hxxp://WWW[.]WWW[.]JIOFIBANCE[.]IN

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://WWW.WWW.JIOFIBANCE.IN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
4532	msedge.exe
4532	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe
2792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4532 wrote to memory of 4172	4532	msedge.exe	82
PID 4532 wrote to memory of 4172	4532	msedge.exe	82
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 976	4532	msedge.exe	83
PID 4532 wrote to memory of 3048	4532	msedge.exe	84
PID 4532 wrote to memory of 3048	4532	msedge.exe	84
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85
PID 4532 wrote to memory of 4848	4532	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://WWW.WWW.JIOFIBANCE.IN
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff994ef46f8,0x7ff994ef4708,0x7ff994ef4718
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1712 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1148 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8005649962339095267,17275591389581420722,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90246c0f-f672-44db-affc-6fbf9b29cdeb.tmp

Filesize
7KB

MD5
36e82ca06ed148bb2a621c37c941e1ce

SHA1
5224521d0951d597d70c301a9cbfce26eee7f790

SHA256
532f9df34bf3a27f2f2c36734b1b95891c4797ed96d239c6f2af901987be3062

SHA512
b0a1aabc6883cfb5478013ed251199d163432f2050bc7a06fb09b879cb3b45a2063d8ee2ba3d7fdc8550a98d3feffa23f26d7caf8743ad3083a0ed0ce7b2e638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
53KB

MD5
e323eb3cc87903e17c72054d3c97b0e6

SHA1
afb16fc7b8d276f70790349cc62aeb94e420061e

SHA256
8ed4a70a8142d0f0212230f8e2e23f16f6667e368285f9ee3630856d17a7fa62

SHA512
0efbed9d38ac649dcbd1ce800e57a6684b9a105db11848fe436705433e49cbf65334f6112dfe90e7c2968720d8961ad85a6c56c7c434d49457654a2f0a24d6aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
41KB

MD5
503766d5e5838b4fcadf8c3f72e43605

SHA1
6c8b2fa17150d77929b7dc183d8363f12ff81f59

SHA256
c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9

SHA512
5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
34KB

MD5
65b905d8bfa8ae2dda10cb5b24cdedab

SHA1
5a600ba2a17face6a47f714475c40bd122caf7d2

SHA256
7e941c2b7506a9701f157ad84f6225a935e13e7547cdd529873acabffccb707e

SHA512
ea2d3cbd68143e01740d67416c0436be41cb7994a89b0f3abc13eb01ef338ec5f55e97182771e72fcb8914a0f490644dcdc952121a6183ee33da6e315d6a5009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
408803c3b058ed32055a357521acf9b3

SHA1
332ee9581d62de240cfb4bfa8afdb53c5b176189

SHA256
8afea3594b917dae8f8a0aece25e194d746b7f8226badff6d48efc8e10fced66

SHA512
74148c077526858f83881f26e7fef08ea944b31f2bf57a5e70d44c58b6a0ba3db25bcbee3457ad09dd7346a5273bbdc8bc48b12525fec2540ad90712aa404817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0

Filesize
289B

MD5
fbf2d75c57f7daf2f8d8d302a66e5c20

SHA1
578656c3fb0ceaf6a1254ca7a152ed06a0610b00

SHA256
c65cddd75fa74735f661890963a88c6c51e1c990c613d338199cd50216ae57f3

SHA512
aae95d1db6d163d9ecabe18342d844ee0dfe18561d32435bb543474939f8ec52ec60e18a944d684e5213c256f0c9407d59eddb887fc52c4ad8d3a6fdf10ba6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\61817d381b7d4ada_0

Filesize
343KB

MD5
77e78227f973cdc16c0564d525c12bda

SHA1
bca86e76d515fbd6718d4b4e0917b0a9c91d3aa0

SHA256
531a3dc31450cca78afc0d23c51ae333560912962862e2251181e99b656bed3f

SHA512
dea590f660eba089327727302714594a58b4e13ebdd32d97b133801837c2455a130b3678c0363eeafccc8177d0a6e75ea78ec01cfdc0f1579ba8e78e8a88fe3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d05b92c91c7cb5f7_0

Filesize
343KB

MD5
b258761942cd4e889dcffa796ef769c6

SHA1
4c6303f82b2c2a0ee360125701dd751d7da0edb3

SHA256
d6fa8b33b88d37b50235d248cb872b08f02794f6752914642dcac10f5c8cad32

SHA512
a860adda5a929b7e1d0fe7625ab9f9d03b619c588fbd16b37668822adc40a4df907012cc5d58532a21d7aea0489ecd8b6232abf0eb6c594e8d8bbaa16ab29110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
492ac73ed043f105a58800f15b01f94d

SHA1
d9a824913313c5b6b9e0f3fb424d4cfcaa84b380

SHA256
325ff8ba034806e2b42fd28f915399f7b22a7ffcf8e55f06dc9c489210714832

SHA512
b794348baac8b8d7679fd20a870cc25c5e04b7077f00ab3bbb6c96943ef40f30344e9291b7462f52f32ff6c49daad96a22b5ee77b62c4fb3be2c6138f942a336

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
b8e4a4cba169e6458c42123f4ca84bdf

SHA1
e2ab197f42f86084efd5668c847d24fed4453c00

SHA256
88d44ca0aaebde8ffe2cfae9f9c6d123eed873fee76649c63bbc2084d58a2304

SHA512
98ecb84b55e1b22a5b7180c383712070329329d97af9319bc277aabcc07d7147ed89bb3e24950e8d05691f3b8b402b4f5e482c25e85819ed858bc2625e2cab3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a3e9bfb0790efbef4d2b03394a415105

SHA1
bb1cbd96405ec71b086bc5629865de7366a04d55

SHA256
df4beda74517bf6c65c8226c3ca55676b6d6b3e9e681358208dde1f1b206fc2a

SHA512
b96c40ee994db2557a5b551794cc751aac75dbf4a354b3f88f8789f9ffddb59cdae6eef84ca43469ffffcab651bf5f50cdf1351ccc30e55339eef4a4e29ef7f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0aa444e5f8113c63f0a433011c7ea3e

SHA1
a68cb4d75f31bb8c3587c0687273783b9a74ae1e

SHA256
94cc186aac61536ecec20febb01b1ac32060958e5fb8bff26a01f42d4679090a

SHA512
ca1fa5f054f621015516ae153a39af110811ccfc16859636e5c4d41babe6606342db8e46deba24ce88ec0fbb7f3a1c9a981b13fb5035f48d1d09b45a67ed7d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88b9820a5dbbf7f17f9f5b9a0478bcba

SHA1
4a8858f1b97c39d8adb1d29c0665aa7eec4d21cd

SHA256
ef68705d0226945744d1802b413861878aeb9a028bebd33c5f75b3e58f5f96a3

SHA512
cbfba988a3644f0710001b97cf203ad3c9826cbcc848907d2aac4162fa24b50fc8c6d80f277d90f9a923f72df6c91c28ffad724e07a9ffd8122c7b1fce9d1c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0211b910b76968d3de1dc1a827bf50f9

SHA1
a1467fa6c50da0213b55528a45ad2f8dc6eb4c3e

SHA256
d6be87f8dff1670d08fdaee6560993fb285cbb529f7c08d8550748fb8256f623

SHA512
07edca817fc414005ebec9233c0cde3893c71bbf8fac28f8c133aaedd881824831a39a136d038b2cb46d8dd3f9a17f5343d195e381ac2a436b8c8976af6e9e89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
45346a1ec673c43d5fcc8368d1e9beea

SHA1
b829089b172f9604cd9f62ae160c3e2b0a7f6be7

SHA256
1ce9fad95fff40640099570089fe6d04251625463a4eef1c366a4ba4ac8d1791

SHA512
dd9ee8f32755f4d6879e8cadbeedb32ad8e2912e9b5bf7bf928715c880c99cce5d3773f1aab4b54679f6f3a59f03697a38396f493eceb627f6a5eff7f877a708

Download Submit