hxxps://ch[.]bing[.]com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Resubmissions

26-11-2024 11:58

241126-n488cswpdm 8

26-11-2024 11:53

26-11-2024 11:37

26-11-2024 11:30

26-11-2024 09:55

Analysis

max time kernel
110s
max time network
112s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
26-11-2024 11:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected phishing page
phishing

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\373832d1-73cf-44e8-96da-e9cda99452d3.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241126115332.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3860	msedge.exe
3860	msedge.exe
3100	msedge.exe
3100	msedge.exe
2640	identity_helper.exe
2640	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe
3100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 3688	3100	msedge.exe	80
PID 3100 wrote to memory of 3688	3100	msedge.exe	80
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 852	3100	msedge.exe	81
PID 3100 wrote to memory of 3860	3100	msedge.exe	82
PID 3100 wrote to memory of 3860	3100	msedge.exe	82
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83
PID 3100 wrote to memory of 2572	3100	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://ch.bing.com/ck/a?!&&p=de01397e8e89421aJmltdHM9MTY5ODcxMDQwMCZpZ3VpZD0yNTA1NWYyZi1hMDEzLTY3ZTQtMmY0Yy00Yzk0YTEwMTY2MGYmaW5zaWQ9NTE3Nw&ptn=3&ver=2&hsh=3&fclid=25055f2f-a013-67e4-2f4c-4c94a101660f&u=a1aHR0cHM6Ly9mY2Z0YS5jb20vZW5zLw#Ym93ZW4uemhlbmdAb2FrbGV5Y2FwaXRhbC5jb20=
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffc6dc246f8,0x7ffc6dc24708,0x7ffc6dc24718
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6cdec5460,0x7ff6cdec5470,0x7ff6cdec5480
    3⤵
    PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3860 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,5017759922794671294,7243608404737364315,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:1956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2905b2a304443857a2afa4fc0b12fa24

SHA1
6266f131d70f5555e996420f20fa99c425074ec3

SHA256
5298bdb27d48c2c2b5e67bdd435445ef5b06d9b36c11394705b413ff3d0f51f3

SHA512
df85de0c817350d8ca3346def1db8653aaee51705822b4c4484c97e7d31282a2936fa516d68c298dcbbb293b044aa7101b3de0c7852c26e98ac6c91415162b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f5391bd7b113cd90892553d8e903382f

SHA1
2a164e328c5ce2fc41f3225c65ec7e88c8be68a5

SHA256
fd9710650fc6774ce452b01fb37799cd64d3cdc282ac693e918e38322349fe79

SHA512
41957bea3e09c2f69487592df334edc6e3e6de3ab71beb64d9b6d9ce015e02a801b4215344d5d99765abe8ab2396394ac4664fced9f871204453a79463cc7825

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2701926b923c403920be19d1a10dbfa3

SHA1
19131dbb31ef0d66a75c297dab5997ae9b2800fa

SHA256
0fa6544dc80b2a5c323dcc21a1f4ee215706875c93a7aff104f860ff5dbf430f

SHA512
47d72481cd2daa7dd4ffa7aff496bbf114e258858d06cf04aea2cd910601ae41603da3f4e7124644eff38a265633df0c4f50572cca7409dce4af7e8695fbe45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c0c890fbd19502365c6c4958c1d6d35a

SHA1
b41f5377aff5000234c24b81fdb5750ce5d6b8cc

SHA256
215df2ccbe3f5c465360b16ed5e7ac9478a99def6821ba4cb2f7118e80c471d8

SHA512
099105124e69cd0d18e0adb975d7a2b02707edde0970500fc2c32049d5cfb64ab5256280507f10f741d35507a0f2bd72a1e974ddd7f9d34e5100f158f01d6250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d66b40da157e8ec6b37a527ba4cf7920

SHA1
1a99e9f4bd323ae75157d07cc53c135ac098d959

SHA256
9cd21885a04999e8d82db7641f9b12e203e5e1c6740a131d96d388c114a46657

SHA512
233354ad3dcd50d84ca0041afb2e68f6596be861090756e92278552e5ae4ee89340723ce4bf5bff74ddb5b80e470797fd3350a186939dfec26934cdec6390b2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe58d145.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ff083913762a7fc852a041161fe06201

SHA1
40cbe763be7c5c4054b8747c3e9d7a04ae3dc606

SHA256
ff74573474e95c290ab7a3e4c21a338bb6bd5ec17ec7b2485c3da4e42c8e386b

SHA512
badb76259cff814ec6edb1d916b3e263fd926268ec4f50cd7e64a305cf777925cb0843a8c30a9c57ca2a50cbd3423a581957bfa10f656a2193abe2deada61d11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
899c93aef27af5ae716d8d611a1a35a7

SHA1
2146030b3794e56d083883b5224ffcc0e3b08fc6

SHA256
3a220594936c13cc7e516082d9306d5cf7ad1d71d5acbad40694b387c35f04c3

SHA512
4954e5ef123b0aaf11a3ba5d4b0b2a18b29a09c6d5461e80f5262dda4a06cb5bc76fdd2e3576826807d1adea45fef6bc2e5d77873d61443f46991a71871bb808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcbeda5fc91d15ca7d1abbab830d5b79

SHA1
47cf5d60c3345148ee99ceda4ccb6ba801bafa42

SHA256
11902ab6f3971481c27c817b316f7168e2475ac3528707c8905547fc295461be

SHA512
6009af9c89264ac20488613bdc1deb53b34265d3e8a4b6834b3e8431c467fe5ed4566a9b76134f737ff1b04f2ba8cba751afd1ab5ee9355b38fd3b2d068d32b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce81e413c2e7f266c4e5f9ef31494fd8

SHA1
b164c0b98b780d9789581dc158bea75ead48ee34

SHA256
11fa11f5ac0f4ffc9f0c9bbac7e10f49f56b4e28850689448b3279d08f2c78c4

SHA512
b13928da931f7af7e9403bdc84bd92498b98a76cfe38c2c4c3364a6742a04a39aa2c7205f68887e26aaafa5776f34b1f653bc9f50f61d4b04da503115f155459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
75f9567a805cd4c11e26f15df6ff94fc

SHA1
e124d493914d4ec9868e7a1c0557e04fc06552b3

SHA256
5af1aac09e6031b0bc97db94412a054d66253a79061cc9c2ef6a3d4c1a8a3a5a

SHA512
26d61882692e4a2bb076fea66769abc1c0332fc58c9b7ea831b726bb84c6c112f95425bc49ed5ee012ef57b737f828d4f1c7462aa3e611cda687258e207bf219

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
88895f50e2ca5c3d90851ee1d41c0bc7

SHA1
da960ab79522c0ee3af1a300c9b43a6884fa9faf

SHA256
fc8437b7aaa6f193324a5e432d7fc2650788d4b0c86b3942c4cfa9b59306d86c

SHA512
1cc2d4cce1e8361498617a8aabaf834c9a07ec9619e3eb33bc32bad22e6df1524e39dc88b0e6d3a5116c4d8b6cb9d50550a6d870a65fdb50c275628e81c7170f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f830acb626a336abe8d3ff7d0922789e

SHA1
9a13e8c056fc4879b08e66ef90eec9d6dc98df43

SHA256
0fd4d9b8888a5888b0abcc62ddfbaca91888c5f9c284b5195f1d927c56e19ab3

SHA512
ce290daaaa7588f02802aaff2960921d46f3fdf18ce44e1e24c5fa3ae67abb996fcfcba5dc4124aa592090ad5beccd05acb7add738cf72a672fa46e062772a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7ad9709100fb43b77314ee7765b27828

SHA1
5cd0c406c08c9c1073b0c08169ccaffbd4ef6b98

SHA256
04b61824ffce6fdbae4e6a527ae58b85813226ee28fe4d631feb76b5f936a1a9

SHA512
fc55ee34b1107e298f2cfcb20dce42b5dbc98a7b68e72ed80a6ea594f66dff6f9e9cb70ad5ccbf5ad2171275f375abac1defd8dad4118afa280cd9c1d9f6a538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e122fc93c0ad25d45d09ba51a3e86421

SHA1
bb52a7be91075de9d85f4a4d7baeecc3167c871b

SHA256
a277c1c6fafd7a44b47d94e4bc3c0337a64a34d252e58722855aab09e6f52bee

SHA512
12787aebefd6a5e4584ec8747a78538f948a16b214bdf81302036ae89e2c4563027847236a4770c4f780a9ca0ed03f29b1577bfb6f11feffad85b7a625324bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
718a82a5cc3c77f20d1aeda3eb2783b1

SHA1
261a20a1d0439ca45846bf2de5a457efbcee23a7

SHA256
de94f8d2afc16ed2f6ff31febc4a6902940146ef22137ebdbf2decdcf2fa3902

SHA512
f2cfb4d9105d7e687030ae6f068671c55df8e95181db80bbfdb0ca3cdcb6b202ce8dac6e0477548dd2e385a504fa060ea4730e2a78065d7364eb642169537080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bbeaa252121d49846d694eb0b8b45aa1

SHA1
fbf81b290e74b738c77e220be385adbd462af0d1

SHA256
4ae48d1bf4d6970bb1240c07921439282cadc23994c186fadc7730d7ae50e7fa

SHA512
fa0d55b1d6484dee79bfdd679abf098129cdac65a4a19a1bf19c6bb5b536cb339e89e59055afc4419f7e2b76e8395152c4c915de164d1e76337617fb7f6cc015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
0c150e31dab7fb55ad558601ba190109

SHA1
eaa24eace5713f46149cc1c8559ff6c3264294cc

SHA256
7d58b9d11982ca1ae28341041d5dc730adeb989920ce6340debb1ccc02737fd3

SHA512
bbd91c66da4204d3347fc5a00a6fe497bb21b806bc278dac2cd9806791f5d313f47b05e340a236ae482371ad8f5744ebbbb90d95a7cccf98f612e0aa85b43b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
71dfc22bd14aa764899e2a4ecc23146e

SHA1
6fb62d0ebe072337100c2d68bd5c65e8a33b3926

SHA256
fbd2c5d3a9b39480f6527ec6a7e8c8c7cdf186b7e6fab0267e6845376d1d1e7b

SHA512
514e1896b1ac339ed451912c3116ac6fc20c364c01b172177aa119c72ec05ce92fb72d71069ef5f5591f6a37842a666d10e06b85ea5cb7be9520d6dd9d96ea7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c372e4b019e7cfb8a24aa181444c205f

SHA1
0cb6a06b2867a4e54c07a42879e09496fc9cb557

SHA256
3211faed5bdb1a49e1c836529a016fc68e0a23ddfbdd3f6c2a892a6530f5effb

SHA512
c0108d1d3474ff0fdfd9a4f53ae71175592f3c25bfd9c7ed9718ed21acc8dd689765f4f0c7f3fa07052571c402e056d09e9db3a171fc12147f9b1c76a8a3248e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5885f4.TMP

Filesize
204B

MD5
d51ed4b4c82c93950d67627ada8dc039

SHA1
e6ebf19440e2f86049cd3ea9fd754c0139ecb06f

SHA256
4a0dbfb6e79f6b15ce5fd3bb0d7fda26c9efd3cd88028208fb1362e648902c18

SHA512
aca410ca72c923bab3e7c60979f4cca0857514fc1d816d2a467cd2112acbe60e4d750b0f893a58c59dc479dadf2a38c79b1684e4953ee7acfdc56c2dfaebd19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
38fef979e4d7ae0fdda10ab32aea870f

SHA1
f763e70710041efdc376ae2d89ce0a04993ab420

SHA256
f4b1663cacfe53f55e2a703ca0103af3a2bf5ba0662041de94c985ec4d49d430

SHA512
0507defa81b4c9b026a3cf7cbdf43c2f0bd8febeb0679af50ad02f868b93d8a5676e1f7192999e90165a0873f7d93dfe59735a7489653a0c0f402cb21aa73533

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
f78498aa0096f57872be662b80b26752

SHA1
695d27554324e2aba9d4689f954d85489ccd6780

SHA256
c430e9364aa3a505a07ec6c28cd6b496799352b926a997faa28d2c97d56ae75d

SHA512
2603dbfa18d7ff707fae2712666ee1f89bd1e15f2cc62f51f5ba7b94f068dfb4e8f7c6b4df60516d83d3fa19f07ef8404835b88a11502e76cccaaf2dd67bec7f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
44a179cfa2005f756a06fe96da4b0abe

SHA1
99ab3cf50c7506934104c94bae033332f4a2e29a

SHA256
ad1efcce8bc64be709e5f35dca2a903ee37b09155ac090329512f2aff9cc2503

SHA512
e34bb5d3c0380efb79c30e692665e934750cd0c2e7fca9aa16a3b58a9828bb45617560b2e6aa2b0da00cd71299b6413325eb02dd028ae27c474ccc8b1e83d8bb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
b7cf7589c602b2043e6ec7db3d6bbff6

SHA1
dc54a65c05dbfa500d748b746970f8f7bb029baa

SHA256
46e079e86cceec73435ef7cf996f942652d1a49552329c2cff8f4f3873aff5b0

SHA512
beca35672e123dbe5e7d1b8f0eb258421b70f3578c0516b2967ffcf39a14b0b6f83b64e336f7bbc369b9fdc879a2898f0b897300aab7fe12094071cd6515cf83

Download Submit