hxxps://champagne[.]pages[.]dev/online-streaming--dl/live-sports/

Analysis

max time kernel
788s
max time network
728s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2024 15:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://champagne.pages.dev/online-streaming--dl/live-sports/

Score

5^/10

paypal discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand PAYPAL.
phishing paypal
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	msedge.exe
4496	msedge.exe
4696	msedge.exe
4696	msedge.exe
400	identity_helper.exe
400	identity_helper.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4696 wrote to memory of 4672	4696	msedge.exe	83
PID 4696 wrote to memory of 4672	4696	msedge.exe	83
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 2860	4696	msedge.exe	84
PID 4696 wrote to memory of 4496	4696	msedge.exe	85
PID 4696 wrote to memory of 4496	4696	msedge.exe	85
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86
PID 4696 wrote to memory of 3060	4696	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://champagne.pages.dev/online-streaming--dl/live-sports/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae5c746f8,0x7ffae5c74708,0x7ffae5c74718
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,91003478498688379,12134485546682599695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
94742868839f769fc4069e679fd6aa2d

SHA1
c7886c093fa1f96c238c97aede90157f4ca9badf

SHA256
d833e6192c0fd485e3206cb0261468aef8b3c4bf47ba73dfcbaa7d8f1ff52d99

SHA512
b0c76b58b898b44759d230e4da0a40bcc2572f68201356ce1b1a2d1d97b45e4fa9c00480a4aa312dea1688e039a8834f547caed99e6089f0ca0edf19b8ca0aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
1d2cdd600db04363435a8c705258f0a4

SHA1
36f8f045625cf2cb5aa7f7a0b3e8013d568e37cf

SHA256
abd575a8d4518723fd31457a6d9c9a93d1f3740ad4d2e0256e6b75d2d27a7b7e

SHA512
bdd1e51ce44f4456bf34b3e488d42956f76e21e2930febaf59606165edbd8dbf9cb1fee2bb7be28422ea1a6da72744837d49bedf5618900fa316618a411fd3f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
e85a2851acf4d7743207249f13483e9d

SHA1
bfe861f6a99b00f1b904ba21949c4ff76806daef

SHA256
c15580b01844e35fd41c27852d88d3631074ec0493b0d8d7e5863640c96106d9

SHA512
3958b40ccf10118a8b6e8d9243ec5201fa8ccd18abb325574fb1eed662d76aee91b5e2174c62ed1ff38679aed15745199741370673400480003d8e83bd9aa546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9440bbd470fe28ef774c2da876fb4d12

SHA1
5e4724977f421097229a50a0afa9a0e3ed5464e2

SHA256
2b3faf5dcca652f8a82dbba76486f43da90cc82d1772b992256f9731bad8f92b

SHA512
56cc1a0e60c25489dc00f50b2a8c0a2df8da63adc02f6d9b3e75b126b0514027ce0a42461841dedd7c417110068149bf658936bf856148cc8831cef49787e649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9b47d7a88bbf1eb628d757dc61c128c4

SHA1
f9e6fad5c35d4ac1b6a711671f4f7f5d584fe508

SHA256
ed17857e9e4d728e7d399215154a997ab7adc77443680db3ecb65cbb3705528b

SHA512
858f2049ae8ddd7fbe49bf9514f87636e2ffa35f4c2d1a37c78e3a50bd0fa7621677ed7ffd15f01c0dc69f669a130e9ffa45350cd5a7a02ade25a49ca37b014d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c885a7a2df5478cfb19f7b7279832e97

SHA1
ff3b5f38c8383b76d11971c3937b310ef1b8c386

SHA256
9dd88fb16cb4f4f26e581eb50b3b60b1436b354d7448d7ccf8c6dbb425d5ce8d

SHA512
02541d355d9d09591adef52c485b71b052fd31415dadb5746b9478f09fa2703cbe2da68087421831d3b84e5aec6f17850b7a7c3d91191f6aa80a663d0e1a1e43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
85e0bc5df5e09006fed639fe70780eca

SHA1
cffb47df4025c35c186b248d313cdbc1456b5738

SHA256
c797f48fe21182cc4e70e2c0d177262cdef5b55d101c2c641118f42cdbf27d8b

SHA512
8e1ca7b3317ec0e4d1391d1139534fca5a4b1599536f1398acd54d425ae5d5f8d78bda3bc1cc4622b30c54666cfdaee49153ebdc1f839625da2c827843c28ecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6841f9bcc917a0630117dd9a0941446c

SHA1
919910c77ef1905164407d16f75ec8b1508e0d83

SHA256
0f052f41bb95fbea0952dc937147efdb6e275418d45856f41b7851e82872f5d6

SHA512
a5e48c30dace0de0dfc56630b520f691494f12ea89e3929c347d093b60d4114f60585a8d755b9c4357cd52c8cb4b4c31381a00ba698e6cf7c58f09dd20949898

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da250e95ebc56a234853febe89816f6f

SHA1
1c87989e98daa77bc0f5e3ebad25c6626fec772e

SHA256
5f705c37d884b31bf8a8c489e9a6f4e186a9d47a5a312427eaa9037c23f176dd

SHA512
c31eaf026bfb0fc2d04ec09407c10eea046d14db6d4e079eafca2880f72f4a24e6bfa356f53add20f3d4d48cdf319c7c618f486489a32559dc8c21cd9eacee31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1a616128878bfb78e1d92d2d369d9af9

SHA1
e47751f6bf00177b7c46f5b7cb62d4314270748b

SHA256
80bf876458ebf1aa266047967db1937b85b6b4e0038362e6464afd837f5cd1ca

SHA512
4fca02344a15ac24732be6fdf2c960e4c0d2d1c816def0ff3c611de6a5dda52b1e1cdd2c56a88f5372e31355218f38b50ff29419cece059c7aaaa9fca2a1e939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5ca850715546dc6ce0f5878f71d5349f

SHA1
dd83eab1652c47862b090456242ab883afc928a7

SHA256
95a1e0dce6d5d423a3121c491666b24eafb63af7d1fd48143250462d0fb2e019

SHA512
52aa9529832ee2c71ce734fdf1cbc57003581230e012a8e466581275f6a65fd4da1e7e9983d4772612b1d9d26fdf41886654acede192761e5a08d066a90a72a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a3bafe2e5aade2cc52a409dbc398b5f

SHA1
e38073a2606f3549cadb38d312089593940e6ba5

SHA256
ef6ef51f2f19b6f031741ac8b6e0f859a07d94a3b17d45a398c33b5c8e95939f

SHA512
c9156e9672f7babe51d24f47a3807f15b212e2ad059729c5bd3be9d8eb476ec7b86feac5ffeef74ab009733febe209d2854cf4304f21f600de81689142271cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0db46bc66c44c6de7e46d506fb40807e

SHA1
14fcda3ab1ce4e82cfae3ce9a1409bb3ea937e82

SHA256
62939be481e88a32a86fbd62f3ad0787592f655eb90a9807139667531201f07c

SHA512
f242a09dfc3dab2f00ddd189c47a17db3081eb9f225fa805c2c8ef0166010f56741efb6584f6ce66789f9991abd56c889ae8d81b4ea450d8202d1aa02f5e1ab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5951ef.TMP

Filesize
368B

MD5
c8aea97b60724a405a6ccf0baef0be13

SHA1
fdb20b5caf74b03a2cd28486d65d8320e51cfd89

SHA256
7fdd6aaae78fac99c34ce5bbd91fbe886b6399770291d6ab0d97188e59b996ac

SHA512
d18c3c3c269ce1f64009bd6b6bebccdf42212bb08ae655555b7e52a6d6800e8185a4c49e01eb994ed0c01ae4b2c4ccda088ae4c91aa79f0e2f738b3e9379ed7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
59b6194f2fdbe15b46a719f0975d01ee

SHA1
cf55ff6fe6b89671ca6a3c63872c07fbb7a718d5

SHA256
af5e011ac032dc3a1548087d01c9f7abfd0fd9fd27e3d7f39be2d98d349d7309

SHA512
4425cae3f8422444e6d0d5a4b74346b34b390115912692471601d313025a14b8c6f26064372c7654cd4c3810c9c0f24e75737c3097e3be9dd676a7ddf0e17fbe

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
fdbb11cfe6148d1a51c48ab5c6a8dc6f

SHA1
6315e23376a0e106229673c593c1aea9c53ee4c1

SHA256
401537eb7345de4a35dc730442da8d15bc2b6fa7d93b968292c32d87989a57b2

SHA512
813e0c882dfa50546231e6111a163f03c4d88ddbd27fe4fb05957e2063262059045087fd60e3e92500aab019655cb15434b2dbad78bc2abd4f0e74b3956e1ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6da783e1dd06dc1eb0b79a7073fc4de2

SHA1
3d92dcb4a98fec82b3759c4a9406ce76501dd7d6

SHA256
1675a20c4ef5ff89bc87f23fa9a487c29d0c07f9ceaf1af56911da02fc5c39ca

SHA512
667f8bd213a85e7ceb7e6c0d40c0a844ed8a673b8c61e73e7541ee870f1effc791218dd1e4769e8c154792ebd08469f5564c270728bff707ec2c8ed17b28d37c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
6bca00141fd7c0364bd79ddc49d2fc25

SHA1
1bdda19dd97f9f1dd2920779e301b0056f147ea0

SHA256
010aa3833cd8522c3d6739fab43290fd8ddf3810b3f6c137de5c88012a5a85fe

SHA512
7feb879868a0ae2b79e98ed35b397fe69adf561785be2cc0e1c46aa0f08de4ed04532bbd914dd127b5f72d9984fb17bbb353fb1a29ec65363a1d20ac1f89821c

Download Submit