hxxps://tinyurl[.]com/jyybtw4u

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2025, 11:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/jyybtw4u

Score

10^/10

google discovery phishing

Malware Config

Signatures

Detected google phishing page 1 IoCs

phishing google

flow	pid	Process
117	4120	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
4220	msedge.exe
4220	msedge.exe
4820	identity_helper.exe
4820	identity_helper.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe
4220	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4152	4220	msedge.exe	86
PID 4220 wrote to memory of 4152	4220	msedge.exe	86
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4656	4220	msedge.exe	87
PID 4220 wrote to memory of 4120	4220	msedge.exe	88
PID 4220 wrote to memory of 4120	4220	msedge.exe	88
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89
PID 4220 wrote to memory of 3044	4220	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://tinyurl.com/jyybtw4u
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf9746f8,0x7ffeaf974708,0x7ffeaf974718
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Detected google phishing page
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6316 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14448090888706494338,12795342098138303762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab283f88362e9716dd5c324319272528

SHA1
84cebc7951a84d497b2c1017095c2c572e3648c4

SHA256
61e4aa4614e645255c6db977ea7da1c7997f9676d8b8c3aaab616710d9186ab2

SHA512
66dff3b6c654c91b05f92b7661985391f29763cf757cc4b869bce5d1047af9fb29bbe37c4097ddcfa021331c16dd7e96321d7c5236729be29f74853818ec1484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fffde59525dd5af902ac449748484b15

SHA1
243968c68b819f03d15b48fc92029bf11e21bedc

SHA256
26bc5e85dd325466a27394e860cac7bef264e287e5a75a20ea54eec96abd0762

SHA512
f246854e8ed0f88ca43f89cf497b90383e05ffa107496b4c346f070f6e9bbf1d9dc1bdcc28cad6b5c7810e3ba39f27d549061b3b413a7c0dd49faacae68cd645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
67KB

MD5
cc63ec5f8962041727f3a20d6a278329

SHA1
6cbeee84f8f648f6c2484e8934b189ba76eaeb81

SHA256
89a4d1b2e007ac49fc9677d797266268cd031f99aa0766ca2450bff84ac227d1

SHA512
107cf3499a6cf9cdcbfa3ef4c6b4f2cda2472be116f8efa51ff403c624e8001d254be52de7834b2a6ab9f4bcc1a3b19adc0bba8c496e505abbca371ef6c8f877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
cdd10c5b063efc839a2a69ce3d36c4ae

SHA1
74e244125f470f512ee79c9aaa7ca63c677a02db

SHA256
e507265dc210201dd14e8556f88d7118ea43baf8bf3b914f37b96d262cf2cf41

SHA512
8f698a674475321c27ad1fac5ba7d3765c7bd243436534c8531bc51f52671821458f076454070cb8fae74c1509428ae88091a092e71436deacca3969cc8a2fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b82aec11ea814e43c3512b7420e7191f

SHA1
640035d428cb9d2788d7c1ae7f48ef5562176acc

SHA256
e30f33980ce02e29d59217c2a7761d0da151c1892bd8b9654fcb2690a94296fd

SHA512
01e2f34a6bbff1d241333f651f11ced9bf4e6ea96514a620b95843526cbb595ff0a01e05fad93b1c50480de645158516ffc1e4198ad282a880cf0dbf7ca2ea8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e4e6cf00b028bfb3c98fc0c85257eeb8

SHA1
104323b07d4b463471f5a6efa238fc13826cfe9d

SHA256
70aa80916d284f28d26e0fb26cc6c3d44966eaea4cc3fc2e3777fbcad597993d

SHA512
72cefeb420935c8f432b79deb9ae70d5ed06d74adf6dd9301d58bfcd58aa5592752559ca2b6ddca878a87880e7e5c18945c3736084c425727eaa66f9519b55f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d1c2b07b91222c8205bc89bc450f4bbd

SHA1
ce00770cc0c8a6f7dca68b073edc0299ff66604f

SHA256
2753f55f1f79ada78bc941691499b650a927caa3b6f0f47715b5c8f763d6e0ba

SHA512
ea4751d1028314226b806aa0f4b38642b8100d7b2c8c565b03092c6781e4bf21e51059432914793c34ac099d8a7f996f1ec69ac8cd27e280e4f7e24cb5d10850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63b224fc622da292246ba2aec00412b6

SHA1
689f7d00977c93e3ce69db607a8bc718feb210c9

SHA256
808a65f90cd141c90f8fb4ced1c443c37c043c6d641a609fc117f558cd0be5af

SHA512
5decb83f52bc7ae43245fa5fb4615b74f791fc3dd053581fd7b158d239e49932f8c8c5264d3ae0451f49db13c799d46e4835fbdc42bcd3708bd806e9635affa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
919ca62a5e787f74b6b07919846a0f77

SHA1
9ae6a1fd4973bcb31bc95f0261e3d74f13d15944

SHA256
f7076e976d3f37e9f8c0b6618da6abc5f38e2ff5d059b98112a446ad4316f197

SHA512
5de1f67926e2f38ba2c008daf3ec92bbe330ddfc76cd533c2a5299f1fbd0d13a6d927ff74f8975c464770a0808c3fedf52f766e50701a6126ac9a176f62e89a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d19dffcec6dddf55edbcf45d2a8ec813

SHA1
eed48d03a1162de86638802a8666771dda8ff681

SHA256
60a97e1f9f0a97366ee4d13e514bb54986346242cbec30c7fde86039abaf9013

SHA512
8fc2e1a90e04142b3fa461894489e51f96dcd084fc873c0b03c2b7f2482e0358ba910030b9abc43b7ebb7f88d6bed51e81214e8b31490e6f67d214c1905e0b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
55bbee2d3cfff3a1d2d10ff741811ef0

SHA1
fa22ba6feeff2ef76508d99b999a2b5a81050d77

SHA256
6e1e799e12f82b19d915697d5558798073c51a4a3eeb390acf8c21c385501257

SHA512
04250abd8da748428567ae341310b1e5dfae3616ba0a38c64a3986336ecfbeb1d9fc12592c3a8d805eaa1dc4e01b5fe62294f277c5d3252199b2fbf1ded42866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4f5f09658769fe287804c8ff53bbb91

SHA1
e29aafcee9e32a68f541d41033cf34988d9be8ca

SHA256
3dbc2b5343d0e78b03e73c44375a7a446bac661a34eefd7255dcea0c005cb00c

SHA512
b88a4b1a26cdac31f81adbab2206c9af9198d368c49aa671b502585f7d2708341584230eec8a77ed01fc8cb98919f7ad19d399a3006ab27ba04db162913e821a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
fe21eb7ba045f1a2ac4461ba21f588e8

SHA1
208219553171b49d34c22b1aa97f83e597ea2c59

SHA256
f74700dee30bf575a2881ac9b9d69b408b2b3032ee0038b2fd817f361f4bb1ab

SHA512
22e030a32a3f10075d8d37e312d944f86da71b6b3eb0b9208db1ceb4c133ee7def824c39e3b749764532d6a7ca601d15fc424429d0433e646295653ab18ad878

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
36d73105de6e4bf89e2efaf6e7e0c55f

SHA1
a493228fbb4370fb8ce2692d2448b5d1887e3a61

SHA256
013437b5d6a4c48aafb85284ff15330a1655994c5459a81396b45ad916813db2

SHA512
282becd989106d54d1cef82fa113f969a578b0aaab7a37a96a276e0b7dc01563d63afffa7149f95d28c0d134631608b67f2efe2ab837e9df636eae1b4efd920b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
07c3f70cf61bdd4288757fc5d1fdb92a

SHA1
b94796ab4b1e15de916b281d544338e4849596d3

SHA256
358d3f8c9af78227d96301416766f5f6c76eb7b0bcce6ec9b00543d2e0909c9a

SHA512
dd13a3c258f7bc38a70e3b3650087d3409e432a878bed38595946ea1638032cb6caeabbdfe3b6c1cc3c38ed036cd99017f8930ba17f7ff7aa73c1fc017f3da48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5928eb.TMP

Filesize
203B

MD5
cdd539b81d3d92f1af6bcddcca379e2f

SHA1
63a2b207d8e0e795ffcbd0df8995c028ccda9023

SHA256
0daef86161a3b24165c2d882489ece68fefd6a002cd221b42901953ac2b0dbec

SHA512
7dd770d05ede6bd769047cd260dcf6fdeb87fac6810c16d55f78ed832b0f5d918c54651b7e3485698ff11c60cdab23e47c1aabec770d2154562cfa63da5620b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1fafd52dcc0423297dd5347b46f055e7

SHA1
99259b201ec84a91a16df70fa035bed974447cbb

SHA256
9355c65fb5ae2ede19e187b27e520bab6f5d3bec0049d34a7390fbb523064990

SHA512
4a0ad344ebe132056f451c3b45018a7f89477f633cae41a98cd54be38a76b7744ac5d481605006dd6ba0b261d251126e825674b2425bf9df87b22fd220ebbf61

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit