hxxp://eastafricaluxurytravel[.]com/HVVBHJD79WEOHIWDKNK/000000000000000000000000000000000000000HGFT78UIJHTY6789IOKJNBHGYTF678UIJKHGTFY5R6789UIOJKJNBHGFTYRT6Y7UIJKGUYYGIH98765RTFGHVJKIO98765RTFGHVBJKIJO98765RTFGHVBNJKUI87Y/linkedin[.]com[//]amF2aWVyLmRlbHBvem9AYmFuY29tZWRpb2xhbnVtLmVz

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-01-2025 15:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://eastafricaluxurytravel.com/HVVBHJD79WEOHIWDKNK/000000000000000000000000000000000000000HGFT78UIJHTY6789IOKJNBHGYTF678UIJKHGTFY5R6789UIOJKJNBHGFTYRT6Y7UIJKGUYYGIH98765RTFGHVJKIO98765RTFGHVBJKIJO98765RTFGHVBNJKUI87Y/linkedin.com//amF2aWVyLmRlbHBvem9AYmFuY29tZWRpb2xhbnVtLmVz

Score

10^/10

microsoft discovery phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook
A potential corporate email address has been identified in the URL: [email protected]
phishing
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
2248	msedge.exe
2248	msedge.exe
2432	identity_helper.exe
2432	identity_helper.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe
1012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 4280	2248	msedge.exe	84
PID 2248 wrote to memory of 4280	2248	msedge.exe	84
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 2976	2248	msedge.exe	85
PID 2248 wrote to memory of 4520	2248	msedge.exe	86
PID 2248 wrote to memory of 4520	2248	msedge.exe	86
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87
PID 2248 wrote to memory of 1440	2248	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://eastafricaluxurytravel.com/HVVBHJD79WEOHIWDKNK/000000000000000000000000000000000000000HGFT78UIJHTY6789IOKJNBHGYTF678UIJKHGTFY5R6789UIOJKJNBHGFTYRT6Y7UIJKGUYYGIH98765RTFGHVJKIO98765RTFGHVBJKIJO98765RTFGHVBNJKUI87Y/linkedin.com//amF2aWVyLmRlbHBvem9AYmFuY29tZWRpb2xhbnVtLmVz
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ec546f8,0x7ffc3ec54708,0x7ffc3ec54718
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6272 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1696 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5324 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,1532786914279328702,5358242683980387403,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:3060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\192c3357-c5a2-4404-9a94-7a62a8e07513.tmp

Filesize
10KB

MD5
b6b7219905a3e14b92dac79ef31ba11a

SHA1
29331a31e2c72dd2832f440e587afac86266534e

SHA256
75bd13c6f481636206bc39ca49e4d19dc3219a3a9f546f76cc8930924fe9c4b7

SHA512
6cebdb7930c19191d2725b9e71953523a0969bac2fa5f754c7c6cd9504596be4a242da9b8a7f5627ac3f359901fcef402bb71ba3308a661b87c82caef742dc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
19KB

MD5
3ba4d76a17add0a6c34ee696f28c8541

SHA1
5e8a4b8334539a7eab798a7799f6e232016cb263

SHA256
17d6ff63dd857a72f37292b5906b40dc087ea27d7b1defcfa6dd1ba82aea0b59

SHA512
8da16a9759bb68a6b408f9f274b882abb3ee7ba19f888448e495b721094bdb2ce5664e9a26bae306a00491235eb94c143e53f618ccd6d50307c3c7f2ef1b4455

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
119KB

MD5
9cda699a84ca8729faf194b8efddf6c0

SHA1
804f83f5225243951178a1f785af2b897b87aca5

SHA256
a7c6a8173409765cfcaa6925cbf2ca7732ecc5b353fc8274746fa4bf4a1cabc4

SHA512
fa7a94976304c486a8a20c0672c8b4dee5532099434b475b36c230498db14de99596b54ae95a2c9d2601eabccdcdee4df5a1b21231f18e6ead9ad453120588eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
59KB

MD5
c1e82bf71add622ad0f3bf8572f634fc

SHA1
6ca863d4cab96669202548d301693b3f5f80b0d5

SHA256
ba48af15d297db450dc4870242482145addb2d18375a4871c490429e2dc5464a

SHA512
820a7f8a0c8ea33a8fe1e90cdc35f45dc1e143e836b0d8ea047e1e312f8caec72cdee4e7db54760a4d749cd0acfe103a27e39a9a56eb2d704e448a67b0d0c079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
113KB

MD5
7570eb58c2bce45b24ea431eb15d27b5

SHA1
0de0a6616e6bf7b045cfc456e4e3df6760617cfa

SHA256
5aee6747482dfc52a669caed6be1b9319536ac9514c2d7354b879f093abb212a

SHA512
696d4c3765da2936461d15c89a41f98eded30f202c422143d921d6096d7dd6456479f48b1065398323f7dfe60b5d3452b0c3c67dd01ee041e51cfbca9125d86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
34KB

MD5
171a4dd9400708b88724b57d62b24a6a

SHA1
9c6f1303b8f02fce18d20ec9cada11d38d0c4b37

SHA256
ea00750636c11dbd4fa3acb1b3cdcbae3efa43f6b6c3753444b6d6a242ae9336

SHA512
5b13b63912b34e3eeedd8da5953b869a83df82ffd2a8d737aa81dc984f1811800a534f340c48041da803c25b6b8f5605ea8d003b6a09a1874408f95a710f5126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
04cbd6c8298d5322f74e35c72083ae49

SHA1
18f523aa479374809c6ef0963768f824f31bdffa

SHA256
eeb2d7e95ecdfc1bae319efc8f82afd94eef85bb4a616e4b0cedcb817148d81f

SHA512
5f8a48b3a086c3a20057784cef09bdbd6626a731cef5e9c697f40fcd3d4670fb8a70b675d5e63e7e0165af306bd9c983334af538e78489ff51752db23b3fd9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7ec9d3974f393d6a5e402c1d19a429c0

SHA1
035a54749a65720cb5764b8b8f5e286ab5cc6a11

SHA256
524c7095dc6b78a71b15939fe84c8c394daec88366b66a8fe6672709872d1b5f

SHA512
975b21b6ac35ac38f42e1466446581f929c5c6df23fba4558ef3951513c228212ce1a9ef003150706036e948354692be6e3bdd0812347668416232102782a0ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b66c3dd0331e80ec09bbbcedfdad0200

SHA1
fa87010c86b4a5a8257dcf33fc73e901e6413c77

SHA256
f351d03aabf6cbe761b572680f680be4f29f452183a0a3f9df3594e0de263732

SHA512
6dce40032210ec7a7be336462f1070ea8a9523bd827282bd4df5e72ff8b5a9fb773044b55c1901cbe20e6549c5fc201fa3600d7323cb9a0c1bda0ccca7a14248

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0be4212c4a9bb05181f01262844a22dd

SHA1
2672235ee6948f81c0e95cbbb20c12e3ba902b26

SHA256
fb21a5043f69ed7b0d0dde6a3ed58a190805e6e7369e9bd4ea3cdab8c2ec969f

SHA512
f73e72b4181a25225ac761b50654886168335292ce24b20752b4c3b4f9065bf0f0c30d3256a7fa06e32245fa212574dd4a149c65d8882f940d854ee5f853bf03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
663da14a9611da5530f58c2af09a24f5

SHA1
d6a9145ff837b57fddbc4eb5249d11434eb34998

SHA256
63224a7202d46deb6d1aac17dd50f3a705f22c9590d351f2a2971e91a74aba46

SHA512
b4ef7515559a3a71cdfdf8e301db36da2c1815c59e28c639281ce2a402335dd3c7ced5594b2ce21fcca186bc0d355383029ed52187f502a7d10dffd733fa4ec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
608ff4ef235b8dfcc6fd92732d8dd873

SHA1
7d3ea096eb6aabac2609c75e3576bc567fc4fe47

SHA256
ef4fd980bf6f388f8c946655dddf49393759a19160a0c2e2b729966da3da70b4

SHA512
4ce72b488addfbe696f98d22e084bae22101d97269626eb06d27b67c645feb7808c635ff9f4849f65408111de4da71d2fba8fbf9652cf375050e836f3b60d2df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36804bfcc4906763e8368b6cec51564a

SHA1
cdf1110cd30ce9c939cc7547bec3c9646bdbf6d3

SHA256
c162cdbbaf88365492bdced8ac2a060d430b89b76b58a3c0dabb606c25f997bb

SHA512
654435cb21d1f8770f44d9cd40ab4c8ec5d1bfa9a1ec664c271e0e17a964e0afc52090624dd6414589b887f187ee4da0fdb32308c95c5bc4d7371859c373e257

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
99cde18e58567f5022e37be2048bf605

SHA1
4d1e45eb4b4a38d2df937371428a912f7205b335

SHA256
e606226557ff327491a2c302aaca043cf17d4ad61ad24870416c1fbb68d05259

SHA512
47c5ba8801c4f1e44ac3b581676316f193478712a2879bdd981620a779814991b952aed33d8f08eb43e7b8fe92d6b6f03f9f25e42cf53c2dfcff5ddacd98f7cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
83a8616bf989aa3746bca6367c702f3d

SHA1
163b3641446501b271dec4d46ad890dea67975b3

SHA256
ad219ba36092a4a0c7d19afcfd22cb6568a30035132a1e3e64b5844990417f67

SHA512
2144f47b792fc0c2f355bac163cbe18cb52abb20af6739d27774b72575a219f29a8309c88002441d989ae3634addf4ddfbafde908bbeb3237e0643053b72176f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5c44098cc408779fc2773a19ba863e03

SHA1
81ce6ccee026930521e2fc8b151b8915641da1ee

SHA256
6acfd27aa3d505cbd472087aa21fce7e06df623a648671c017b1845251965b02

SHA512
96aff8a21f49bbf7b48fe18be7532ab30478329d7aa347c895dcc796211b4e1f3822adf3db2aed4b608a21ce0ad267ae87cac706a008f392dd328297ed5c8c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
01745e26e9991f0ab42e1868e6f30f18

SHA1
c8ffcef728c9c7b002c657c3bafe417634687720

SHA256
899d8bfb45472bbff2a1742fed6a390e99b18bc17a7371ce6aac5c9c06114166

SHA512
ff32a5e34d97491a63927c10e3061e3dc227c59116e6fe6d826aec4e794bab2e5adaebbbd07a83fd8bd0326bb7e6747790f0f01890ba2b216de5bc0d9e5f3511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
473a938afafc1a9a4816920be16ff529

SHA1
b37755cae8a86d4d69ef7b9e5d5f9596f0452572

SHA256
0fbd990c251ebb6ebba60d3966b618a743951373fffe0405f95306c7c45a96cb

SHA512
000dbb43675a33a1f1c8bf1401a62ee987622408d2cd387093711f2f74cc599f8d99ffd0c9ea27976df38dd8f3cd3014f61bda4ef6cfa131e9219538fcdf6ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
fdebeb042abac3f22bed5613c419e97b

SHA1
c1ab164feddb0c997bba1f123e76ff0ad23aa0a8

SHA256
efe9e47eb4bce7611896af2931ad5cf04a37d3b65c8699f2a5c15a5a62ce786f

SHA512
82869c3d0058615bf263bfc8d9bc3c43412d2a9b40ffbeb7485352b61db89e1b1ea469f831f24fd736088682f1afb6dac1d757567385db4dbf167dbe68f53409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
fd3a3297b98bdebeea3b6e42b9c6f587

SHA1
daa58475145d4cc8f05fe849966a73c2b7e41570

SHA256
25539825aba492654259ece622be124db33dd7d4c86caa3d0ce57e3066e1f667

SHA512
81a4ecf8c0113d1a863ba408bb5148e1c355c99624332a0aa81363116dc8ae8d64116fedf218af202cb0497fc37f0f31fcbfa2290d2785e5c2e696f0863bfca9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828a1.TMP

Filesize
706B

MD5
e47017e41a004ec0472c416f11cb6e2d

SHA1
d89b19cd7e8bac94c0ea962d1158eb08d4593555

SHA256
d4e8287570ddf0a6ae17f3eb9c7b59ce6a4a94c9103086af1da77f9156bacc1b

SHA512
cc655b0a45fee278aba38dba98f58c2038df3c4cc5e43a9454d0efa594f7fb0b29fd974c8483dabf1737a70003e435a5c371a688a8c494d89b348be7c19d147e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit