hxxp://cmys[.]in/MGRxgRD2Qp

Resubmissions

30-12-2023 12:52

231230-p4frgsecd5 1

30-12-2023 12:42

231230-pxjjssahcm 1

Analysis

max time kernel
226s
max time network
232s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 12:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://cmys.in/MGRxgRD2Qp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{81EE4C80-C54D-4572-B4C8-B55B87AA24EE}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2032	msedge.exe
2032	msedge.exe
1400	msedge.exe
1400	msedge.exe
3672	identity_helper.exe
3672	identity_helper.exe
4292	msedge.exe
4292	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe
4380	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1400 wrote to memory of 1284	1400	msedge.exe	16
PID 1400 wrote to memory of 1284	1400	msedge.exe	16
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 4228	1400	msedge.exe	34
PID 1400 wrote to memory of 2032	1400	msedge.exe	30
PID 1400 wrote to memory of 2032	1400	msedge.exe	30
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31
PID 1400 wrote to memory of 4784	1400	msedge.exe	31

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb15fa46f8,0x7ffb15fa4708,0x7ffb15fa4718
1⤵
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cmys.in/MGRxgRD2Qp
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3980 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2772 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,15737301832529489655,14769523231638391333,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

C:\Windows\system32\backgroundTaskHost.exe
"C:\Windows\system32\backgroundTaskHost.exe" -ServerName:App.AppXmtcan0h2tfbfy7k9kn8hbxb6dmzz1zh0.mca
1⤵
PID:2044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\02d4f0b3-f1b5-45cf-b447-9b2b32f4a77f.tmp

Filesize
5KB

MD5
dd5f4e2e5f46f9a7f46ae310541a7d84

SHA1
bfadc1ad7614847bb6cc1609a855ce4e63a29a51

SHA256
18082269ce8d4516a9557e6f9576e6db776f976ef490bc4c0be5dfb5aaab0146

SHA512
a2a8f588f1189cee8266725520a152efad73f149a76c8e60d13020aa223a26c6959ec98dce34bf83bd35b96a7feb0e559de49303ca9d266f158c5b965755f2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
23KB

MD5
918e65b315d734e51f8cf25aa3a435ab

SHA1
c30f56d53120af56f2bd227fb1c36165af34b5ed

SHA256
07b1d34a14096c4a42f29f602c6a4d2b3703de803444a6be7d3d7cdfb117139f

SHA512
fb515a1bcaf8174e87ee9549c9d4ec2d2292595eae9e041002c4ac455dc8fd145cbbd78a8f54036f488d1db8ae91742320596811e134ac4b8a8fa79f50ac9096

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c6bbd2dbfb5ea50160e57ef7f13c86a4

SHA1
6b0024a9f877150db09239bb9c2d133478b6f033

SHA256
f4aeedb97c4b2d429a0ebb34afbbc4800e85570522c97494c0e27b3aeb33b022

SHA512
af9be7da8bb94b13993981014eca9fa7a7a1b75ae6895e3ac3df9b51a7b72ceb1f9f2d919f9151d955764590eb25e1c4764085877a11dead9585d9c73482a9b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d4c487fbe1d998040df8c1ac38d87b2c

SHA1
53846cb210fc3d43f2df3d64097c6918cb928c42

SHA256
36f745aa3da116a5fd5c5d509ffb98a65469c344b1f3919bd3c121e80a3c1781

SHA512
8db2d45fdcda62c49aa86a1ac16da8bfb9ff3b6758b0802d1155b00e88fcd19e87d8318523afae3b8735180eb76f42727227c12ce3631833b55f678ab912bbad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
abd7436f7fd1eb11830d9560b62fdac0

SHA1
4b12d03ea1b2b368ee795a6b5144085261dfd68e

SHA256
5a59a9bc70dd2316a8c8a0903e01c283cd7eb73e3cb580388ec01f08f2b86a65

SHA512
5c04d48e23db477102d555ac3f69f79dbf5330b4d09eada47fcecae6a38f11b6feb1f756161cf6611fb9b4dedb72e06106f870de7a518f4a16292a93ccbf9c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
60774e5abb846a9c27ea26f0fb534814

SHA1
ca09fdfd8e99dedb0cb72bd502f08d692d4a89c8

SHA256
8940c901636551e7e971532e953d21c0a04d1ef002608ef00bb90b0d8847fb30

SHA512
923daaf480427a7f9be375d29213fb2ac1e0fcb2aaca73e78216dba4d289a046977a7c66292ed6a07383021b5ee0462dd1538d3abebacb45036ecd4dadf1e4c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f8409c8ee3f22e2baa8730e682c3dad5

SHA1
57f35dbc592319c90a8e41e132ed5813c261a048

SHA256
3d143c155b2a12cfa96762242bf44c66389d0ed7e5ef62a74da48fc115c8b532

SHA512
4ad5868b1bbdf76c5bf79501a3e7bc9d39511646095cfb7a75893b1528b8057477f290e19475a49e57f69b7d4d211429d888de48e7d86ec01b3aec08f1a87f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
566B

MD5
63231c53b7fb510894b675562be6ef58

SHA1
ac6ac496083b14cbcec0379bee3d38ba6e9cbe60

SHA256
a4f3517d87aef4b6275e005b02a12006faae5cd24e6ef82b906bf4d90ecb0a87

SHA512
1f61c3867a7fa1215cd1840b0c20780f3904e4ac8ec301415ad347ca21e233d8510f584a2a235eb9f2a22734405a1c72c3ee62ad25be53cae30e79ba08d84983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4f85502e1c4690505cef78a36880b896

SHA1
27d97aee80ae996900773915944b3299e1da74b7

SHA256
7d84021956548bb835aa1df532ef3a9a45f91122cb973d2d170c6e30bde5e946

SHA512
c0880d80db74dcd61e5913b7d6386d8b4da3b0029ce1ed33ce15926f8d23542de6314e894d65b5a3db556744d9cb4d2340251c8108836c09b7f0cd88a3c630dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a737421a294850808c4728e0fdac6d5e

SHA1
20c2592c1d7111ab3c20f60bef43dbc53e9240df

SHA256
80e072d520f3f5cc385f70e3964aecd742cca338e82d7379c1b57ff0f2566ad3

SHA512
7e4ba9e7973c6d4d7185fb4c0539e3678b37e34646d0ae5357a35d5325ef144e543e9402a17749bcc55ca9a25c8dee5bd2195df21f3e486798869b11e0e0cd13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3696e7d5faff566b729dc3e31af03caa

SHA1
405af37ecaa7409a40f3ab76897ab55b9fba576b

SHA256
f4ca84e931c545bda8643c82ae14a351985a29798392a62b59bc8b405f3a1517

SHA512
afc711588e3e1b34b4b5049e8285b66f90e4741e2412eadc30772f7b8ea6850c5289b19f15999aa92efcd773b611c81dfa86fc3b6e64d2796b1c8b4597a7e011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
624d632f599e157f98765b69999ef9b5

SHA1
06c771e045fe8f62e7ec4ba723e9e55b43e2b1eb

SHA256
85cf5120b0bd813b9b07223280061eabf33f9b2ee55bd864247097b77183a522

SHA512
313fefd9b71dff5d8ec3c04e9402e972f22eedf65ae495f9b1adad7147c355dda701d5979e44ed8c24a77324994c1657e5ba96f37d32b044c9a83b31c1179c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5310603d52e94d62f3cea955b3b7b0a8

SHA1
53615c1552224f7bbc79d27443c53450a9ca3d3d

SHA256
12c5c900497befba389d07320ea818afd777f4278d7ee17d236eb529d1ec164e

SHA512
c51e34aec69c0496faabb534b421314c0c679f5600bc3ba6e413f994ca49a810ec47807923f0dcd9aa2994fd5e4bfc964cbaed65bea0ee28164f22b5453abe79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0821b0b68b9b22f94547c224f4c7e063

SHA1
a23efd71d8b745258fb5012b4b12868c06dd21fb

SHA256
8bb0c0d9c8618bcc71246e85b6928ac2e3ae55c505417695dd43c96d5f7778ab

SHA512
987b349d900e2ba1d49538bede0432e81d60ae222184cd8a32c5c1d482448a1f4b93749c23038f151fa7c8d2b4c24b6e4237c4072dbb8c20dc0d1b1b013811c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
20KB

MD5
7221feae8b8d15795ae52a756648834b

SHA1
0c40c365bf7368da5ccb184e9a2aec2246a8feb7

SHA256
f15f0caa0c89545f47e088c1ea6251014cf688ce326276b5280333b7d434083c

SHA512
efbd4b9d217c0f876128d0420b12af12c4842826628ae99926df7d5a41b53e2ab1c766dbf2f8b04aa45b266da8827323631f02883ba46398e727bb83d2c8d62a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
48B

MD5
7efd9fb7ba83d068af6a51284b82fc81

SHA1
81e7476baff11db68f7bd74c7997af36b48945de

SHA256
6ded15a47e8bb446050ec599eb372222fa730a26229cde4109d7f95f4842d61d

SHA512
04dc452f43d92eb2ce825f7c5dad454995b3b9ed144a27551c040a120c266806602f90c64d92b4bd28fce90ac6dc7d78a4e1294b3bfad1aed72e249317b6c2b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c861.TMP

Filesize
48B

MD5
db5f2535bfbeffe503a915d3bc9ca473

SHA1
60b7b10d0edbfdf23e3e85961cca46aad6f47a24

SHA256
792eceaa1a94f8c47940ab3e8ad25ee9063a682c6860e6350f4411e6425a25b4

SHA512
53ab29fed8bdcc25bd34daa084045c30b6ea7106f8d051e539e7e75a890ab667095c76c7d0fbff24f7dc6a646899cf31139b92ec3250d196dfa45975e75dffe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
3bf4b11479685b083f91de2ede2a003e

SHA1
516b9c7ceac707dfb6ab0f90376c9924a06c07a7

SHA256
fe1d4567eacd173deed118d4d54338c8713504ebcd7bb34cc2bcb0dca7a30e8e

SHA512
1aa62b058dd286ffbb33b3f7c881500afca5488b997ca11fa497766a6fc0dc97e1243ebfabac467b9e1c207f08ab0b3973b323479d1fce5e9dd125374f6402b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a55ebe3d08c3d0132a8d6030732b26dd

SHA1
479260860c427915189e1532de9df076a83f5c45

SHA256
974be96aae57ad3ae531ad78778d46dc30c91dfe497af56c5e8d374fbb399ff3

SHA512
f2c6336c952aa3f4863d32f81649f38aee0a0e9c6a58bb8dbc30c0b2bf1b8ee1143a0a72eecd7f1265ec17966798e612ebb751ed9163302d1fd98036462fef91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
e8a108dc39987bc00e56de9f4b590691

SHA1
13dc5206ec71b0aaee093ffbec3043f1e34418f7

SHA256
c700afdd708c4ca5899306f562db14f54ce844df4cd41adee6d8192a1eec14e4

SHA512
7293b30eef5bfc2bcb5d3607b1d654942be4a240d1a9dd46c41252b075d143a7f0d9aca69db9d38b7687bf378771e5f54d2337efe07175ba0f6de95c94bf15f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5828c1.TMP

Filesize
372B

MD5
c0d2d8367d141fe45101b90b3e4991f9

SHA1
fb33c56125dfc272d735dfcc46a78f94e992a891

SHA256
b0323a1061305e2d08b5f279ab33a23b0b6204939d43437b136de81d0c3817fa

SHA512
4009cf130b983d3c576f501660cad25e8363e2d74092b408268f09df63af9a3faacd3efa8d5aa739f091fc93ba98edc612bb95fe0d909e9fe57eeb91dd6a8411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
62041f541181adbf488542df51a49bd7

SHA1
bcf69b6968aedb17f48fd8e4b328ae839c483dde

SHA256
0cd5fd4cd440ad315950f1b78696157539ce56ff7924fa4c56a80aa1a8fbd55e

SHA512
c785dc474377bcb74aaf5d48785462ea2d727d97f9edde3839da63e62d67417e96ba768969390b211ee97e35eae99496c473fd72d6b0140f3a94bf2e36df8c11

Download Submit