hxxps://www[.]youtube[.]com/redirect?event=comments&redir_token=QUFFLUhqbG5kbGRTUHAwWnE2Nk00YnAzcFduUmlqcDJ3d3xBQ3Jtc0tuT3gxZUJ5YmJIbkJ0TEp3a2V1d19lYkdsWUp2UzdqOUlncmdUZzNNd2d5Yk9ZOVpiSFlqb21lcTlMZmVRMWdlbll3RWFabGNfS051cGktVHZNTkhuZUtYaUcxS1BTYVdOQ3NlZUY4Xy1jNFJrSlE2WQ&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fpdvnpt1sbe0w4%2FSoftware

Resubmissions

02/10/2024, 15:47

241002-s8mblsvank 10

02/10/2024, 15:44

241002-s6wr9sxgrb 3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240910-en
resource tags

arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2024, 15:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbG5kbGRTUHAwWnE2Nk00YnAzcFduUmlqcDJ3d3xBQ3Jtc0tuT3gxZUJ5YmJIbkJ0TEp3a2V1d19lYkdsWUp2UzdqOUlncmdUZzNNd2d5Yk9ZOVpiSFlqb21lcTlMZmVRMWdlbll3RWFabGNfS051cGktVHZNTkhuZUtYaUcxS1BTYVdOQ3NlZUY4Xy1jNFJrSlE2WQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpdvnpt1sbe0w4%2FSoftware

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2629364133-3182087385-364449604-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2004	msedge.exe
2004	msedge.exe
5000	msedge.exe
5000	msedge.exe
3308	identity_helper.exe
3308	identity_helper.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
1092	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4580	5000	msedge.exe	84
PID 5000 wrote to memory of 4580	5000	msedge.exe	84
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 3604	5000	msedge.exe	85
PID 5000 wrote to memory of 2004	5000	msedge.exe	86
PID 5000 wrote to memory of 2004	5000	msedge.exe	86
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87
PID 5000 wrote to memory of 3792	5000	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=comments&redir_token=QUFFLUhqbG5kbGRTUHAwWnE2Nk00YnAzcFduUmlqcDJ3d3xBQ3Jtc0tuT3gxZUJ5YmJIbkJ0TEp3a2V1d19lYkdsWUp2UzdqOUlncmdUZzNNd2d5Yk9ZOVpiSFlqb21lcTlMZmVRMWdlbll3RWFabGNfS051cGktVHZNTkhuZUtYaUcxS1BTYVdOQ3NlZUY4Xy1jNFJrSlE2WQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fpdvnpt1sbe0w4%2FSoftware
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc359c46f8,0x7ffc359c4708,0x7ffc359c4718
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:3792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6452 /prefetch:8
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6656 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16673688531712971830,18091632584981300197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:2040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7006aacd11b992cd29fca21e619e86ea

SHA1
f224b726a114d4c73d7379236739d5fbb8e7f7b7

SHA256
3c434b96841d5a0fa0a04a6b503c3c4d46f1c4e3a1be77853175e5680e182814

SHA512
6de169882c0e01217c4ca01f6ead8e5ebb316a77558e51cd862532dbf9147d9e267f8db667ff6e9fa33164243724f5e437cb882392382f3cae1072dadb762c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b80cf20d9e8cf6a579981bfaab1bdce2

SHA1
171a886be3a882bd04206295ce7f1db5b8b7035e

SHA256
10d995b136b604440ac4033b2222543975779068a321d7bddf675d0cb2a4c2b1

SHA512
0233b34866be1afd214a1c8a9dcf8328d16246b3a5ef142295333547b4cfdc787c8627439a2ca03c20cb49107f7428d39696143b71f56b7f1f05029b3a14376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5a1084e9e1b85824b88807b4dd4e063c

SHA1
fe4e00362548d04194b8d6d7c2b0ac1166dd6a4e

SHA256
44a86355fcb2d0bddc3e0979fc1a966615f4c37b3b65f36c7b2235a8b59f8a3a

SHA512
ae48529c52d06e72360268aeb56492e98994eb3956ac47e797f86a1b94c4dcf8560e731b52b5756c517c2e8ea64b6285e1e9fe59b87bb0f356c8df68746a46a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
2ec5941fceb8464ac6c867df817a214b

SHA1
afbd52f833f076e5f4c4d49bdd7630176b07cf47

SHA256
e32f7cc3c297e76647be095d74c82f64f366076d76fd43f9c65fad7ebec1748e

SHA512
1cc1b8c469d7b1b3f497c65ae4aac7d46bbff08572f393eb79ab3cad74f84f381cd88f0a3465f7d71f50a67603501b8f222a4bc48d96896f1dd3b4e594a3e238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4446516446824d62b7a292f8ef3bfa4

SHA1
2c33fdf9636e6ec39298cb49e5fffbb9c7a18be8

SHA256
4546dee66c7b34b6ddc8c28a7529c80d1770cb72539ec1cbcf6058119a575aac

SHA512
6b3e445eb82e6d7d44530ec660dabbc588359aa75faacb6ab11ec999bf5cfba6e7bce176c0bf236db270bdfc59eb06507d8db21edc5690f7da8079568f2c044e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e19a60567f543ae7c9ded70e4afb3424

SHA1
af73c84ad5fcf63c1f48ebcbc51cae6062d28201

SHA256
94a0e990e9c7a5d7fe792e28d6287415a0b6d7b6e0bc2b68e398db86a8463596

SHA512
98b0e7a68950a41607d71a24275caf425aff0ce033965f0ad20323902fe9d0a3d804bafbaaba88bcd5e43cdc1df46e3423d87da76583cd19528d593080a7d576

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
4f3db8d889df5133c3108a9c6ec24c12

SHA1
77ff5b117ad32e4adbd86a4abdc080d115d862a5

SHA256
df86ed5f9ee58420c5f1a9ad0d494efbf9c4daefcfd41fd1f36c2bd56179584b

SHA512
787d6e40ecd89963cdb6971624482f7f500468b4b3916d066665ab6e24f24aa5a5823ec462b048e3a2d8759bffa8327137c12c0c3b2713af41bf0c546edee3c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9c5e06ec88719f7e939a80f625275d3a

SHA1
1ac54fb73cda56eeb2c58046b8fd20fd6da908c3

SHA256
40779a3f50d0d782aa2185137c2069fed3cb9d239ca1d085565c6b680379d1b3

SHA512
cd41dc741f0bc9795836ef8c53166cafe249bf2c967a0e43ae2fa2e197f1493e4101026c2baca95aa772a7287c899f5c57e95140d068ef2a4af052ae9492081b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58994d.TMP

Filesize
1KB

MD5
028d2a53404580acf0444c155e5cbb79

SHA1
6a5cd9dda41d7744be0e2747ca997f5dd53c87f7

SHA256
c8c3af932a1f4d35fe7f1b326eb5cf00e988a3e57a3a5069036fdbf1d14dac64

SHA512
879f160950c49198b5da6997448af563099dc2991610d82c60ae249b59596aa68c188740311512f1baa45c1a56a47718011d235d8545970635fa067774cb25d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3eb5b9060c7c646b53d6d4b9ce25a8ff

SHA1
5be84034c04d624eccaf38e0b4df21777b635475

SHA256
6c0443b28dc04515280864d72c77899d6cc7de75fef25ca5c063a7a8045d0ee2

SHA512
5d01f7cbb715e0ea5697fc77a6621543fd1b9df8fa1e2157a3b8a82afbf522cd1021df9291d991bab2847d2148d4cb81b6226dbbc8632a8c8fc96c7b49894a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3034d96c06cd85c32c6b0dbf48a9f23b

SHA1
d3ef541d53b427031e1e24ab4e111b3da60e1bc7

SHA256
03771a62e28f90bbea0e88b575cd61a7fb43a25cce84bcab27aec48c86655e26

SHA512
e6d3527e740565f9cf43449ac24e2ca3630841df2c4703121b3c86ff165ab025d47eb845bb7999de7e43d163d68e3c0043e3476e271b52b8e08d4a56d9ef3404

Download Submit