hxxp://roblox[.]com

Analysis

max time kernel
86s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2023, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://roblox.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1873812795-1433807462-1429862679-1000\{3EB26358-9058-4D67-917B-62BFF67984FB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4460	msedge.exe
4460	msedge.exe
5000	msedge.exe
5000	msedge.exe
1064	identity_helper.exe
1064	identity_helper.exe
1244	msedge.exe
1244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4064	5000	msedge.exe	83
PID 5000 wrote to memory of 4064	5000	msedge.exe	83
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4492	5000	msedge.exe	85
PID 5000 wrote to memory of 4460	5000	msedge.exe	87
PID 5000 wrote to memory of 4460	5000	msedge.exe	87
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86
PID 5000 wrote to memory of 4876	5000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://roblox.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec37146f8,0x7ffec3714708,0x7ffec3714718
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5784 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
  2⤵
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1284 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:1508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,465952994832604008,5235115600784379058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dded92ec95cf9f22410bdeac841a00d

SHA1
83c32c23d53c59d654868f0b2a5c6be0a46249c2

SHA256
1840d5c60c79874359414677662439087173c575d814c07ebe661ae1cebb639e

SHA512
e13df653c0364be2b61619fe3d46799e10a565b41f33d3ce15e50397f8f9aa328e8c821212efe10cfe3b8283c1e8c7e9eb15f9674fc456837d6ee8c38bc8b0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f6232a0fa0872ce66f808fbf0833eb49

SHA1
276866c4b27f396cd1312200669d59701d10fd2a

SHA256
75d3a52869f1d39161d6e7e640830074e00bbb25f0c559eca342dad0ac2f0c4d

SHA512
6d78ad754f8629c67a9786362176613d0242913f95140bf6863bfaf97898a1718df37b8bd1fea74bcf3db3d4c891ee71c0dbae083ce852b84d3509987444d3ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3660173e38e176c17e549a933c0d5228

SHA1
e1df5eb41de8f46d0e9af759dd3cc518d7ddc8c9

SHA256
b20579e5a13f3e94016ef1247cd4f07994c69b94a457b2bf336398dfe2de8714

SHA512
82cd7176187be9e4d3d5b29bd760b5ac3b7e7a5b037e778e62165fdf29ddd0f4a57f25554875a4c09bdf2df484465cb30c7a38ef4717e5fb42e99783fd7e877a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.xvideos.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0003c949fb7addcaa3b5fcd2f312ce40

SHA1
0daa4b7de5df258e28db379ba0493d62a24c8467

SHA256
798fb72b0458eafc41e2fd0ee4be4a70aee61e08aa2db370f8a6e6fd4adf735b

SHA512
18d9878e576d4717058dae8ed708a38e128abd677b8c3eeff24f995d7049a8f1818a64fba339808372a63ebd28c32578c3fe222c7a03a26879fbe6b782189e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb4f8d840f347ddee42f238191d51436

SHA1
d644e032aee6128f925ac2d900ef3b29a1b0d3c9

SHA256
1ac61197b10b5f3804fecc32360ca535bf6b7f14e2bb3a4a075cf12f7c42e87f

SHA512
54bd2fbe30f0a91f8736bc71205fe8555cf4b039ffcb74d298f2239deb5fb0ba168e1bdf68a97eaa948aa2b24eda7cf1cc4560d67002ab1484fb76008959768c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1b93200f091b1182b58317875f9b89e

SHA1
422d7448c1e239cb2353dfc07c248955435a8a27

SHA256
4864285de1baebe1cfb80f4de243040469420d77b5623f5a41b4b24aeb0494e4

SHA512
226136f3278e8daabf35496f42bf72ac63158e88a515dafece124154bf374f4882019d5f90109c55067a0e01b772de66d35ff480fc57d84217f339660d174b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
deb38179624ea897fbc06fc5b42e1437

SHA1
34088a2aad86f9c46e215d7999e7e10b9a6cdf28

SHA256
5859cfc0d66c730cefec24b25199ae7cf67244959805331210fe22c10525dfaa

SHA512
f760cc058dcedba51d41f511c43f0769fc29575b2b1c036eaa2a020808da405d6b11de604010cd10631fa4a95825a09f96556c38b96db41d3175f7ab19b526be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c54159a1eba71d4bd82c3a899ba4ab19

SHA1
d81b1d25ba72e1e247233e221ae14de2e1e9cedb

SHA256
d462a8b1a8c73a577e3ac479e3c5b034ed0651fc50ad384dba8611ddff6eb0ff

SHA512
b4fb92a87df869ac8bb44d3f236b7060a38ce600a606000baa98fd00e990b521980b20d0fc9bf426b0aa92397ec60620fce12ae6a94f14d309e2931f83977d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adbbba29e8088435ffb32680d28f5c36

SHA1
2750d6c6d4ead19f2d6a00a5d3f4947211cb1301

SHA256
bfc9ed9a60663391fbd096dd809dc99a917ce12ded148747d95e07b00002f53d

SHA512
f55e1d03c01a793ff326852a4bcc84378d312e0b32df1dc32e3927eb95d74abb34eeac81ecbd0e415ddb26c587583b6e569535d33304f0848198c3bebef70952

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cb67002f527bbe2ac35db5d72da15b79

SHA1
42592f1def11e6ae1c70b79ef25864d44659c2a4

SHA256
a7b41e734ae4e826344cd83c13f9410c9fbbdee6658af7c658d3a721a66295dc

SHA512
e1732786933f89af85c96e1398e07c720fd5ff19fc3a7d82bda4d042584e34a9f65684052185152b594e3fa2987d7038a3f94ef471ddbc896dd5e9167ba3fb39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e05436aebb117e9919978ca32bbcefd9

SHA1
97b2af055317952ce42308ea69b82301320eb962

SHA256
cc9bd0953e70356e31a957ad9a9b1926f5e2a9f6a297cdef303ac693a2a86b7f

SHA512
11328e9514ffaa3c1eab84fae06595d75c8503bd5601adfd806182d46065752885a871b738439b356d1bb2c1ac71fc81e9d46bd2d0daa1b2ba0f40543bf952b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
a75a845fd006f5cbc344b73984cbf15a

SHA1
993e15faacd82c34c5997d5d6c6cf11b5bc4dc87

SHA256
24b674e77e6a7cdb113756b53d4d255f2289467d7b6a0b979f7bfff62fc4fa20

SHA512
5d02a38d2517b291c7b1511c6436e1c67842ed8e063f09a36357b435895228a0a32d13eb154a8d0ff077cfa0b2fa45ffed6750e4e0a447b86a81ca643e7520dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58b33e.TMP

Filesize
48B

MD5
a936fb0d8e0ff02d7ab43c9e589a2f10

SHA1
35610d1d0be2d0f48ff19f840aa35f081cd5d7e3

SHA256
581ffc1843fbcbcd13abfccabc11f6fab5570b308708b6064d3d18678f2feea9

SHA512
07eac0ba1e8381d23ed535614066e6b0621b189b1b8006a06f6f7403767d872479e2c0b507840b4f38b27607d9098d3f27ccfd120470ce5164d7fdab1769a9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
63a76eb39aa926b5381b088e2fc84e23

SHA1
d6d2da36031eb73e784e9182b697fb907607fddb

SHA256
03f56301990ad592a16cd821d7ee9f314b70c9989d2831c4688bcef45007af93

SHA512
e198de95d1415475240b14e265365452372ad79cdd80609f19605867c00159893be96e7f1c931a855f3f5ab0f311a2a19f09fc0abb25d84babf8be93916dd536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e355444158c8f231aa08a2587db673d4

SHA1
096a2eb6ba26b32e86b0de32305cb186f2e179bd

SHA256
f334607aba62e444832b2abdfbd8df65174f15773a59914215ae05deb82b86ea

SHA512
5e51039ab8d8f06625dca31f6ae764569332bb00068b0a27d2785cded8cc93bccda70ae04117b49e9f57a8cb4d026218cd615554a77adb25f529be31e040abd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b108a5dc9551ef002dd45621cb1d7bec

SHA1
f62bcdf4361526a8f8eb16633902f5da5c2b5b4d

SHA256
1b8be61a4748e53b20523a752d206daca5d3fe055d42501c5aa94603000ac1a0

SHA512
3ab2282c08bc1cf9ed18e7207d3fc645353e393de07d34f92770be4017a0524a007c820248a7e2731cafe4df7405d77976725b8ce0047e1598362290d0e5dc2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
84ec93719e79945916d8bc1df0ad85d3

SHA1
2b4accd29405a50f5aa2ed49c62bb94244f2aadd

SHA256
6db34005f1e21fe2567ee8f448d4b9c4ee5efd941251187f8c35410bc52862b6

SHA512
f02893258fbe84c77880cf36b5a05bb0bdba6bc19ac2a4c91ccbf1de8cc51bd132ac18c4ceb803d5405f130f213cfc77d3d85d451ad4c11eeb76f826425a7461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3a9.TMP

Filesize
1KB

MD5
a7be2e4af179d6d4847a6f9b4eff78b8

SHA1
82de10ce937f9f165770a337f17b056992fbe15d

SHA256
d4461efc4c797e9d7c091f5ed5257b38043aa1c3ff536ad4ae021071d8453b20

SHA512
995208aed750bfc61179cd0b9276985611c6b099034da9c2f0e4b1e1249be098980c4626b723b2e3702515632fedfe49067e343089cc3d38775f310c2596d4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8396e49b16499efdf778f97f912839b9

SHA1
01ba06b51b8190f59e48a8dace620ee7e6bea989

SHA256
e06283d0473bcf5e574bb07ac398b8e4d0fcfe6a3572b1684e06f489a8ff2be8

SHA512
d91e0afaa2421189f1aba436c1a2a8fbf3a31e897ba48ed1e56eace7021407a7ed4224a35c2ceafa3f4293b38756eda2d13f2f83a4c893358dcca9dc9de746f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8d2ae97ed8d862e414b0e513bfbea215

SHA1
c75efb43b6a003dc7360fe5df4499ce66b02dbfb

SHA256
35a2cb317c912ada7b8f3200c18065f0f0bc493c02c60b1da53e4a5c626e87aa

SHA512
e21adc3170de7bcc260f3134f26b175f12167ff33bb064d24fa013b462e0066617119b893922d04731892f9007138597e0250c1d8690b381f77a7b9c98080044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
60bcd200022cb2925e9d9e4f9c9493bf

SHA1
c101d65df2867a1a57629b71a7d416a0a9e544a1

SHA256
6586694f660ba97ebb61daf999728da0337e86a7e13171f25d35b393aadfe36c

SHA512
23130cb2c9a45dde8939629c583b554f129694e1ab2cb238a2810738ef5d88ad623382f02be3ca0a96addbee4182e4f5d10ca078cee50c2e7be5871793f02a25

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
aded5902473c2e6ee4fed8b6b729f4bb

SHA1
5e621378d757341cb4e6cde62b4b19d82a35dfa0

SHA256
5026858b47234f87ee068fd9ecf5141044cc671a44cbaa1a5cb147c2423f2373

SHA512
24a9e73028a8d80a4df753285cf599a6b9b7843728eb94eb6387caa7b5cf79f10139793d140115e5ebf3de65d2c6c99a7b41bc24f1a61f87e18eb6100f96fc23

Download Submit