.]journaldunet[.]com/p/yacine-ben-el-mamoun-5700221

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09/08/2024, 12:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://viadeo.journaldunet.com/p/yacine-ben-el-mamoun-5700221

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
2776	msedge.exe
2776	msedge.exe
2856	identity_helper.exe
2856	identity_helper.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 4876	2776	msedge.exe	83
PID 2776 wrote to memory of 4876	2776	msedge.exe	83
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4560	2776	msedge.exe	84
PID 2776 wrote to memory of 4236	2776	msedge.exe	85
PID 2776 wrote to memory of 4236	2776	msedge.exe	85
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86
PID 2776 wrote to memory of 3764	2776	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://viadeo.journaldunet.com/p/yacine-ben-el-mamoun-5700221
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc603146f8,0x7ffc60314708,0x7ffc60314718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,12279729872917317722,16441885992877503529,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4836 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
328B

MD5
069a67a75f7c133baa4ee6c8b55a7b2b

SHA1
d3968ddcda315243b444488914abda995cdf59e8

SHA256
7b80573cbb4f947dab3ade80c687634c6812c6c1cd6879be135046743d3829e9

SHA512
1721af3d3ae82aec7b9147f170090083219a3138189e47fb54919a0cce4cd47b5eb5ba321824ce4b710b489463db35db76f953cb160eddab43d647584ee35451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
237KB

MD5
39bca1042b43fe64870bee546d23b840

SHA1
9c167ce582b45d9bb5f08085b5083bf8a02ed09e

SHA256
161d39728767b91403001c9837a6aab8f0421ab9aab571c8f27337442a35aacf

SHA512
71ab8b1eeac1c33c235349deed8ef575ba853b5c8a9a3e8b90f21cdf023a050843eaa30df8110074bb9bb36fec81e4ac86e3bdaee508ef3bd0a65668c7b49cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
c1a1d9ffbb545cfa04741ba5d9ccc192

SHA1
2f769e40aa48cacbae9718913ea97112cf79a7af

SHA256
3b7ceff69e69cdefaca3ad860cd80d43061a0d3a530bfa60e768e81ed1682514

SHA512
92502ab964091d37ebc0b6c2e4d124c9f1cde49c0ab3ed5e0a0a3fd0288c2f565e916744b2ab0420d09fcdca54a7c16128eb060d9e21737a1266eabb61010a45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9fa10e3292ee6132ce8f98ea4b05c360

SHA1
6ad609d667095ff502f8d0cb79ddf651c1a0e02a

SHA256
61d60bdae88dc92a99072324741dbe17ccb65c66376bb69f1c8d5926e0833d7c

SHA512
e5eb079386af64985a056ef898a0cecc555965f7276c97c1be47d27bc30421633289c52510059329eaa3c7fec59629671d57991d90fbdd81445061bcf06633aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
2bfb4d69eddc04c7fe643328d12fd8d7

SHA1
1476342c3a709b55bb62f959b5e601dddb2550cd

SHA256
5816fe5366e76430e1bb23b06eff16161d088ed95dc1cdbde99ee8ffc12233d7

SHA512
d5f5d330770f8c044aaec8057c74c1a446e34b8def6af85321e1033338efb6e10a34f8788fb4223e48510fb88a0e826d2de52c280d32003860ce6b805b44a726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
a3c40daaf11f7127ce8b2583bb008a04

SHA1
9053edba50c79f5109db9ef324a9f5c32782ce8b

SHA256
dfab46312d03dbb9389c710e93f6d73626ed72de16ffed1bb9b374085588daef

SHA512
60317815a685095ed800356472a3c1793dba89a5473c4979915c5fdc8263647c9b0dbac137b45f4c54699db5ad10e81d83d4070679428b83436a5d41b85e36bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c7e62c3d5f52e5482db38ace7b68a2f

SHA1
2c745e02cfd4570aa2dfb0781750435d22234f24

SHA256
5d4445989a6bb5b37c68029716e3b3e5d355efc7b65d0e709243b083f3f2b0cd

SHA512
231ef89994884420614562199dee14f1b54602e277e2c8809e1c0f5f51862bbfb25aed1e9ff2b2c66e3ad5a1a3bb5d7663a0c9af08c59bc461604b7062d9cf5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
89a2979f6cb413c67cfaa33a5eeb256c

SHA1
c06d16a2a16183715c3bcfe50b4646bd2e12b915

SHA256
913bc50ae62e66235f063fab53ef56fbdf0ed2608b45c587c511b7c3b421908e

SHA512
c78eb6e625fead9d09b4ed3a51b8cac2234da11696fb9559bff00c8bf29a102cb888d1b95f35ac6bc6ccb2545b9190165c118b8b9bbe5b09ab93456872a1bb8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
55510f34f79d88e208653e0a7cd6acd4

SHA1
2281f43c935931f838fc8fb39c3bdea4549a500a

SHA256
dc952ba5e6fe026bb659d893e79d62ae6a1d1a1e357e530f640d5756e5d7251b

SHA512
a1e98ad45a5857e13a65b0ed0f0b4a60b0a8b2a41c23e8ab88a6b578f0f93e91cb1b9ecb6a4e6c325cae5abadec2a3aee6bcc3df2e772461ce39a2d2097e19fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2a089d91ed997fbe74a3cca31f278f7c

SHA1
36dd5d202ce92a13d4188a91174e86628111f6ce

SHA256
299ffb86d2f1b313b29ae70f21d829349a171c385af99e0632c691cd16f121ab

SHA512
18000d0d5927814472bf1f445f5e64e370679d6af6d273e360ed6b0574f5039ddaeed617357d47e6dca284f4ab74fc8f79e5a3e3e947f56b1152f0af76bfca8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4bd96f4303605bf30e55d62aaf9bab32

SHA1
bee89bcedd9a16faf88f6389768abe5e8b6a04f4

SHA256
7cb8f017b80b244e1fcd99d0dc84ccc443f7a56fd050d526253963766994fb6a

SHA512
2bb86a201d04f55a4bf0b40756c9eac8022f7dbd2c3afd9f9e77db2638e229254a1b33b64662cc510ede8e94e4528988ce95f621014d628b9b5911bfa1c06c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e1a63bb6f385257d2f723062a1bc276c

SHA1
5d3cefd48395ab481b086b087c77aa087df9dd9d

SHA256
17e12dd3f0ce3f7c2baffa831d126325f5dfbf474b44f492852952db03c5129d

SHA512
f53d93d0738026fea20ace6b9159937d0d5ef08d7752dcc3527680c2d7b3a84cf40474efe77c4f8007c571abcce808899a06482f1fe3330c8ef6d54f6c6c0444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a0cd441e5349844684700f64b63ccd8e

SHA1
eff5eb74245c7b666f8463c9e24878f6e4d60367

SHA256
f1f62e9ded1deb754e2ea0dac7287acdff24d6956fc2270d5e5d2d68a121adf0

SHA512
72efbc32b23cb48ff26a5a61e394e881c7dc0a9b74651f1997bf8077719b049530d520bcad6991673d4561c2a92bd0089f5d34841c47545afc32508e242fe45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e48a782a4d8afd4c05344362bd7daac3

SHA1
d4a9676d1fc339cbf1f312f1936ee8d534d7b1d3

SHA256
25bad3a8613da9d1c68392409296d3de8f5cd9204d4e7d80dc9818343ecc4f37

SHA512
e427009ad62a177fec284c5779a64903f0d02660516f1fa93d32e9cb5448869dc915f4ec2afafc63d44930c7bb11aee04006cc74614a67c6ab325b0e3f642c06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2bff6b3e08ad5496cf23086f6c99a02d

SHA1
de283fdaf876127f67c836b3b10f36ae511d11eb

SHA256
03e926e352dc19efe141ebafd35d586694c559084f29344df7e158fe290083b4

SHA512
edc57e5667c7be49c441d527fc2b5f594be808ab86d61d78aac6c18326e7258a0445f957fdb65fe9bff83e341e7aa2c8fcb4158de669c06daca2570df0cdb570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
34d3928319fbf788db68ea9cb8690a45

SHA1
d301e0aecc92b45e7c69fd6c024a351114b257d7

SHA256
e186908a12b995daac9d5eedeaf1761def558e9772ca94aa8d52ef687979fe5c

SHA512
4370c600589ee4da9651a461fdd994956d65a49d9d54435789275ca0cf02cf9479e5351a2a1152a59ebd9a07109fdf30239e94b468a7665fc801771b93a79132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c004.TMP

Filesize
2KB

MD5
876e8da223fa4279229cd4ce0065d9bb

SHA1
b87918a8c57b737a1d1949cc14cfde26dfcbf4de

SHA256
6fd213319de9869b9028a512e1b6a54aeead15c52d2ce94f265b441762998413

SHA512
917ab64f9b22d9fa50e8f5b2f773103f2e26894eae21d93d26bb2cb88fe4f4d4fed581b843351e7cd2e2db54e00f1ad346263589ab146fb220bab1e3dda00553

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b6897139b12bcad9b01bc19317f35df

SHA1
1c3a735b9b2e07fbef246250408dac5c213075ed

SHA256
604fec7f11e0cf737f599c19c0fd2e6c522c115d158927a4e41d6991008a5076

SHA512
2af969181c2a4db7f3ee095438b9bfd4330bff30e0f95ca180e686726ee88c1b87b31442a9ea72549a20d563321e40ecdec694d1c68642c95d21ff65bde320dd

Download Submit