hxxps://google[.]com/

Resubmissions

10-11-2024 03:12

241110-dqpxfsydng 10

10-11-2024 03:07

241110-dmj7ssycrf 3

Analysis

max time kernel
189s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-11-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://google.com/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
956	msedge.exe
956	msedge.exe
440	identity_helper.exe
440	identity_helper.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe
5384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 2416	956	msedge.exe	84
PID 956 wrote to memory of 2416	956	msedge.exe	84
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 4396	956	msedge.exe	85
PID 956 wrote to memory of 2044	956	msedge.exe	86
PID 956 wrote to memory of 2044	956	msedge.exe	86
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87
PID 956 wrote to memory of 2064	956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://google.com/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdac1d46f8,0x7ffdac1d4708,0x7ffdac1d4718
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2636 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6972 /prefetch:8
  2⤵
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,17519856185412184031,7241890762003796930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:1
  2⤵
  PID:5408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
27KB

MD5
f9f5c08532746eb8dbb651c04f4377bf

SHA1
0ed6b5e1348becd4ca048e482ed6dc6583ecfcb6

SHA256
6c0fd820c15009c6fcc97301ccd217d783e43a8e5425b6d91f43fce3b95f3bcf

SHA512
43b78872700d9287bc6efc4d339fbfe022659cd8af69d4c40ab529ce5114fa3882e44d28d60e24bb8080c4d99cf110b9819ecfa758e2986aeff0fa4562f3a62b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
16KB

MD5
9c6b5ce6b3452e98573e6409c34dd73c

SHA1
de607fadef62e36945a409a838eb8fc36d819b42

SHA256
cd729039a1b314b25ea94b5c45c8d575d3387f7df83f98c233614bf09484a1fc

SHA512
4cfd6cc6e7af1e1c300a363a9be2c973d1797d2cd9b9009d9e1389b418dde76f5f976a6b4c2bf7ad075d784b5459f46420677370d72a0aaacd0bd477b251b8d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
aa256ea41466d6eda08f95d120d04bd9

SHA1
9b1af5b180c040f13725fb2acdfc24883678c931

SHA256
1fe79a22b066105aace9cce6af5eeefd888c945de0f884251cc38ab9ed113906

SHA512
d45862728fcef47b4186c6423647666f55ebb33b9efa9f6f455c42d2e49c225a588cd8bdec6c9aded67b6eb7f95f09bbb8a4192ff5dfcd7ce8ba86322be14a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0ca78910210e76e0ac09af8758a8c651

SHA1
82007ea8ea3a5f8913d00258d3514dd10aa35e4e

SHA256
4c989a3ca323a07d924112133096b0406695b8be153570f1ccfeb96b86cd20ef

SHA512
eeacad0b1cfce6920b01209132fc546b6160128b761f2e433ebeafa07e90d5553285a0fc09fe40eaf9788d7304b92b2b44eed52ef969ac90cb17ac98a8aa2e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a3065047a5d9f3c57107f5a2d0fed49d

SHA1
83b0ee65c0370ed2d0a8df09facaa8101914af5c

SHA256
e60c0be5f7050fb5afc5746054b62e65077646e3d97cdd47e326a054eb556ed6

SHA512
eab26355637dd473c2a1712375afa226e00993e7b18507d4769641e6e4acd74c529aa7cc98798c45900733e0f6c63775e956a03108fb1c7a7d3399e7c4ae2200

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7a946625a483a8c5fe9fb54c1a2672db

SHA1
981bcd327dcc3bb855137b9a8fe6ca7baa0c7154

SHA256
d74f892451c4145aa0ea6ff7ed2dc48759e8199bc7a2a9f7cc550a00a5d9c2b3

SHA512
855015e0b1b5a32631fa59dd6fed7dc830e9071ccc28993fc76bc4c5024a979c4b6d8efa11ff97be5d43bf45c4ddb0c98962070b7a374e2fe852d3b1633dfa9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e2f2e6ef8c92da66849d1499f53b8654

SHA1
22f685129c97cbd31e3fe55e48f13016ea6a63cc

SHA256
f8a5496943664789cff903b100ff5b4fee50b97779083f08d062aa3bd3bcfaf7

SHA512
ccaf6b519f37d5079a78e7a73754555e8bccea233870d181fd17a3973975eb6473de880d1b32dade055e54ab52994ea9384d4105b4d340bd0b0385a691d88c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2c7b295546a3676477465f263252d359

SHA1
5ef412234ebc0ce516c269117ff8d23569433da0

SHA256
ffedc94c6ba66cbaa0b5b74ce560cd60be7af0ebdcf01d042b3368d722570573

SHA512
4b3097fc687d68c8c6433e68d2634fb272ed5015f90d164188087d247200d41ec9a9b2cfd6d1fe726f4a293d7eb6a264d446af8f1751af22f07007ea1471da64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
e96324426d9dc421194c8ed689109842

SHA1
e740d342d6dc139e2fe91479a7fe9fac787b54f3

SHA256
4ffabb6cb3778c789482f16207e9fe7ccb0159f8f4edef032a1b4e08cdfecde8

SHA512
809ab5806cc10030e3d728951e2470b42f9c601f57d486179e24b63e1f0106c2c23e6e775d38c2f916631a5d89aa49fb8cf9c9f236dd9e6c8d9a62f6fc1336d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a1e62f0767fb1c907c3832ccd7d6a088

SHA1
4d34d0e71689f8eb86b511d88906adb3cfbdf44f

SHA256
972f42b170c451d07bd722e5cc289486edc7e478811d22468edc854387ba597f

SHA512
d42e3212317fb8d252b9724aae15b90dc4e9079d299e4fadf3fceaefa19132cc574db9b90f369840bfc2300110dc28889ce254996060d9e196a191b1e7a31ef8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
72e7d5ee4315f342b917359e27107c18

SHA1
d8994e1194c10ba4eda372a47e384f6b5758fa74

SHA256
23f36d149cdaa7df3fc279195ccbb2292ce33b53f2a9baf752083d461755019a

SHA512
314daa5a0cc049788d90ee2e625f3ce7967df8f344c1a232aa55e4007b50e805e6a8f7b28b836d3d292dff1332f289a4a4dfef0f561680a5c805df6b40a9dccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c202c5e32f848246f89af9f0e556e57

SHA1
274bc663d636d49cf43d2e3c34b6074c78191dd9

SHA256
f5f43abf47b0870148e313b5869f34c980f5b095cd9c028109213ed84f301ad5

SHA512
3101df12eead1925cc777ccaa8af13f5667e2ab2523266fca5e012d6f7b28d84277096b0b28197a85ad8fb445e08c6122bc4b2cebd715996b7d3f1e37cacd4c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
2f8d8f3e874489d69c37276a46e8bcc8

SHA1
d96b9fd7ec6e3b70a9dd90a2cfb790eee5fa472f

SHA256
f69bd5dcf81e62c4dfe89f14f24223c4b84b6b6041b384e63fb60e21c495b704

SHA512
b454ca81f837f1f7ba5287b5c114662b45d1db4643c49e0ec60f4c0e0d9f1794f9f6b4ab2b11e1c2df52d986d03ee7da11239e8a86bdd21dd17e521eb97317aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
24e0ba114e385aba5746ed0458558405

SHA1
19ee8a02eaef22a3d5361a0bfdaab3dcc024557a

SHA256
d0faab8784adb1705e0d21940a12ee0069e52fd5641157111603a34cfd71f73d

SHA512
cb9779e593ae32ce8c8fb348ceb4d691734a114365feb4c5910aaa2dc47ac65798cf2c493d43970cf2ac9d2863ce1a5e9209c803997cfbc69d4b85a99cc1deea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
185cd71a55d0c47b2d5f1e389f051116

SHA1
12908b73bbeae49ebdd8e5b5bc2720273ff2a7b1

SHA256
e0541fc67ce8de3781789dc0d687178741f208d16eb15f2fdf84b5e6ca0857e6

SHA512
0e08580a9522641f7b8958b784c5cb4f891178b79098e0b00812749ad25af042501c098254b6879e1126b8c8ab2c2a86d447df1fb947f6170f06220686a89f98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
4844250c99357b38c8702eb43dba10d6

SHA1
77f95c0d788ec26ff19cf565ecfaee972a398fc9

SHA256
82975acc9a796457d449209b91575dad2480a1a149b7b791e5dab66f4ad3a167

SHA512
1de9c2bcedc863c5343b555105f84e2200d46e1f7459fe298ba0405700b30eaf733406da439bace2981b9f3488e5f49472331ba20f18df246fd9b1f6cde5fc6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a4efc.TMP

Filesize
48B

MD5
1797621b42cdd40f0c7992c14f68790a

SHA1
988afc4bad024326d1d931c4c3b2bda8684565df

SHA256
add2f3f88a9d4d4bb0bb4be40464cca365f9ff7e453a1f5fc68afb7bba67c8b0

SHA512
865feda3bab1a969e77de6f886a09152bdbfe78a15936834f971c80444d3e509d3e4539ff62f7459d51ebd22208b02bc688f371a2e0f21c8aa0a709b64c00aff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7de2bf0017b43ab0a73fc6a540b6f08c

SHA1
cdb311215ce4051f1650a4d8fb3e552cd7ed819a

SHA256
0034a4fa7a35beb2be8700c1f428dcd04f6ef3221e87f128462bc494aa9a735b

SHA512
59aa8999d7d7c0a480f5cfeff88a11f0fafbc28d374f7f0e4bc7b09d4998e928224d515ba639a3dff6655045113efc8f4e948a448aa290daa910a31110a3ebb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a7695aea08fc093315f6565593600a67

SHA1
53de30fcba63491c60fde1b7e7bc70d4a744bbbb

SHA256
2bb58276e4a6897e1ccd992490cf1360d32af315eb6be6d3863988da9f9ec01f

SHA512
061f48f1d24873d61dc29860a9ef6650d4bc578924a11ad36685876c307d5d8d315d6147a28beb259ebb302d778bbdf2d571fa1b7c65cfb8c8d10c9539ab0fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bfc081f45dd3887323c7443bbcc5f785

SHA1
c288b0cdb991166e926cacb5b4c2b245932b4cda

SHA256
380d01f48f1ca69c2265d23bf8012f4935e5d55d8454cfa9e8213f57dc4ad20c

SHA512
16970a377afe0153d459d411dd1015961d16367aefa904119951f8c2080e22f039626f82d9ecfa70eed5d243ab165a70ec357d9a4d486f125429a61a3da372a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1a81ed22c05afdfac1641e043bb829ce

SHA1
8c0948680894a7a87cb5294bcb1f03523794b38f

SHA256
3210b06d18f4d3b8e644a0ac90293fc44f8664ede92e458e550e60ed96fce2b1

SHA512
05da337702d7ba97b4f1b0e701d55a4599138e5b89d9d2c70f2b969d8ccdfc215417b96ce1ad770c5305b9ba2f99f09acbd7906057fa0d9236435734a856aaa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
ddc8ef5d602c72dfc656927fc0a30992

SHA1
3459fbef23ae445d22dfd3665a8cb82bdd81b5c5

SHA256
cca6b0b080c634b839175cea12aeed700fd77f95700d41ecbf9cbc7c86f4447e

SHA512
bd06876537c57199a60d13d3a6af622749c33a93f22cd6969d476a31c95ad6d292124d5dbdd87d266f59d68e3065fb2377e2aa8790e4ca1d1282bdbb50b1cff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ae407ddad0c4d866c250d632a8a84740

SHA1
fc7d01b076c6f2a7b7652235eb46ff339d8573cf

SHA256
ac89ee2b841d0a8597f4f00c53f96b711db736085335772fd5a9f135be811bc0

SHA512
88a132799f9432991cef5aaea0b4fbedfb21cf22a2021308a41340e33e8493aabdbe57be009b22be68e0c10fbce99a5f0698071cd7b5ba409ed7275953d13fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2516531a5ecafa7d69eaf430a73a6b3

SHA1
ba021265d4a08e2f4a9e341ea4d62253be6cffc6

SHA256
1153591980d7933c3e09d2348b35ee477583e612419d734047b725e2075ce96f

SHA512
fa3dbe7493492689580af52fb43762aa6aa98beaa8247fb608cf7046285ed160ca7d0e4326373fc718b572f1516288a123a435f1b146ce40445704fd53760a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5808b5.TMP

Filesize
204B

MD5
d1814977841603dda051529db201f678

SHA1
a47d7e9ad61da589258a6654cc3edaef4b893608

SHA256
485e7c017e2022ec6c111e3dbe54220711702104ac2f6e3895f9de7fe66aeef5

SHA512
e58c33dde6154a81daa5f56ec79d9c5a2524f46cfbe1b8cc614f37587a48bc24edd8cbd2b33c1d3d641cd8f9bad9f09a466f3e845c215dd64eaf11178ccbbb6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b1272e9fb456c7a59da54209f4483431

SHA1
31adae13e9d7441a15df2f639a72d7b284ea01b5

SHA256
68c08dd2f4a9363863d96325a5fc0e2e2dbb4ac71e192695ff826ff9ab9bf6b2

SHA512
5be643c40bbfacc7e8ec2a0313abe12228caca2d3b58ef3e501ecb7688e3c06b13186d0444ca531f55003bcd2b2b334537739992d483fd8cd03df9a1b241b1a5

Download Submit