hxxps://ekr[.]chosunonline[.]com

Analysis

max time kernel
84s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20230915-ja
resource tags

arch:x64arch:x86image:win10v2004-20230915-jalocale:ja-jpos:windows10-2004-x64systemwindows
submitted
12-10-2023 06:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://ekr.chosunonline.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2890696111-2332180956-3312704074-1000\{7465F45E-A164-47C5-BC3B-6C7B0E2B9122}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3492	msedge.exe
3492	msedge.exe
4132	msedge.exe
4132	msedge.exe
5460	identity_helper.exe
5460	identity_helper.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe
4132	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4132 wrote to memory of 4348	4132	msedge.exe	83
PID 4132 wrote to memory of 4348	4132	msedge.exe	83
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 900	4132	msedge.exe	85
PID 4132 wrote to memory of 3492	4132	msedge.exe	86
PID 4132 wrote to memory of 3492	4132	msedge.exe	86
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88
PID 4132 wrote to memory of 1720	4132	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://ekr.chosunonline.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd01f346f8,0x7ffd01f34708,0x7ffd01f34718
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7468 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=7204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7840 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=video_capture --mojo-platform-channel-handle=7396 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --service-sandbox-type=audio --mojo-platform-channel-handle=7300 /prefetch:8
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7544 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7752 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3948 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:5124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7832 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7364 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,8830783782016256015,6687118415098064492,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3128

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d5af55f794f9a10c5943d2f80dde5c5

SHA1
5252adf87d6bd769f2c39b9e8eba77b087a0160d

SHA256
43e50edafcaaeae9fcd4dce5b99bf14fe79dae1401019443f31aa9ff81347764

SHA512
2e2e09a00db732ff934da1e6ab8617fb3c8de482f9667a2c987435d0a5d67550b4bfd66e8b4475012b60908c24e39dff58e2f2ffa55f13ffc55caae1be630c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
28KB

MD5
dd18a6c34cf18a2cd2f03b17115c7697

SHA1
ca2dc4f047a4b185aa78325e9ad23c262285597a

SHA256
6e25eac7632187ee59fc92ac62295425fe75de7d3e4a0d20ea7414ce9385a42e

SHA512
63f198803420f8301879cb42d43672aa8c5c05513401d388fbb1e823b1f4ae14dd6d06c077b39395652068154c3abaf12cbb706575535c05ca050d5b96651024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
131KB

MD5
a07f8d6a5306e78cc334e17883121546

SHA1
ed22e71c37126d19e8c29d8e19018e857677a5ee

SHA256
563e1e0ec77fcfb1739c5bb7bfdaa7d235c311ad9361b4a099a70f6dce526872

SHA512
163e66596dac2772e51303abb39f43c9ad0f7d0047c56b5ad37c99c2582bd7d3035d57a29075bd17aec06813ca89e890da92a2eba0b94896ed049db5c7328e85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
187KB

MD5
1aa4bbea59f4d184f5ff2d9a332e7f8e

SHA1
886d283db5bddf40bbca284f30d094c43034f325

SHA256
120dce1e6d2f7ebc14935baeca5c7e5ada8bb74da9684b878aa8c61587de164a

SHA512
f68e6e6860b7696e64d83bfcbe0ad0030a79fb5ebee06abe4f7eb8814b05ae3f87812256517acc2455c463df7a3b5b773ab56c0c7419b8eb353903976836e561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
39KB

MD5
baf6644bb78fbec3968826567ccab5f9

SHA1
b6ede732bdea21c98c12714d2050f744ef73b510

SHA256
1f06d168f96f326ed58a27e5bbe1e4f27da793f036d57b968ebc788f7b73d418

SHA512
f9aa76fc61a91b30f4400f43a7cde159555b7e38e23c2da87539a7dbd81188a672791b6bb81129f919d7d416a3a4e067c7ed52455391670a95205f0e1e7502f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
30KB

MD5
9988ceccb1ea7ce468f8e39fe9a6f21b

SHA1
a79bcfe3bd8ff7c6ad616ad6f65d2ea0f12edfd8

SHA256
ead6c1b49c8e8f6f58c98378caaa33b552f3aa509b17dd6eac7230e08a9b842d

SHA512
79813908d584e79a1cecc90aaa5ad375915abb2aa31855ea0cf8373b025e63bf9d9359b599b09abb9ea92fe3c351af4eb84a3a5bc335d026cc05a7203ff8fab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
62KB

MD5
d59e811d0588d4e8b7a65db7565c37bb

SHA1
713ed24ddd29bfce8909de71dbf53f4faa328933

SHA256
6a01909650f5b249a0b25b7a83bd49d22ab30325f571cba2bd5fc878737eecac

SHA512
ce4c0b06e948eed46fada7c338cdc60ee09ae57f0447d8023b0d415cdf622f3698863280f59c9a4e80692e19f3fbf601b7735bacd60dce0f3badc7bc20e5d359

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
16KB

MD5
8bd370144a662cba8250a9fa527c9186

SHA1
aca47e71263f9f6bc44dfc6d43d7269b928ec3d7

SHA256
48c7ea856487debfce0c82870bf74018ae700831b43c497769115da18d025188

SHA512
19869380d7c32514955f008bde9c8aa7b507e0ec52527933370ca92c43f601e3ceb354d8eb25541e542741910434ee3ee57a4c5af0e77780e39a8547be16a140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9839cf7fe08c29b3_0

Filesize
269B

MD5
10553fa5eb055e74e29ea1a382865d60

SHA1
c81157ea2167f6a899df53bb626a3b0209c866c2

SHA256
68191a9bd9af2580bfe10ddc775b1ca57d05d9e5820094c0b7ba2380acf5e17b

SHA512
03fab0912dac2a370ddd303d564e8b449cbc9593cced7fa0c165c8da4a546e2adf38d0b4e6e8bc5f131aac8d976454b4473f8b70bf010720db2cb85d2a4c352a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\baff661f623a9886_0

Filesize
96KB

MD5
481cfeedb6a0db2c59ee2aeb561bb672

SHA1
0fd56a11691729df1a8a95f4a71fe421961b75e8

SHA256
f6f8f70a62377df1294715bf1363226290e86a2e63f6cdee3f7ffbb9a93f720c

SHA512
e2c63f3c66c17ea86e7121c3f60e2ca38564c39ada08b57235e10d8317305905e41d000c4a6410651711a0a02c3ca03b49e68c79fcc0749889ca427e894ba3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d4cbe50f7d134e5b_0

Filesize
237B

MD5
8a92dc92a43753db35552018e5ae670a

SHA1
aa961c7a96f9399c653d84f941ccc75a16623b39

SHA256
ebe510cbaa9154214a66c6062c76ba808d2ac414d7b1226f07b1944842dd2f81

SHA512
4b55607855dcfe752b7856573f3513c23b0a41b505644795587184bd0e0674029a7226a7e51efc3207419d88834c7d6ebcbd69cce2bc4147f82b45dd0108b5b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eadf0b7c8e424a03_0

Filesize
76KB

MD5
79a3b4220ae656a737d188f1cae6be97

SHA1
35d12b8ad869e8185ec630b191b2da784222ad2d

SHA256
b1fb9a6e9b99d0fc048a7371038617c8a569f3e78930755de5fcb073b6be2e01

SHA512
b4bd5b77ade62ce9cc801f17fa326745caadca3374e04fffb78b0b6fd8f82c3818b5cbbbf3f005dfbdff79cbdc279277f25ee39cde307608d015e3fcc30a6626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
a3f1150a845a2b6460039c613160cda3

SHA1
2337dc1c3ce2038f9bcf62764e91edf2f02ed89e

SHA256
a984ed69327f9305bf30cbc768bdaed082e8adddb10ed175c7fdb523633223c6

SHA512
2084cca245ece5db702202e1da32299223b15b5a7cbfc524968b9df26711d3ba8df1a86a4309797739c02d541c6321bceddba5925174cae6a367026e2cd0dc0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
61e8196124edf67649a01f53f8fe3f7b

SHA1
5afe42669e264239deafb6513ac3120846c2ca74

SHA256
ab8203351e98f1084e46df228ad40e51a194e473ceb08f514f31ab90833ebd01

SHA512
ce765ac179917db38b69706ac020eb53bbabf60246ffd8b48a166f1db1d7990aca484d9c7869b27c3435b04dec38796b789f733b049ba641242507313dfcfea6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
cc5a6511ccac3b4e71919cb862c52e37

SHA1
5733b67ed3d94239d5541562d9e7b6a7d7ce1d50

SHA256
c176546821ec57faaa17d4790bacce017e1ceb13e105851ef63f73a66b2ef323

SHA512
a424e6f7676a9b301a14794548f702904a968db9f4c7d624e1524cbe855d36d08681c6e273de53b994a49ed7642822105e05473d1f2707ba3dd06a634fe1da2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3d63832e05b09b974b0760fdc543a44d

SHA1
a836e728e628986aad35de229b2a79a09c41756f

SHA256
5d005b570a84c4564f303834a2b04b1b18a778e7ece4373ef2c7e9b695e8ee40

SHA512
dc4d5646ad97a060c5452088ed6056503074db4a92db3335aec89fdb63307fbaecd84219951c5fe088bdc109c4d370ab1cc66dd8d3e2ea527f8f5473947af546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b3317d4955a46a27824e3ec1f27324c8

SHA1
3260cc35c5598fdb78acafcf99ae9ba52983aeaf

SHA256
367ad6ef55baf93f88ebbef89a3942a9422d1fab7d22e1830e55bfa914e94e6a

SHA512
dcef900a6d8e2994e3d9c55d73200d666f30295b1c720b073fd447c5156f5ccdc252e653aa3a9bd7bf403a9b6b0414c436e5af1107764dcda44db9bd5a696467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
b817a5cefd8448ffcde5bef1b588d331

SHA1
2808a8c1f52f06c79794e5c2fe8d329312bd20b6

SHA256
cba1dea03626e91487515386b2063e7ac54c47e8977f5002fd917f8a57a899de

SHA512
fbf7edac057edda21eade306e8212c1fa50bbb88bb57f2f0bb9ec5d9e7170f12234cf8bf24c0760df420f4552485387ed8023fa5a8cadb45b083b01a137eddaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
ec6e5a48a57d26dc6bf1f054d2bc4fe7

SHA1
1a7292bda007963972f1ea1774f28980ee46be3f

SHA256
24426c2c092d8609782fd4d16c57bde9e4b32a9d4aaaaee69508b89c51d95613

SHA512
807f57b1abb84b194443c718dffbb01d41b327629eff87f4dffa7e5c2eabea110ab85c6243a3c7acd415de33888e2755455da291040fbcce80a9d70e867ae74f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2f2cf10b3b3b8b99c47cfa34f53375ff

SHA1
3256234dc05b6d775dc9f461e47ca2ac92a7fce3

SHA256
7cc31d0cfd2ff8299854b3b97966e2c1428b72e1a81760cca298664bd6dd3e76

SHA512
619843b0f3ed55acfabf304ba0a700a18e265976bb53a1766f899d23fbfb3d54bf2a1c6686edf1b74a7185c02d9a92b670882aeb88f8dfe1674c52616fea0cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
10f5b64000466c1e6da25fb5a0115924

SHA1
cb253bacf2b087c4040eb3c6a192924234f68639

SHA256
d818b1cebb2d1e2b269f2e41654702a0df261e63ba2a479f34b75563265ee46b

SHA512
8a8d230594d6fade63ecd63ba60985a7ccd1353de8d0a119543985bf182fdbb45f38ccc96441c24f0792ea1c449de69563c38348c2bedb2845522a2f83a149db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d432587f19e4990f09c9662c4c7e65ce

SHA1
3ad452ceb78ffdb20cfd3d5afc0601bc695ecd03

SHA256
acacce277790491881180fed4642c44b2d4483b2b957071d7b18ffd4ea702ec2

SHA512
95701d59c025121f83013a57becdae60486ff26173af1f4cbd58df4d62a975e0d7177f719b09e17196097e41834ac1c85ad1bfb628bbd0ecd60ccf9ea8fdb272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2ee558c964769241686644d80ebdec38

SHA1
bc3aa5d094dc60ecef5555a9124409937e07d06e

SHA256
26437461cbe6ef73fa774a6ff577ce665b6e0ba70664225fd68cd0e97cb36765

SHA512
ca0614b6c75b5076eb2918a87d2c15ff3a9e1d680668bf5c1b375352eabcc5642c60b6e2cba0b3a67bcdd35e4aa6e5973eaa5622f2b199673c6d5810ceba563f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3d6891b46de2975a430c9bb548b57b60

SHA1
d4c65f416318e61539a4c80bd81963fcf557bd9d

SHA256
1f1351810712452b93ba89621bbe762d942ee2e75cec7c409684c5daed276bbc

SHA512
ed3ab38f7de37b0944cfd845fa82fdb15dea6f5bed7f744e84a33396ebdfe28d698f1d223d03e88dd6605c2fc7fad19e7335c32f683c0a7c5a8ede440d826bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f979031b1eae43faf0ab9aa1fc5665c9

SHA1
0e80c7ad58de8749b004cd22734af2837527ae7a

SHA256
3d40071e8ff8eb9e21e1fdffa7b0324df83ebec29b89a3a15297c10b3cfe965a

SHA512
525d8f0cd22ce28b023ff56c71d92a625eb1fbbcbb82ed4e9d5acec0f5d114adc8b304968ad4eefcedb549414179107919797d4daf0170c16051a410ab70f7ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58172d.TMP

Filesize
2KB

MD5
e35741c64d7cc5487ae07495c12f6c2e

SHA1
f951625a75cf47616b52233567d721402788fe63

SHA256
e1dcd148d41157079f903aa6ee04a2c2f3b055f9a57f69c90f0925336fff598a

SHA512
a5432286cb343b42fbf4df93c38a7a0fbebe0fc8160bb557a05161c7c03fc84dc04f6737e9ad7e985f6e95ac8003b3bf36d097d503bfe258cbf958be99b5cf8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7baa06e0b8aeb74e6d7bec87f31e1f05

SHA1
815ec7f193eaa44b561a5c4bed62201b1c679636

SHA256
d9dd336655d1df4bb3519ef63914f99c7af5e11a32ec3f0b1032b3d0b32dae4b

SHA512
8d38054f5077f8ab475b2b585df8a48397a8e9fdf501bbbe14d5af3a21da9bdc200f7401dc69f52d2b59ddb136b6ad86830ebf71b6ec179934dad2987c6e386d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
486402b958db92a5e0ed1d4651e9a5ac

SHA1
4b7ea321275f79dcee7d1f3994c2914d2d64e615

SHA256
3720a0aed5bbd63c21fcfe156ff00b017e315e8f406a516f00b44dfb9152a1d8

SHA512
b9cdf6d2a11486d3b4da157cc0d9b2853248359b096b6603e62a884bde7e80fb861665c93e510d762c4949bad8e3458d7abdb05b15ae0bfa20c9ccced52c6fd9

Download Submit