hxxps://www[.]mediafire[.]com/file/itf8s4sje9jeogs/Feather+Executor[.]rar/file

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
01-10-2024 16:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/itf8s4sje9jeogs/Feather+Executor.rar/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2004	msedge.exe
2004	msedge.exe
3116	msedge.exe
3116	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe
1816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of SendNotifyMessage 14 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe
2004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 3588	2004	msedge.exe	79
PID 2004 wrote to memory of 3588	2004	msedge.exe	79
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2088	2004	msedge.exe	80
PID 2004 wrote to memory of 2336	2004	msedge.exe	81
PID 2004 wrote to memory of 2336	2004	msedge.exe	81
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82
PID 2004 wrote to memory of 1068	2004	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/itf8s4sje9jeogs/Feather+Executor.rar/file
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb4d1b3cb8,0x7ffb4d1b3cc8,0x7ffb4d1b3cd8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2000 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:2716
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7028 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8112 /prefetch:1
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,11765494375242689861,8260480008159348974,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
1KB

MD5
c6150925cfea5941ddc7ff2a0a506692

SHA1
9e99a48a9960b14926bb7f3b02e22da2b0ab7280

SHA256
28689b30e4c306aab53b027b29e36ad6dd1dcf4b953994482ca84bdc1ecac996

SHA512
b3bd41385d72148e03f453e76a45fcd2111a22eff3c7f1e78e41f6744735444e058144ed68af88654ee62b0f117949f35739daad6ad765b8cde1cff92ed2d00c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DABA17F5E36CBE65640DD2FE24F104E7

Filesize
276B

MD5
15837286e0403b46d55a8efab446fce9

SHA1
5b2c6ce6aa38d85ffb8f3697a3dd85bfaa3df778

SHA256
19691b46c99e5828a58e8690ec737955e3106bec975811437286de6b15aa39e8

SHA512
5aa8df6fd5bab941ec29e3ba197a1989723262b08e3c68c159242d17e06f9b7937cbd6fa59188b6cbab0b7e2d946e3e2affa53143981a1effacf3f17c743a36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0138c45967100e37223ba3f56857cdac

SHA1
e970b0e7ccdcaa522357752c5c32815d53b8bede

SHA256
8bea44ebf046bbf0b87404b0d0f2539a544707b98b548f42758cdea34de6dfd5

SHA512
936e41a8b9da8931d15a2aff108174d4b193f9e1b4c33a387cce5b3423a22b469e3d15ea223efa000083a4f5d3e9729eb1cc0e48a42af61b476f70b37ae597fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
73c94aec93e3bb61db57123b9682a174

SHA1
47c00ac1c2ad421a47fe43d7dfc278c316f3a31d

SHA256
197207a7d69ecb884effbd9045590a1f1c670fff1964b5c2f2812dcb6473e690

SHA512
3c2f9f4884d3f534c51a7e0c12b39c2bc634334bb9bcad6a7f275b4fc14570ba115b4721cb150606015189e1d5b49d085a9db703d3b9e6ccca8c68d98074ac1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
928a94e79824a46b519f1289b30604f5

SHA1
7b1cc7837b5deb92b9dc681791a41ef0dc280d91

SHA256
deb197ba9be8ec50a0ddf9557d2062146474e50c9731026a4bb77f0307dccfca

SHA512
9373ce4a03f67e17129038e3d35699ba0883a0eece7073c203353db6ae95db2891b078adb26847de117c7dc2727e38c8c62ed31f6c85073c0f8a770622f8d2d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
6ca7342b13a3bb4b8fe91cf5d1605693

SHA1
4e706827442968bfb24b14dac9873f43b3b381a3

SHA256
b69cfdb3c6453fc95beae350de95d12d14f0700125cd76fed03e01f175fd1c72

SHA512
bd8c0ceb7ffcce5c645001b381bee64d667281aa9d36f97a7456b973ace5341dcfd9e4128f217520e79ad0b9a5de16dda724c063fc2e885f6cdf011609c12ff2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
718950ed1399a7c1f195de29a7ad6277

SHA1
46e666f62a799d49fee64886bd146dd7a89fa237

SHA256
ac9370c0057470468a68e3586c11e8d2b656e482409628da9c610843b65cb4e4

SHA512
86d7a4cf186eb0f67509c1ec3057f098fcabfe72bab31917a713ac27aa744a187f8e2de3c5a70dbad4dbbc58db94a3e6d5f2553f20bc9226068797d6da6b65ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b86d4470e32fe5b85178fc6913b32c91

SHA1
b031c67bb8397aef89aedbdccb200dca52731cd8

SHA256
28261f973d7b86f52168eafc53b9868f503bfa233da924a37fdf87dda0d8dbf7

SHA512
2a493a48c4f310c804ad324833d88444daf6a545ab2a67481dbbacbbed005d26d7cad1248524d47e6fa66958641a08bf6534e043d9d9acec0dfcd1f31c3e5a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
93ea2bd0529c1881c05f02d9cbb5f00a

SHA1
6518a3639f8554510c559386ef0404b955dde051

SHA256
e8ab27a6df7539fafca078e2a2c4f0e93f501cbab9654fa34f2cbc3376805e34

SHA512
10c8e33419b7c2d018167550b2841fba24862afdc5d59adaec141accaf61f7a13d3c88984ae1a406f33f7a50890ee59d6ac52095875ebcb3d7876ad347a52f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
3888b0132d090aac8e2e6aec87f8be5b

SHA1
2260846a68b4a4b3feb85a2300173b46014436a6

SHA256
f0bc181504763264bec916fabc5170979a925d335d8b2710127ae94dc11cf79d

SHA512
d502bd614c0e145c285cdfb86c25580b2eaac1e8d47ea7141581b6370560b5877d38f1faa62b3ff708521266840e02f7b4087c51e9606d8cd41a599a8cea9c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0cb47a78faabfff43be56d22d7d40360

SHA1
36abc236a8e8b750d64b8e5fdc1bab4421b839d3

SHA256
39d3e133869262e0e7bd50376f13bd0e39e0fd956d6da42ba84b2e846ae3a6e8

SHA512
ffcc65e934def6811dc439899c0c67d09011d9be7f878b19cf99d713dc1dc0015eb0f78a0a571064ef6b6c443fa9e80fa6633286ee71dae52e15a4bfc6e65d81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
054857f62caf80a25f88dd214076b32f

SHA1
202e2843c6c60375d428d290c2e8f3c468dca20c

SHA256
0898b1fd15aa4c7251023869f60654de8f8306e3db89e7c3592540f6eee304b2

SHA512
452e27c90fef5aa7ccf2c60d6c0592137d8de906f9653a0fe795ce8a1327d4753615195a4dd8da92c2492f818e5220a44fa480520ee17901acdd0b388c5cb97a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a05ba463566465c9c8831d1d0ed00003

SHA1
b30592a4ffd85f9c2543b7c46409fd96fd39d56b

SHA256
0a8a81e770c9be05de8417db29ec471aa530a40504acc24e94173bd41c1186df

SHA512
805bf5b779306420adb4ef4e0e27c7ada93a81a5395e0f46cb1baaebea2d579951deabb2678e217aa7816009fe9cfdd7a2b771ec5bfa5c831273330d051a9abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21bec5bf8cbf2d7982ce6653f906e06a

SHA1
d99933df14aaea34c4efb716e82f236d8951430b

SHA256
9bf3d9d5badc64fdceaa8f4bfaa196078e15c8ec52c954739263100766986d70

SHA512
79981f67644a8a1a379dbdb6955881acb5c0e11114a7da1b567977e2dcdb57ec0e8ff339cba143567b5ca5b2adc400fb5d0e133f41840a01778728c39afafec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
06241baf99a644b2897aa01c9cdbd9d6

SHA1
de007a2e8d3f69da4ea27fcb7fb1d21f13f00f0c

SHA256
ef47031f53ea5f21d109584a5e7f6027413d58f799bc9f6024525f1446fbb543

SHA512
b4515e54f7f65b346545aa9902dfb459f00da807cb00f366578ae3db338797d3f7496ff3c934bdcefbf57ff65c587c322539201e81771b8011f451d016da3b67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8142dbf4fc63a866f9d2de68eaab3655

SHA1
2699499985ffce685b239716fde291e6d7009e93

SHA256
96b75e0067be8784b8d8e484cb87738c91391f8bbf80938f6ff279de040776ff

SHA512
c05108d7506efe683c57e940f8d239b4106e0d3163e04dda2e6c1bfc26f242ac2929e7dbebc4b478530ca5c9f3ee9a83c18020dc786f73ad5cec44f248c0fc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581a1b.TMP

Filesize
1KB

MD5
179f725b1ca321dff5be812da1778ad7

SHA1
fd9714c387f8e62398ebc57cd8bc14961de9db3a

SHA256
44e8ecc69640ba3441fdb75d9a3a3cda8d660be6017815a2adabac67f034ecbd

SHA512
0f68385e3d5d8f3b35a4bb620fd41621b949727e821341b44d25d400d242cad7736afd5d904211e068b6945c199deb2860288c106801225dae9eac4d09b2b9e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
693828a8f971024a6ff7912b60929035

SHA1
434276a8d9e49a598628cb5dd21d5d6e2f41a3a7

SHA256
1c43092853aedca88333964a02011e66c000149c86fc2813b69af6ebacffab14

SHA512
0b3d7e0a3ba4654b5d8d96e4bfea313e4aefe64295398abc94f9f8a07841a4cf0204be028cd9fb7f331924c7b146ac91c5c9d12f6a7f6055337a76bba96d957d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9397efb8da9c5100b164914643ed557b

SHA1
c46ad82828f14cd99ede40c555208e24facf0bd4

SHA256
59314b8068c443503d2305392f73ae1aa6ae4be877611de0b730c130371d0866

SHA512
42caae0b5256e60f31d91c5eb99a58c41380a3d400901c0d18ce53cfa1e0e5be6105af56032bb68b7567331fc725459e89cd52ba89de71ea3d0f23636af291bc

Download Submit