hxxps://1drv[.]ms/o/c/22620bf2bcf62e39/EubTS1BcE2BKjWpKaEocIv0BXqFNsO-eQz1UuQMnytYwvQ?e=IzMLWI

Analysis

max time kernel
112s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 22:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://1drv.ms/o/c/22620bf2bcf62e39/EubTS1BcE2BKjWpKaEocIv0BXqFNsO-eQz1UuQMnytYwvQ?e=IzMLWI

Score

5^/10

microsoft discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5040	msedge.exe
5040	msedge.exe
1508	msedge.exe
1508	msedge.exe
336	identity_helper.exe
336	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1508 wrote to memory of 1304	1508	msedge.exe	83
PID 1508 wrote to memory of 1304	1508	msedge.exe	83
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 1528	1508	msedge.exe	84
PID 1508 wrote to memory of 5040	1508	msedge.exe	85
PID 1508 wrote to memory of 5040	1508	msedge.exe	85
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86
PID 1508 wrote to memory of 2712	1508	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://1drv.ms/o/c/22620bf2bcf62e39/EubTS1BcE2BKjWpKaEocIv0BXqFNsO-eQz1UuQMnytYwvQ?e=IzMLWI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc44f46f8,0x7ffbc44f4708,0x7ffbc44f4718
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:5612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5094180382654895537,18172866593292611786,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1196 /prefetch:1
  2⤵
  PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000033

Filesize
30KB

MD5
ca6e0dcaf6fe11e3b4d4d299ecbab7a6

SHA1
a637b13aff3baacc733eb221226c36b71a3d3a7b

SHA256
f4a93cf3834c5f3bbbab2ba619425fb1415050a847f5bc12cd6b0bab5e68074e

SHA512
fa037f9ac77644d641bb6cd1b18722be3cd7d039738f8770d6a09cf7e5829b1602a772ab643ce8cd683a0d11e62c5ccabbd555fff25f77c39034793510543ed9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ca4542cb929438880525a565abc531da

SHA1
0866e8137b0d69762076296f602822c2a9d809a7

SHA256
a8cd0dd23e4b999e524c9d93e990c20f535c3889d69d0484ce0745a1dc5a8a88

SHA512
2bc6691e74079d10d194df1bcb160801fe4939e6f0ca8bcf0d033ce7adb38220c208d6e81af24ed79f4827bb8053c239b34eb1565814b082f920e123107304c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c37a7e79edbc69f165e37f073ed5330e

SHA1
8c507b36cea38c488507cc8fc15e3a17a3d10efc

SHA256
7ed9d2d95c95c6a449ea835fa560487edf3a0723536c04a1d9dfcb146825c2d5

SHA512
b3d61e954dfa5001b2b5cc9a7cc146ccbb1a5cdb198797440b610d348865d706d2f2f0e8dc919bb70caedaea8fd9a794ebb665db8172b6d6a0e315f8613d7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
696ad1e0f4df506764f6e02d5221860f

SHA1
30bb23ca92820a93afda5f7b4b0871cb764f0978

SHA256
931b12d02557a1614bf15db1b42dee807e7fefc64866031ccc7abf3986feb0d5

SHA512
02b39882b6404d0e0a7421f4bbca76b2968c4180d4667f74ce7c9f111bbdb6668e91a8b7dd27f24a99acbda58026e39f611a754b3ccf392571bbfe23a735dfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
35e2c4a49ac24c5fb50e2979f2994884

SHA1
debed9491e53e6a364e12f417ebe06358dc10770

SHA256
220a287b2a9890cc817a8b783e917fdb7bbf4b5a249beed2122235c904f33cad

SHA512
a30b52e9e507924c762fe02ec1fc100d71cda6e92729d21e16610463903df377c5c0dc91fed606887fc100529e3f4e2cfa7c5bbe76af3c5ccfefd03dfc091a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
260bad30fd28f9123938102f0318dd4c

SHA1
66ff6bd61f9585dc643f5ac49d4c060f086d2b74

SHA256
5ccb129d8665d4e2ab0eb82530fd2996e6a3544e2e6d466aafb7380eebaa7c9a

SHA512
4665e5d2852ac87c6d34b02259a983977451826c9cd9e6c9f68eeb939943d9422e2b0a49c92cc8a6578150069a44ebf313254eb0fe45c0d94be2d669553e7bb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7e8d2806f4b0be537b1441bd25895508

SHA1
30e6680ad607501bdfd00084e915b774185c2850

SHA256
45ee2deb10db754c52113dabbd40b3a72c8006a12c3ee262dbbda1eb71632e84

SHA512
ab89b772c7aee5b1791e9960a1c34575223cddc77025f83e560c9817b593abdfbe07d613c4cb01f1c2e423d5b72560201ea85fef9ccf78588ce6c4585d03c474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8418350d42a2ca127e1a54010074f0a6

SHA1
fcc36d7e9388b9412f701db7ef2e746261a08656

SHA256
3bbbb1e3c773813d570ba99d69a6db28a1057375e6433e63fb1d845032b100d5

SHA512
ad912a910f3009a2511a8a51aa256aedfcf67b90af855d58eee82413a04eab55af0ea2be24f25cc3a545f2e3f5156587494cb1187b27d0043972900fac2164d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52a0da529328b175b575919f44506a11

SHA1
f8cd4d0c8296b552151cbb1124e2d8113d6710d6

SHA256
2230a03a411e78e4802763173c3260668ecd39aa203600599a435e197266fda6

SHA512
d0ba42c31b6f78853ab9b4a7600548349c6429395078ca27da86e42e28e99ddc3519076e0f57e95767cc042b174309c776057ed94796caa449796e1e1febf9b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
071b5da9d79c4e5ed492aed64ce26370

SHA1
a1def16da7efcda3e587be0d5d9c619ed6be7202

SHA256
9d23f32212384cf25cbdaf48407acc32f7933ed2028cea96880407c7e75054e4

SHA512
0a66ef8e80a6b7fee01b77de938dc07c31303a6f123e480fa53e47818cbca0c576e58e2ace60d4535adae4b6912ffcc0734e4eb079391f1a59104a6a4b70f89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
5b10b290dc0877a530f35c451a828185

SHA1
4f85be040e3c65c7692983887826f3b065c94469

SHA256
5934797661ea42269dd5148a1365c2c4be8716005e98c8ecf1b5304f0d3c9959

SHA512
87227aaf4fe1609f886737f4c94745b22a2c93d0d980eb181c20b346eecef3e7e849bac294bcd511beb37249f1d4c744eb5d0926a5c38698f7c74a05298654ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
401e538985ccaebbc5720d409faacd8d

SHA1
72993f6c42dedd5124945fc69efea010515254d1

SHA256
16d84d17ebcd195930fe21785960bf82a2217b50d078b269e2e5f3fe979eefdc

SHA512
3586d0ca1e1ef4047e0d4d8a092562ca9e5cb4f51bac984943cfbda2df3f82d71a7015c07af4d48a061dfb24419f88d4174c04bdb7de484dcf071612c4537e98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f7f418dae3d53bb1ca27014744ec42ca

SHA1
31656faf5807c38edadb3df62de0ad19454e2d9c

SHA256
b3225a606af87b0a8746a2923f9a7f990b13c9560e0df4f125aa6f938b9bf7c8

SHA512
14629677bfdae6886df791864f7111bdc14c27822bf3c5ba70384a7fb85f0acdeec7d8b4229ba9b10ac52027f60152ce2fa684889b7af9eb7fd709e5bbe34051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
225564eadb71ff69a5691fc0cbbb5e00

SHA1
0529120b4194f4f5db63d19d5d4c938483a94fcb

SHA256
74951d6cfe696152c9c3fb2e091ab471ea8ebb9d1339e034b976b6e08dc1a674

SHA512
b298d7bb81239569304f8615905209b73bd62931c3c396beb5a16ccfdbfae2e06796793933a39ddfc94e2b8d3b23ce502a2df29849018be10ef6f9bb6a11dea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0673cb7d5c80733a4f9b9c1ed9d8dbe

SHA1
c992c967dbebf0edec2c47fc03e9dd86d69f36ab

SHA256
f263bb2937317bb3d4fe2d826a906a6e9bdd0e436711e95eab1795d6720dbbca

SHA512
f4620938573bfe9f612239cd0d6352dd2421572bb0be6b508840e1de27f81cbbdd9c658fff23deb305d9049fd0f4a7edbf1b8077c8eadb547b9588c12968c422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
da937840d26adc0942bb91385ba274e4

SHA1
a8164ac58c8f8327c917bc73d0500e54554b2d8e

SHA256
f1e7103c2dfff44d42ff9eba40d6b4300b7123c9c98c721345fed5cb00641188

SHA512
7ef3c57526f171f4f4e9d3aded9643e7c6ed0dae3b05e09df1e8fbf03ddda7c135764312be12823886405a7e4644d133dc8365d49d29a166c8edd99cf1b8661a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f0e8.TMP

Filesize
3KB

MD5
35d4bd737f1112ee6e356462154b5fdf

SHA1
b9617697543e5ed77c5b4c83ac6b984c4e773091

SHA256
2930ba63a8ccfbbca47abab1613139077ea2298a2319f0e5ebab799ac02b1e05

SHA512
9d76b6c391ae3959c1b15d55769440d593f5bf62e4fd4ad1b0891dae8c7fe71c08727145dfa06adfcb69a7cca375c5891f86204f63416bee4a99ea33d193d3da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
aa2c9ee3f50a79fbb6bba62040c8bb60

SHA1
32bffa6f4ab3b547f49283e93894feaea1fb9a01

SHA256
4096b3c6132e4b126ca08262f44d55c8f34dc513c57ff9f3503874c51291018f

SHA512
cabaf2a4be536e4a3c24ee02a8f27d1328868d7f22b49cec9fd098dbca082bc04fa33315e37718c3fe63807cd1b87b793e4640ecf17060cfae971fa355382edc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c5e958396fefaafa6f4d7377fd475bc6

SHA1
ca85bf02c4a7e7dbcbb1a6c915f575a765610c5d

SHA256
0a9ec02b0b0e376d7906702bd0b9ed0d3378af31b371588da701a8cc7091b9f3

SHA512
1d261b29e9ed4c2251bb24ae8a44ac1f175f9b3129dc78d28f6c96b2a2792cd6cf508e0995994b0748ff6d87fa33cc10cf3434c0f369c5ea700ddce09d5d8e00

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b748138d79758652783f26251ff4f89e

SHA1
5bd88a6a80f885bea7f3c87d502fa5a32282f015

SHA256
0a0fe4a18fd20d9872f03b52cdb6c71073af08af76e12b1ec593cb0941b269ca

SHA512
27f88c8c3912f5278d3c40681c0edae757b6761e25519e514fadb63932e230db237f2e36a338a2c4ed43f0416d9ec3b2cc5da3ac29c107e433653df5773e1271

Download Submit