hxxp://wearedevs[.]net

Analysis

max time kernel
127s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/10/2024, 20:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://wearedevs.net

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2484	msedge.exe
2484	msedge.exe
3460	msedge.exe
3460	msedge.exe
3208	identity_helper.exe
3208	identity_helper.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe
624	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe
3460	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3460 wrote to memory of 228	3460	msedge.exe	84
PID 3460 wrote to memory of 228	3460	msedge.exe	84
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 392	3460	msedge.exe	85
PID 3460 wrote to memory of 2484	3460	msedge.exe	86
PID 3460 wrote to memory of 2484	3460	msedge.exe	86
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87
PID 3460 wrote to memory of 4716	3460	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://wearedevs.net
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d246f8,0x7ffbd1d24708,0x7ffbd1d24718
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15646646215158769713,6005564048164113801,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
b3e330d9a2b44afad2d4477512409c60

SHA1
2fc7353393e223b7f43479c4d5f5a7d6930d9fee

SHA256
fc555d8b3345e678e51772bbf483649c792e98f68d12a66acb75a8416041c2a2

SHA512
74d32e2b0d0efd8f91ad0fd09181651323bd7c1222c7f6af9d199caea633695d8fc806d484e9dadbde414d5d8e0d1ede98845c01fb8a83c3c164f340cce45098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
21KB

MD5
da93aa5083d4a8a231142493c28fdae3

SHA1
7ec3646cb8219a1e3f4d2bfb9b80343ad4ad0fde

SHA256
f953d546d5c0159ed38fb748e442276e47958eb0f95f29c6af82b7e31e3667ff

SHA512
4af42d49043a6d8d193ed491a66999fa5d57942b6d1ceea33574eaabd53bb7cf86573980ee9c4aac98b3e039011634c2450041343872de503661416cad2616f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
20KB

MD5
2fe7405a4420e49de7f164b53638538e

SHA1
639a77f012d78abd40785cac617736e29c0892ff

SHA256
d9dfcf2fdc9e7c77559a573501799398adbd7a5e91701e73c35df027350102e6

SHA512
9edc1d10e6abaf24aa41a3fc34e31918b8fc088433ef454ac304a43da23fb78ae302d72158015c02f4090f784adb04a32a9a0ac3231440cb660d92423a0baa77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
4177aa9720cac13b9571cde3ff5d5a7d

SHA1
6b1a1cea415bc45082c5e71518489bf4580fabd6

SHA256
9a4e4447f5acc4cd203b99d62da736d5883b439f4bb1dea1875546c0558732ad

SHA512
bc9c2aa0448bf6797201fbc33e98aaf93d2e628722898bbc2aa02bcf4f2a3b4d1fc4ccfb49b82b743204b3e42dcedee9310bbac1f7912ee310a6ebd18297f45a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0044a07a210893559a13e268b789ad65

SHA1
284e9ca8f49d05134b82e82852a5c59b464c2246

SHA256
dc788fb3e6ed6656ebfcabab5527ccc6d754f39b49ba6fca11c24ce22e96c6f1

SHA512
e5f1ace5a5373f5dfc84c72609a2c5a9fdd0b9e5e4c988e5cc267358db52bf7922a4f74f19c2699bb2975d6afd31b013f3eb8c87540c0dd7ad48ca45867fb3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c27c342178257a1f5de9e430258c1fe3

SHA1
ffd8f1b57e03bd721ed81720c91e56ace3ad1f66

SHA256
12feb1dec4bc1b388c89358acacbc584f15c66603722008fb0d57cf8cf62e42f

SHA512
a199bc4d2a08be7570a18620a65e87442c1a1b8837d03742274725a36b69a1246f8bcee73693371b7ad182fab881e19e222f3767a1327f07e5dbb3f4a4219e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
7bffc079b3ea408f4340aa003969df8e

SHA1
3fcfff317a87f9f3566c35de8a43217119e7fde0

SHA256
a362a6a01a6172096c707865f2212fa630b468cc82a92479557dc45c82dbf30d

SHA512
d367ac5a5c356df83218234460e3d225018cfd4d4648479d606c70333617a93be033b9723a90750b7cd3607a5e5142834158c80cb40e7948d44be3b7af139b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b6c2709c691804c4d0965c58c1b4a04e

SHA1
b48bcfae6542102f0fed745c7f641f58b7ada999

SHA256
9c5c17f803dfd5d025c8e31c310919f4dbf11df139841c13c9df6a49bb77a194

SHA512
8890f83b800564901940f6eb969028bf2552e9f1daec9aebe7eb20fe09a782d26945b1f7ecf58534651d653bc01dbc03bf12fdcb5f3a10a529ab5496cf1f7027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c721a0e4bb72506dab06a4c0d60e0d3

SHA1
f360f940239250384aa3f542e80e19de0ab56fa7

SHA256
b5d1f4d5562567b58d1b2219a1c7c69e04097e39202682584912904b4585b555

SHA512
f00bff4fde1616c309d166fb2d046759d050b6af99301b6bf7506bf87074ce4d2de07ac530dc038452b76354f943e70cd67825d2b780807e5fbd772ced593d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5947eb91e1498be9305e088db19a07fc

SHA1
7ae648ddab832beee3bbdbfde947c39e0262e6d8

SHA256
6032f3dc54827ee01e01d7e656d0d44e568e01addadafcc583f821fcd0f5b628

SHA512
89906e5ceaec17d09ed3d10f2f5ce5da6fd08827b6cbb1d4ae226d4f945d0079927889812e417e1cb47d0a6e220d6739eae5219cb6aca797b618c0f51ce70f0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
ee54e765ee383487ec883dce4e8192d2

SHA1
6500446d8b18698e6add9687b54fc77e038de8fd

SHA256
d7a80f38880d022322af93b8efb9f4507c46c60f9dce89eae0eb709432f49e96

SHA512
d234d8bf9a01afaec9f9444eb8887a28c72127ee42ddb48db933ccabf646182eddf6c46b463e23b037d288c79557a3d01425a2e45a9e489ba613264cdb39a685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe590313.TMP

Filesize
870B

MD5
f6fc8a40b7a2c59e9f025b496dae4dd4

SHA1
da67b8aad6410d746a1369a62d7827aab858bda5

SHA256
638c83889a10fd90c2a9fefe5628f7fcb49e0ee5246cf514aac3d084511831d6

SHA512
d790846e6a0d8f850469274f3b7abc21e844a06e358f54d74a021059b2102866d9de110effd6ccdce7e94f470ebeaaf60c9d2bad3f6147813cea3000a300c169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e8fee73c504391c4db40cfc3aa093d4

SHA1
ee84d6d4adeaaaf45bde92f33cd85ddfd5c77982

SHA256
07d30f173408b892308cbabf8adc8644e61b5fa21a56fa0c8233474ff6e5bbc9

SHA512
4685c729c037b92ca24e82b628a8a420f2e79f280ddae40261efc354908bd5958046dc3c1199381343b406a2999b28d662db0ac7669a8270ab85c5094d0f5166

Download Submit