hxxps://www[.]google[.]com

Resubmissions

02-02-2024 00:48

240202-a529jsccbp 1

02-02-2024 00:48

240202-a5t8yaccbj 1

02-02-2024 00:45

240202-a3333acber 1

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 00:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3803511929-1339359695-2191195476-1000\{E2777357-9A5B-4F36-8413-250081C9A221}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
4308	msedge.exe
4308	msedge.exe
4576	identity_helper.exe
4576	identity_helper.exe
2412	msedge.exe
2412	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe
800	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe
4308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 1332	4308	msedge.exe	48
PID 4308 wrote to memory of 1332	4308	msedge.exe	48
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2740	4308	msedge.exe	90
PID 4308 wrote to memory of 2592	4308	msedge.exe	88
PID 4308 wrote to memory of 2592	4308	msedge.exe	88
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89
PID 4308 wrote to memory of 3408	4308	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffea8d446f8,0x7ffea8d44708,0x7ffea8d44718
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5316 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4540 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1256 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7201036437564326056,16828190089207181319,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0e48683a-6f76-4a2b-b376-2d0e1a0048dd.tmp

Filesize
5KB

MD5
e7d79d49cd0798d3f98478c606af6c66

SHA1
4f6c06bea4c5b5c77eb64c39194e785ef52b2235

SHA256
e32cc1bfe66ab41e77dbe6336288e687a9a894922e692b77f18e30e4ac501c9b

SHA512
39450327546bff5edf1e3e3522f1cfb2afc41ae420b468b67922d609ac6d262a580b80628c3a6c3f979acc1a8725df1d002353caf9fc69e9254583a117f66070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
27KB

MD5
892a0c5604126eadf66bbb88f1489b0c

SHA1
dfa88fa58d34c62599ec210fd97129650c1d4c72

SHA256
4a61366d6fa7400e3a523a7ea286d95f264b244f1adf914401478dfff92fe1ab

SHA512
738da759231668178c2b7e0ca06de6f1fb9d79b475fd264e7332af71506f114c7a5ea70e004c407f9a06fde69a657364bfed321ccb00c3727158618e2d880885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
7bb514fddaeda52f74a53b57c735e3ce

SHA1
4cd89568ce444b10312a573375e316fec63586bd

SHA256
d16bf0edefa9d842cb3e43d99a99f53e8bb94b19c00a46a06416c8d3c63f8254

SHA512
58c50743c96024ab00b70c785c449f8c60384857c1c8695ed7d6776030680a3dbd4fb371c57cd359dc44c6c6148912acc00287e46ce39461a7e5384961304c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1ad55657609a7d61b198370135362a01

SHA1
2a3be6eb529b5c3e90dd2ce046a499e38b57f1f1

SHA256
35fa3e0efac6158b678a51ae1d0314442bc19711e44898354f7149d7f5d1d659

SHA512
dd38208c29dc644dcfe52977d607aa2cd60cf5640b884f2aa2470a0ef7f95d4e51a1480c50a8edc49011cadf40efc82729950d8054447af331a1361695fcc37d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
58ec8cf45d43ff46fa159d54881e1f41

SHA1
0038d43fedb101a1c16a2d2ad3540295257dcaa3

SHA256
5f833a8342fd42a1da67c92b87f4f0c58ec673fcb69f642480bc21e27728c98f

SHA512
39966ef6585045ee2f9377d5415591956e3d816ad64d437bc81dd88e5e740e70218b17476723bd6f7e5627a88177e74c5f5ebac9d414b1bcaa4edd9ab758da86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
aacc9cff17ebbd0947f8ea7f0af89fab

SHA1
d5a581dfcfcef5bd71705ac9eeadb931b3b39728

SHA256
c4395ab84ce3a61b4121281b308a3bd70d7671209b16b2e26ab131d83db9cae5

SHA512
dd02288434d4fd3a909b149bbe9c4c394cf8a02f9ee81470eaa3e8b71d5e269bcff982caeeac5d0e4328e1ae30231c62d98ecc09666ea1d262cea3cd94d1bd3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d26d5aecda9c00ec0b7653afb577bc39

SHA1
36cd975e3220d300a90d30f2540aa8699068ee9e

SHA256
e4288943b2de99ec6bd501bbe892b45606682b1b742c762831b06fe7ea668ff2

SHA512
564e8ac29ee4b4ac2e46e6bbde0d2169a15e7084eaa3b0fe0964abc2f61c6a7c2d7a6beb036928f62d1bd298f718f410647ab4da03fb00dee35e8616607dc7df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df6d4183c93b9fc67011b45f0e3f7302

SHA1
abd9fd38f49cb46b298a0b1dba35136117208b0d

SHA256
078dcb5c93e25e97db2555e382ff7b537e72ac3fdafa0a9f10b7609f0838d2fd

SHA512
5b54f14fe43f7b6efa2f52cab044981348447e79f68f86b2f3e93ca352c2aede2a812a9ca7b03aa12380fca8deb77788885acbd92f1efdfa94ed3b1960f7f3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
daea3b3a504e5ef93af09f0264ba8c43

SHA1
9830f7b4395f3ef9e9e18fcc9d23ae71b604952d

SHA256
cb2d7521581b8fa2670df1001e590a07e95a113f2a4ce72bec76341e5fc710e6

SHA512
112674922b1e30e9943e636e3f4576241859a154a0665308a0ae6cb8cf3d38b21b51592f2902703c81cd0c248ffb3985f5c09a5f73399205ec06c7205cb43f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3cc19a314155f812144ded5756b97b1

SHA1
2c5c06b882e32edc7fea72410ebdd0c24b4fff4f

SHA256
a78469ec16bf5e7e571264cc86f062817b0ef89dc6069533844c31f1ae6c4d1f

SHA512
d5f65b832f0a1bff2d05096e8141aacc54c615ef72832a3447b3d1be053b781a985198001059751e19cde2a0fd260b3add17b7b03701358d69d1cbd932b224ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1adf541e692e8b87580088f4e3f1bc0

SHA1
1ff11241f8b70fcc24704c290238c75b25dc9d80

SHA256
05fb3b0020757c0d1aabee5a3ea2f96529e74d051fecedae960144b039be38a6

SHA512
d5d60f0479608cc1965e5516f6e890c589a96bf75af31b9ae8c8611fe05a2c3d9402ebb485f522c0488e5f1a269ed51d354b8692d57c9b7ea56cfcbec1991b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
79ef33d03de34c3f0df992aa85fd0245

SHA1
6576647d885556b66f29481acd61f03ba003dc8a

SHA256
c912bd63b1023f84cb702ccd6d4d98429381bacfea9890ff1a89f4d028824e49

SHA512
79c7b7400f252d7e6a9de6387ec5f2d45df99b4350538b2715bd8a08ab6a260543a1911faf130096c84dcda2e12eed2e56d6c832e8d7bc5ca2cec7ebebccd51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
66c462ef163bb9b37609373e5a71cc3f

SHA1
e708d4a6aad69c61c4c69e1d6260b58046ee0750

SHA256
ffe18dc6936adb93cc454f9c095d12ae2e94501275f81bebfe2119d9763d993b

SHA512
5b04136d4130177b08aa54819db1c7cfba329a6db30c4c218fbf042d022f873f0e3771ec7b0bc093806ae94a948acd10698cfdc31be77f674d59ccdd168c13b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
1f6c2e88467c763521b5d4debbfa0674

SHA1
9cc7e253301dcb25d7b996561d7226cc59680a56

SHA256
acfe24608095cbb115b6eeadfc4034d6a13ed940e1c835657c5e549208d372d0

SHA512
963a1e9fb1fdfa2e54a9d9d8fde3613c8838e105e02f876c28982af121e8a8269d78b94fd5d3a442648821c9186c76eb616a1f2a2c8472b145ed02c1b0852bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
ee7aa55a738dd97e53f951a2450861bb

SHA1
3a0483573800fb93ac0fc45daccf4a352788b67f

SHA256
257892a79af0350e865c70f003974bf99b6838c0e3bddee70b816118d6bbc422

SHA512
9db3ad835f6aa7c0bf8a201275599a04375b3305c0aeb0c6971add91873fc04bdf2f5c1d9cb9ef3e77762a9fa981a265a37b2124f3c361a8ecece5ba0cef5b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
0a5cf871e58dbde22d23768ba8bc7041

SHA1
46d6c71da5f6fe8dc47e49b471900322663290f0

SHA256
912f7b0b30deaf07357e193b4b9872be17f6f1ba4ff2501ad940e7511e0bfd6b

SHA512
1b01605a3ec304b9c8a07c0d8ec957d1b2ce67c221456dcb99fbdcda507daec66834d8f891b558362192f2db2c8c9408a2d2a2a7e2f137c8097567f045656189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d7d2.TMP

Filesize
204B

MD5
a4ee6c5bb3339716bbb480778fe369c7

SHA1
a6789e15889b8f29987d8bed5edb01145cb0e8e4

SHA256
728b1f40755ead6ae073c4b49a84a163c56a8cd3d8056410781de7abc7906ac7

SHA512
99ce3bcc4006143ef8afcdc674e5f4b6552e32e0a1713991447c4e8040c353e8a3d5a69546ebdd1667d915ee27e57567d6660aed4e762c4eac41033a9cb73692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5bef481cd92b532d57311e29b1530cdd

SHA1
b372ac3e2afb0b7e06db729a74782330528dcc13

SHA256
c2ae2f31cc60eb05ab89a664cae808de5deb4ff464e4405d84f75f1a22d6725f

SHA512
7473837a5595dec702c3fe4fe3ba98c824f4922a97653891c373e50bdd5fbea4ce85ba85875795903ca94f7729c38e7385b94e85a03ded800ece31a250aa0808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
89ffa95c518724a83e38deca5ecc96e2

SHA1
ef15f82268bb57d2d4aac0241f9439cb2063aa7c

SHA256
80588061c3939c152131c291f9a1c5d798481fe9ec24fbbd8733756c8e8d76c8

SHA512
1435e7df193bb897df334dde846c9c05e049cce1c560fca5014086de1ddc073ca4e4f3bfbfc6548b04cd79bc5cd6265fc39aec07ed176beab58a303bbaa15c96

Download Submit