hxxp://google[.]com

Resubmissions

17-01-2025 09:49

250117-ltejws1qdv 3

17-01-2025 09:48

250117-ls436a1qct 4

17-01-2025 06:31

250117-hakp1svnfz 10

Analysis

max time kernel
281s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
1640	msedge.exe
1640	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
4544	identity_helper.exe
4544	identity_helper.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe
3216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe
956	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1836	956	msedge.exe	84
PID 956 wrote to memory of 1836	956	msedge.exe	84
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1412	956	msedge.exe	85
PID 956 wrote to memory of 1640	956	msedge.exe	86
PID 956 wrote to memory of 1640	956	msedge.exe	86
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87
PID 956 wrote to memory of 1648	956	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa57e046f8,0x7ffa57e04708,0x7ffa57e04718
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5316 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3556 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1184 /prefetch:1
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,3511300522078743366,1441333018488397719,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
28KB

MD5
8999bceec05fda992ab21d1dbcd02992

SHA1
475eb78ba3de380a607df58f54a8878326c2bd2f

SHA256
43c024d4e7850d6c3de15162bf0e39adf9c5a2eac2572fc6d49a006cf6d40cf3

SHA512
12642b1c70538a4a3497913a654b7cec2c9e7d38f51a1c875f538f9bb9b495ed27daa4a5ea206adc2e1486a92ed99cb9027705d05277c610ec6124a3630a6479

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
49KB

MD5
b7644a8533e0d3e1a90bf38cf5bf1725

SHA1
15bb3853c29fab193229f6be74774a118098f80d

SHA256
8cca48479bc91d350347030e9f4bef73b85a33fe983cc892fdf3540f1b59292b

SHA512
b08295a9675621bf1d4b91e6856d5f50d8098d6284c7bcc28e9f82f99429cf0b765d7fa9c8c2df675437859a9cc6064d2f5f2fa9c1e8287f3f7cf293be11acef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
43KB

MD5
30990bf6e26d55230611a587c1a238d2

SHA1
e32487fb4db83e058a368d3ea2795fb4ccf5e529

SHA256
8a6f9798437a0a8d7d77cd10600f7c8d941bbfa4288754ac8fc99325577f6636

SHA512
e0939ac341aee3a4eb47cb7c0c66bc6f17549ce48193cd091a81d817b9193b06cbac3f7a9ce498c391ca9b0c7ac34b8d0c4328505c9e6803a0d6895669d9c91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
48KB

MD5
bfd5bd155626e9eca5911b77204a93c4

SHA1
51b45dbfb06dd5684ef77bebb28dfde9c8470d0b

SHA256
1cf891fe4848089c5dc2e4051ebb244d8967bc109abdbb0798abda6a51791d84

SHA512
c054fd9435ae105292799c7b6f5bcc1f4ef9ee45f5fed3e1c5d9e93188e936e7b95d21af73a48ada6920b4fd8be7abf0c5269f2b60a687c1fb5141699d3da066

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
49KB

MD5
4d42a04db9d132793a31004d641d9d7e

SHA1
8df91a08eb4d8eb6a3eb4079b2b611411f3b27bd

SHA256
67ad497d5b6ef1c59e243fbd6ea09901bc94975459fb03e78123c98fbb3d048e

SHA512
ab918f87bf2ad5622e0d79249c13d0d1317458287a5ecb2ea3b04e4c3ead65b8417cbc1d7c067a7ee586974dc3a81be85182f1e471d8e6ca580a5e06611ac52a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
85KB

MD5
803c1a3724ae71b01041c406c0429482

SHA1
e4e6b6cd43e675661349acbcb0358fc0d4b98e00

SHA256
0da8ca13048726f721e083e458e053d2197e2136bab0e3be66b5cedd9b70e792

SHA512
cb4f23b1407b6fcd6c1ab7b121ce152b21337dcf8f9b09cbc44e0263673a5897251341e7f836b8ed22b833fd815e481f0e856b1964d536cd16bb2d93dd9dca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
90KB

MD5
62fa2f9bced5b77d4e05cf848c14d874

SHA1
e71646a445b11fd6ae58200af465f39029fdc664

SHA256
a6cf7f29df5854ef4fc69260ef74a0b7ec4a3527e3263272c0d5ce9ca5f1218a

SHA512
5f32bbbb89bd3aa0394bdaf0296882652742593e2df81e634f7b6702b5d45c25aa47da0adda2d46f9d4da016323119c588f7a8630c051a9f1059909b9c2e9921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
86KB

MD5
721a6517c748364f55480a3fa896c597

SHA1
319e9c1e8b6e9a310ab25266a4d05c3c212bcd57

SHA256
32af198dae805556c3b74bd99133f6acfa1311eadf6ef25bb3cda0a7dbfd7c56

SHA512
efaa8fa9e8a92d6a13a959e2c5d70eb771b845f972d3229368a8a36dc75c6e0d0215d74283982747e679bca909462341875813128e06aaee912956b6568e60e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
187KB

MD5
2249f310f5300a64e4e6a0c4fc6d52ba

SHA1
7e36df2c3658ac977d15c0576b74739ce8e560e9

SHA256
ea104d3b8cd7d38e8c46b81430bcf3ea305f10652ccd1cece83607cd312bb2a7

SHA512
f14332536149e3b0f1bbcf11d63db2a40f7e88b6070367193f41574b860a629b013447c8178532a18fa0c93dcb98eb74c12bead6c04c95d39f831659dec2b4cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
81KB

MD5
44368bbfbf4f84b2bd178f913d705b62

SHA1
f50364d1e783e5475a4e24dff126058a2b6c0721

SHA256
d6c20cb408c68dbd394e53733c87c64e4fd9ad0ee44ec901f1e0a33e607f9fb6

SHA512
81944da6b143a49cd2255a25fbd2ff1152138907f13c349c8e90ffdec2e3fd4945391f61230d163852b0f744c59c643e7df93abcb2ab9225697c6d2a859aaec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
52KB

MD5
a17aa690de54791ba65b54430aa77758

SHA1
e05a12e8d65b57c4f5b851b6215d0ccf5eb71970

SHA256
4f5b7210cc9abcf6431d7b1d4ca53c886a58fe3b2312eccb8d4be93be6f05da6

SHA512
9e124ef727629fe7e93c7b4e9f3c4e122705d2bf30b3fb971bab98e1a636c407a8952573a67d342548f37d98f3204296a014c6092d60def68fa088cfc99d3efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
cce3758ad0e38d1cf9da5308fe207ce0

SHA1
843fffa2bf349cea5b5e9d95fe4557137bb9fdd9

SHA256
2fe37f1b63a403c22e8146f5396c7e191ef437d89d9d9d7d6bd112b3743b0509

SHA512
b4485583253f8bef2d31d192af473390d06cf0c35097be7e1f5a94e93c3f6e6a6810ca396d5d05e28bfd99cd8fb2b6cf29a6bcf2c062633aad08a91c1aa92df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8074d3a5d86f16ecc40aae5c2642249a

SHA1
27358c6e7d0abb7d549291fa968e7e3d77003dd2

SHA256
21af00eaf51484b5c169b7e4252c7cfce533b34d1770e7ecfe7810636e23d6a0

SHA512
421b703e0bef94425641fee093b247cc47d22dc5227ed07379ad00d99c3e5033f3db103e8daa0388387b7211d66dac6303387cd87e4d625ab5db8b3bca4f4ccf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
966b4fd275fb4debf3f7313dcd2cf227

SHA1
7d13f2f6e8af2eda3c37e9949a4820841ef0d801

SHA256
78524a9e5a67714f2376bad74bd9d3b45de85e0df1a9ec8aae5dc83451c11c1b

SHA512
e1119fb870b0d6530b6678f10fd69a28ea5a63daf18167c72c7bafd37253d30835af60b8e89f0ee01b68d9b4631443c4357e10eceeeef340971a6ae169585276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ded35be41bc5e09280637fcf3331eb19

SHA1
c359cde319a94963f0cd6f716ce63dcfb589143c

SHA256
a2f21ebb92b60b7f66ccb19ba99c2a2e91bd6a8e929a1a8ef406a753b8950041

SHA512
9ee0257b65a0bfa59bd278aea68f3b87c8c8c649dd3038fba05b083dd31d3b31554e2e95ed8a294a204b5d14ca5251a677530d467e2e917038c78ee5d233c695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
87e154aa6c3e1aa03f0a0e0e158b7a71

SHA1
254025c4712a938bd7e8eae7accce7cb89c6ccb6

SHA256
f978297443ec6f482555c92953918bc95b361926f8edc55b7844d03168fcb970

SHA512
e650b219e1e2ab105be2ab1aa7359e89d0f609bf9b52fb6c60e26a7b156fbd4b9e74694d005701664c7cccd1101c8002102defe6412d310f3740f57185e25cf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e4f016e1baf658568d83c0ddb9ae22d2

SHA1
4b426cf974ec1dc579d0f9fc2fd123bbea051f4c

SHA256
00f22bf577b0976264538c973049c14ad2cb6b25b0cf5d0ca090055c6573be8e

SHA512
57623ef2ea8a5e4685271c52e7a5b7190cad377090b8e376d0b26f1d83b21cace51aa7ee8bc0467d8e15211238bcccb593e5451757f6756cb605ede494d81237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b730322cced18af07ae54458e6e3ca37

SHA1
c3a0a8ac3452fb5801cce53e26b50731322e24df

SHA256
dfbae77c6117f232925e3ba1d400a26d9c66213d2ca4bb3d3095a16ca13e7db4

SHA512
a999c4daff6ee93506c8d998dbc4ef7705f48a49ad7d8021b1be024b353e57c1c3638f3413548332054968955830e628aa96dde6e10157c9de3517ee4ba7b757

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c74ea847b29b22e6350c79980423eced

SHA1
97ca857cfe506e3aa87f4bf3febd69dcfcc417e4

SHA256
04440614f4ce5b8fb9790d33565db510e854d31644d487501de7b1de8721f296

SHA512
c805001891ec4eb2c3d00d35c3a41f9be1f09cd6fef5d49cae5a8ed7ad7c23ff171bc9ec09806357ebe1634faee0fa0407cbe9fda11ae13b8fbba4ca9ef3985b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58555e.TMP

Filesize
1KB

MD5
951e7e2fbaa76711850b2ca75bf758dd

SHA1
50a79d185d1b26a8202bfd6cbccca4bb7ab3e97b

SHA256
caca4fb10784455ecb6b2f6268c223e20e084c20c8e498707855b72f00ea8e5a

SHA512
e51cfed3ddcdc269b070cf0f2e3d0e958846b2676440f05b4db69e20f54dc9230ad09a1b672b5bfd5967a921071525120328d64946edfaca4643d1c84e36dc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8935371d205a42ebb25bd304308bd4f

SHA1
c11ab747ffc79828b5e49a887a6ffa6063d14f13

SHA256
855f9bf4e6dd5796df611a46295f7ad1801e3e6452c998dff12afad5500deb8c

SHA512
dd5a428021701466527d4720b4b49507e4c15655c4b71df62d3c787549817144d003ab8df9827e7d05ecb5a68d72dd98d096d42f27f333ea39deb08a369af5fe

Download Submit