hxxp://gate[.]sc

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://gate.sc

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{B7848F56-A6A2-403A-AB16-4D382C963938}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
3452	msedge.exe
3452	msedge.exe
452	identity_helper.exe
452	identity_helper.exe
1168	msedge.exe
1168	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 620	3452	msedge.exe	82
PID 3452 wrote to memory of 620	3452	msedge.exe	82
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1232	3452	msedge.exe	83
PID 3452 wrote to memory of 1920	3452	msedge.exe	84
PID 3452 wrote to memory of 1920	3452	msedge.exe	84
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85
PID 3452 wrote to memory of 1140	3452	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://gate.sc
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb70f746f8,0x7ffb70f74708,0x7ffb70f74718
  2⤵
  PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3567917229195585456,17496573904321593688,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3380 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.2MB

MD5
08f7d036b9973d744d3c2bb9aa8fdf66

SHA1
1518cc20d2b32591d586b08b977c6b6a8ad26d5c

SHA256
8d0c403ba7d22af8cca3c89985025d3340f71a1fdd1c959ccbcc5c8d3ff2ac99

SHA512
84dc1fc991066db3b4b51b307636b60b5bb1baaa62eb98dec2ee8c4b06f121d2000bd4015d01c9ee4771853652619fac00eb52558957e6a29f0d7bf02556e2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
d79d913a6470f77fa591aa4a995482b5

SHA1
a790336411946802a5c17e8e42164c397ae422f2

SHA256
8d18eed47058898d1999284e773f84dd125d4ef6d725b43bf5670a4eb5360782

SHA512
ad43f82a242c21ac2c23d72387cf99ccb4100e06c5ffa6f89079264a80f0c8629f9303f7dcb3a050fe3a7a3dcc46d704a7871db67d3b4510980d9772a9e41f27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f1735060376c6d678bfdc4af16a4c0f7

SHA1
75438f7f8cc648084c96780ca5c5c9e8c2bf3460

SHA256
dbfe3ebe83746ab4378fb6715b0210a2c3ec394d08da82fdf31c43aded28bb68

SHA512
aeb179ca6597766553c69eb1d30d82dc1276a920931136384d04c423a50320c37b8f5cc308c2944c030d94fef0f7c9a0a31f4a3b330fb843fb7714616ea2074e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.reddit.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
203fdc3086fbe5d1f2b7f7b8194702dc

SHA1
3ab3fe18a397f67594d00e65a34033e485c484f9

SHA256
5d885edbba07ad44a60fd61349595ee41f4243e2ebc0c1080bbcab89a4f3b898

SHA512
a5dfb97a7e64841255a4a09016ffc24f5bc30402749c3d10d6333dc882abb2760c175a8dedc83e4bb796625ec06895b4eb54715af5f1ac381d24270bb6b93e3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c42fcc4f7e138dfe8dfc9244f355a488

SHA1
6d0daed26c4ebd2979673b014fb9dc41609c9412

SHA256
831cc556f7d1cb63ab66ac80ad452b8f2fb51b8c548ffba8f8f7de7b93ac8f86

SHA512
359fccf31e27ca0ef981d0be865c11f6476ea1acd60e88157b3e1c367dda0a761cf1f66a1db30e581b689d3a2ce68562fdc39c3ce0821524d81d70c2a90bf4f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fbfb83b9f50a04ab91239c4bcf912ebe

SHA1
c7388c9f555f0825bab3ad300506ab141f456473

SHA256
232e03fd4b78a0b84f2449f1c080e19ce6aef5a03adf97eda07faf8631c7dd8f

SHA512
cfb534d5b40bc8921d3ee172ca2a6901402ff81933ec8141f1634e6c74d0b1a7529acde7fe78618ddd7ecb718d7cc98654d4b9e3b9a50fa224ea3c815cea6cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
883e4ffab338752a60ffae22e0ed0ced

SHA1
5dcc3339d7c68eadd383247e215a6855858adc4e

SHA256
5340fcdf796f827c94588055c5c9564b5d400bbc03720be13ce31ffa72fbc890

SHA512
6e8bff288915c74185b0fb5c78f2608da5136bbde3ce2a038044aa33300889f387bcb85bea2f943a18f839568100477064da3853b6b04dd4c6824732b67f953d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4d8dea43b64e82f0ac797bd3b3acd18

SHA1
4fd271565e76bcbb672d11d8bc41b426b0525cc5

SHA256
96fb2301a886661076d4637f3cd517003a89f339186dc17e6f7aed38630e997a

SHA512
ce8f4a164e1d0df14a1f18ed02940b12046ae180d57b2c3ccceed1b378af9a1d2469fc5a16b038d4bcc7a499549ed0643bdc6f8093774b7599d61b5d329bc855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f795eb7d3d8a77d08bdcb492a75db68

SHA1
8e8317d451498fa6e1d5f9732cee20f55a07a177

SHA256
dcc384d262fcfe202b1f788163080ca20ca1d67de82dcea04b0c4486cae02d7b

SHA512
ff50cc8fb2a62b0f9de42f2f605e980b6b231a06cd2280fdc85cb505ef0873f4607cb6f37c8a8963d41e46039fc0adf89cce50a218d983bbf2af1dffc823c831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0b6bd795ce3ff1de32850aac67d7b827

SHA1
83a378265eaf4dbcbed96ed1354b5a71e2f6f4fe

SHA256
493c3314f35aab88d8b22c9b2e35354be1691d42fefbf2e0bb58b5bb9b90dc70

SHA512
38c07a619e06d3be9683e6879f4d6995c1dab518be15d0da2b938852cfaea744144be17cd883976807b9767a4c5be8acc93c364b99fbb0c14340e436cd0a50e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c9a4.TMP

Filesize
48B

MD5
6c2e5463856ff8294508b7413b34bece

SHA1
00fb371a1bfc6d0d10a05c5e1bac0865aa6b1926

SHA256
15b0a0d73100776dc2ec39e52b73af948f0aa9593bd4c9f97daaba93b5776144

SHA512
d8372fe1a3356b395a91b98e6fce1f7660e680109249275a29e6a5f2609e84c3ecfde03f59c9bd4ee05916e73c5415968379c06be9d4197714262fea3f827b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d49ccaaa05158530896e2bc0605da992

SHA1
4fe319c9dc3c56dc0f3ba8c9c9cb224fbbfa8807

SHA256
5ba6fbc61924baa24ceb20e1957bf0262363d9a2aed35c48f8f915528f5e8019

SHA512
11adc618efe292b8ad1637d3a7951c242e2959b5254059a92c08110d4eedc9ad9bd3925ca1fee762182a611bd8e9a92584556ee229a1afca88bd635d6d47b762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8072e601d93e20273b89d48d5227150a

SHA1
50965338241720734816c5db422914589e9dc19f

SHA256
949f9dab509da008aabe908023d6eab0aa925c6e66e6424b385b3ed395fdcd72

SHA512
84d587d7d98e31cfe244fc4739ac6c2e074939f7ee2f69610f5d6ac244e6fda6156963ded79ffc6dad3e64cda7576a1745a6131752d1e2676634d00a89075087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
701B

MD5
3c59bba34fafde87b61ae1a99ef0d4be

SHA1
8c49c7eeb823bb10e8f1644a08972f7297879fbc

SHA256
37e21ebc32a9d6a1a9aa4943e91833e5062e3f7505f4d85f2a52550fb0b03b57

SHA512
b12d90e78daaede6fd91533a45d1db445b1be4d6201ad5d4e941b4353343d22645cf5770219ec8412d978193eebbcaedae5382d4c3fe80d3528e1f9251db6f56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
02f7862fd68c6555d3b6fffbeff16dff

SHA1
1fc98ce5c75a53dfc0262845eda409f435722087

SHA256
dab63997f88ea40584cc72e5cf9f13a34fbfb20a11be139ad1771f02e9367969

SHA512
e470f788dd88e2d58ac24b093909885d983f6ea322406e61cc664de65ca7ae469eaf341d4f4a56a8ee2a7c54b5abce0c166ba697bebecc40ad31cb5b9236a4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a88.TMP

Filesize
199B

MD5
b1e306ec72db7426044bbc80876921af

SHA1
022a48b54d159beaf8e610c5730fb496a130ee25

SHA256
cc3a499ab863861f8022485a17b4cd9365d538915af6bbb2321e57f46fd66e9d

SHA512
932e331eceecc3c37ccaa11be27a2847b2b40c5510adf64c0a2b6a09eb252f29a12cdc31f84700dd20e3fa78545387418edec75ea891b510f735d6ac6e4aaf42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cca42002c32f9ab0254d35f433c76ea4

SHA1
b46aa17ff3f1f4ec984bab2db0c86e0821875f3e

SHA256
5d2a688382304c358ce87dedee3cea332f9e010eaf9a13f26d16fd0234a1fc3f

SHA512
165e199f861525c4474f00971cef3056af1eb60cf10ae645acec64cefd578a7d76f8ce7999e4b509159b644d50790814b87895ef03fe36067d0c3a69da63e254

Download Submit