hxxps://doaughartifies[.]co[.]in/#010130/"msedge[.]exe" --notification-launch-id=0|0|Default|MSEdge|0|hxxps://doaughartifies[.]co[.]in/|p#hxxps://doaughartifies[.]co[.]in/#010130

Resubmissions

13-02-2024 10:28

240213-mhx3jagh36 1

12-02-2024 18:14

240212-wvp25ace39 1

12-02-2024 18:07

240212-wqp7bsag9z 1

12-02-2024 17:59

240212-wkpnlsag8v 1

Analysis

max time kernel
151s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 10:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exetaskmgr.exe

pid	process
4808	msedge.exe
4808	msedge.exe
5048	msedge.exe
5048	msedge.exe
4704	identity_helper.exe
4704	identity_helper.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

Processes:

msedge.exe

pid process

5048 msedge.exe
5048 msedge.exe
5048 msedge.exe
5048 msedge.exe
5048 msedge.exe
5048 msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	4440	taskmgr.exe
Token: SeSystemProfilePrivilege	4440	taskmgr.exe
Token: SeCreateGlobalPrivilege	4440	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

msedge.exetaskmgr.exe

pid	process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe
4440	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5048 wrote to memory of 3616	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3616	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3900	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 4808	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 4808	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe
PID 5048 wrote to memory of 3712	5048	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ad246f8,0x7ffc3ad24708,0x7ffc3ad24718
2⤵
PID:3616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:3712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:3956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:8
2⤵
PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1380

C:\Windows\system32\notepad.exe
"C:\Windows\system32\notepad.exe"
1⤵
PID:4496

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
1⤵
- Enumerates system info in registry
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc3ad246f8,0x7ffc3ad24708,0x7ffc3ad24718
2⤵
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
2⤵
PID:4100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2468 /prefetch:8
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
2⤵
PID:3904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fa1ac6a519d0d69cb2abd698e150006d

SHA1
7513611b9306aff448423476e0894c5a75edf1c8

SHA256
a71cc573f62f34f4fd4461bce25204a15df79bbc965546af7d598dd06ae1db4b

SHA512
1d1a7148f066f19071c93d21f541c035d215b492ea956ffef1359bc3f8df2502a34ca900a1cbbdc10e30145939bedc25fcbbdde9b066df50dacc928d810233c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
011193d03a2492ca44f9a78bdfb8caa5

SHA1
71c9ead344657b55b635898851385b5de45c7604

SHA256
d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0

SHA512
239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
7bfd55dae5bbae5e71ec4a4b9fd15d9a

SHA1
7d5949d6a2b636f279a458cb1141520ec70c276f

SHA256
c1356fc3363d34e6088e52f3a8906d6d7618d6090cc529d84c0c0ba0997a5628

SHA512
bd4cad09503184be3d34f0ce53900a5039ef5a86237eb7ffe495fc11261e70891858e54add18d98f1d1147ae8443beddcc65b4813dfc5aa756480ac3b1a48cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
8f3d468df79f84bdc6b4f2b960802686

SHA1
345019ece82fe0dd742164e76f11f8411bf3c1d0

SHA256
9b247d36d6bfcf89a347ae1103b1faac9203035c49828f86c2aa9baaa562cad5

SHA512
0628eceb48aefeabb57dd536c1739478db7567af95fb383deec3946d2015b2b66ed2f79d6cd947e4fcd1b6a60a3506b46ab44ad20b160002561cf7a2fbfb500a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
e4800c6134f6ea49ad37c505144f69b3

SHA1
6c6f9915e65c138cfa352a9295f4ba4ac44653b3

SHA256
0f145f5b1f57aba3b96b298ab4bba0495db1ac7c642f460b92a88c2bdbba5551

SHA512
5a2df376027dd328c81244e3b33c0efe00d9b7f479f265dfc660ca591778456016a947ab8aad63d30ab73a714c76f591fa9c1945020c955c318bc1b80a2d2c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9371e06fe7e69c7aa8c597ced98f89b0

SHA1
9f04b63c1cc87c5f109b442cf0f94ea09056fe42

SHA256
b4ad7367dc653a00e1242180272038c4a12c7a75d4430950e6cfc0221568080d

SHA512
70c7465f0cc9932d16c5a4832abd5df17a067126aa87dc7ef9cc7d7b0ba210ef86e4b222a7922b4ae2e40fdfc85d95b0711e6731954b952a7f8e0b0da1269b55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0818f3f3c6b69bf19ede500de6159ae2

SHA1
c082d079c2be38861087009e5cca28cdad55fb6a

SHA256
b63708c195dce4876530c38990b26f9aec0b4a5a881a7816a31fc7b69066b6cb

SHA512
264c5f2d4bd186e0cf3f81dbceddb479837a5acae9d882376b565ce08480f242cf6cf95e63299c94f23627778cb3e31d4027875e8a7193f02c912ab6b0a14e1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f836302d3ce823534d4c2e54217e819

SHA1
d3a53c2470f4875fd9cf632274070ea272c67219

SHA256
03515dd58ec253756db3c4006af61d5b8f88ecc51a35dd3e21f8fb66723283fd

SHA512
66c80cb92faf1c9a415d8db1b890ef22719eacb54329f4d9bf85fab8f6d9004cee08ce4e3dd0a63d00150d5fe7bf6a24625152a8a559dfc8cae9f636a5665a21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6d4442144961261f62d9a8ef0d78546

SHA1
f559d44aff58995f74a8b1b5b27a11a9005f4fb8

SHA256
16ba441e3146598a0eef935f80fef3d57d328ace46a60ce769420ad99aaebc94

SHA512
0f4d76db3829fbdc31e45ffb0a4e70a20420ea2fcc8667d61e6a0b3c62d36137c35f62b1230131aa9f090336250ada2a86bef032c58ff07c56efa0398642d940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ced27da0e241817aeeef269a1f274b0

SHA1
33e2445a273e60d64d7af58e26e95ab4a6e47ed3

SHA256
929251f2ef017335b064cda89bb98fbe33d92ed689c07d00195c13ea2bfd1d3e

SHA512
a0bfcd557c1163e57b2b92e1b404f5c20c9e746c3e2eaf86b1af68561ae8e6be9c6dcc4c63742987e2151402f3f68cd3722aa04d8ab813a9ad86cdc7dd364714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6694b505a1086ca30bfafe7e3456ad9a

SHA1
ae2f9a8ba08e6595ad369ecadbf86e7ebb9f3646

SHA256
10f741ef3cd49b49e8560063caf7eeefb31a3aaa09e2af894728b7bf710617ad

SHA512
b7151705f9a9354e16642a3dcd16e4ccf04a210545ae760171be4deb917525ce00e76161ae30a79fe4f3a98383a4cb5599ceea1cebce4499fa59fe7641fb700b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
9bb64859bede102545b202b497210b37

SHA1
8555671fcde5057deff312971e153f3b34597e6e

SHA256
22294f3f648106db3ed092455205fa25ca748f4d8c41645666e0136418d49a0b

SHA512
090be310ee8f0602ed03aef2d45af0d541d02ae5a392a8c45a41f7ecabbba0f3591afcb17a553011a06de319aa2ddca59f844a86ad89e7c22494ebd09bc62131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
f5b764fa779a5880b1fbe26496fe2448

SHA1
aa46339e9208e7218fb66b15e62324eb1c0722e8

SHA256
97de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d

SHA512
5bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
620d969524aeba5974bc75507c7a79f6

SHA1
9b0f9343a3ee74be92ee36cd6d4c4b437994e978

SHA256
4fb5a0fdaca7b20d52c5130d4fdef7f4a8282f391027330cde8acdbceb798501

SHA512
cff9a7b4e5a5c5a536987e85867bc842c57163c53c320ffa43f9673ccba2c8a75356fb8666b97341f94fed37f343a0eb78c276d6e0c39b32303a06ad9330fb32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
ad5bed48edc3e990ea6c23ad38251089

SHA1
a4cb1c661d2cfde6b62fd766c41eec76e6af342b

SHA256
a108c17626a51765451bf5049c6559608d14e078e7556923f6345f57a391b5e3

SHA512
49e5ac3d5f38bb600fb6fee4c93ab7b957ad39c7dea6f3750d48f85869c95e6e37be9d4c5ef5663542fe5b967d7d984b5ef1f0fc517cde81014726902cd01c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5a4eb60a225780b179704f5f8ca64157

SHA1
bbee7ae9b1dbb083a8adaaa40c5c13cd0c5ad6a6

SHA256
bc03d4ef85414b2af2bda933e06a60954909493c733601940f7af71b10d09dfa

SHA512
bb79ac9fe44194c44f023e8cc64e1a8f19722ea7cb186d06e4e6273d22f4bf486ab5c9e6d8cd23660e056f83a134f93de566a3bfed6b409fc0bca5d89b1b1547

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
3cc963b9b5c0ad666c157cd2d9ea62d0

SHA1
362daccbcd3d4c077d2e7df3ee9fd18bc03603d1

SHA256
e7ba5f5e040e7a3810d17e3232530607c0e52d79496cb1373620f797d02ef6d5

SHA512
1f024fb293e225b29c56bddbda043afb1cc8436dd225e50a211132b35d8c770abbb82abebcb529bcac6ac26dc90010f0ec7062e21d14ba629b85d5b0af270560

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
428077b67de355ea5578b9f77150ac7e

SHA1
2de9bad985d2f36f2f29b9f50ae314c749bd8912

SHA256
bf97c8b107bd354e82a66e86deed9714b2d1a926a2e8c4e64f144f8fcafffed1

SHA512
210d2e19feb9b41fb44ea3335bd5fc47608004b617559108386caa21860431ef99433aa113ddd8ba059b2e05f45d6d7fe467bc271e2295593b254c205008c75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fde6f50884d36b9fb4082c47f2a67a41

SHA1
f4f98be485288cc30c8a445b0d57b2f082644fa1

SHA256
6fd54581572bdfaa6c26ed901d6e6de8e67097fe1c3506baadb845ce0f0aa7a3

SHA512
39f3099d579623453095e05d4a4163356c56fbb74c66e4d20081f12e0cc6c17d6418a1852901addf0fa244bf0f300667bc2064aab6834960d6896de4550a88d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
1.4MB

MD5
087069aa14fe94842352ae21c8c82638

SHA1
f644fbdbfbf71cf20f882b8deb524ba96ca2f56e

SHA256
caace8c52ee8aa827ad1e140e7735090419e061eb4323b25eac3b3449d528651

SHA512
93a09a863020777b286615fe5579013ff71aae893cf493250a90874f7037e475a37f548273e1a28b931a7f7e9fce9c5ff2ebb4f47b6316319ba21b7ee1cd06e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
30f4138f9b22632cac97d7a04d484ba4

SHA1
84705992846e0714b4d1327fcaaa4069b7d04674

SHA256
0016f35cbf3d6ebefc6d8c822306aa392c281810a39602709d7afff13c1a182e

SHA512
ec0d641b8ef38afe9feb0b3001991490e64e93dd4c6cdbcb50a812eb847ef71b41ca4aba470121d7c6a2f3a91b54342306250000e477dfaabb2c56a9fd98579d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1c7fbaf8862e21d714551f8a06116918

SHA1
a4ac5e3f0b8f8119862c5f176f6b39a2860f96ff

SHA256
794ff47b066c0e107f2203f4205d206500f13bc215fbe9a716e455f339446802

SHA512
e2a778b21607fd794fc5adf0037dae5c71321d1468d14cbada825ffd2886d2e25c4b464855af7ca446ea2acce645c7bf93f4089244495db74060da02aaf0ba60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ccb6af172baf548a1645eec04c322796

SHA1
9bf0bcfb1c698e77c8daa2b55e1e05ae0bb68972

SHA256
337a4898fc9aa190d40070902d32233a303ef427adcebf8afda48a007704075e

SHA512
f97c82ba3236e81664b9410c36cfd37f4fc9a973d4ce455e3ddc25ed51aa3d4aa49ace6d41b54fa2b7143d9485038a6a97da8f6b9442ae8f356c8119721a031d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
2ae696171723ee2637de0614a68d6f24

SHA1
2f3b605dadd8b14da3b344cb725593b45acd1e9a

SHA256
c401bfe721ae383f59633867eb902c548af24a7d215d480fa8f6980bc6760e36

SHA512
21006d50d0c73688610f491dcd63b692f8b2e51e01abdaa3d79738f46ea3826f2a465a201d6e7d5603b830afc262410979d0f7b670e8a43faed64211232ae40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7cf3b9763205d75bdd9f4d9ccf7cc1ce

SHA1
ec58a93ac2c30cecf7faee2fd769d85965a2b13f

SHA256
e8a5804c166002657557dc66760932a06781387c81e3ef75522f0025b72ff25e

SHA512
34887976f36b7941de318ad6a871a6889b4cdac05ac37179455acac53b30751dda193b22dae563e4739232c7a5979eadcf35893a574de9af5eddba7e27110240

Download Submit
\??\pipe\LOCAL\crashpad_5048_TWWXLKSKVVSNDERQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4440-211-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-215-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-210-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-206-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-205-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-213-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-204-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-212-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-214-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download
memory/4440-216-0x000001A4A0E70000-0x000001A4A0E71000-memory.dmp

Filesize
4KB

Download