hxxp://yogacenterkaruna[.]com[.]es

Analysis

max time kernel
63s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/02/2024, 20:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://yogacenterkaruna.com.es

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
4236	msedge.exe
4236	msedge.exe
1900	identity_helper.exe
1900	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 1572	4236	msedge.exe	85
PID 4236 wrote to memory of 1572	4236	msedge.exe	85
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 1616	4236	msedge.exe	87
PID 4236 wrote to memory of 5036	4236	msedge.exe	86
PID 4236 wrote to memory of 5036	4236	msedge.exe	86
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88
PID 4236 wrote to memory of 460	4236	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://yogacenterkaruna.com.es
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c6c046f8,0x7ff8c6c04708,0x7ff8c6c04718
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6808 /prefetch:1
  2⤵
  PID:5128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2916 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6280 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,714098931346261014,10772610392045752931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:5832

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d929bce23223f09aad5202dfbb317756

SHA1
12779816596f2906c99ac6d1099fb00601542d7c

SHA256
82b41ed9035486adff13b7085e7c5ee2d9de06ec11d719a835ed01d06f60d132

SHA512
507fe0d00dcb76050b8a085a78ffa365f9bb6842220cc89796341f8cbe6ceff0b3fdf1c38f6212f54db3fe896346d3d9aef945258058295db4876034ee675652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
86ddfba0a8740f2f3065fc3be8ed6a52

SHA1
92895a0264f2ec76da0717eff7d7a8796a0508bb

SHA256
a378f38c2efeb4daae0a0c67477fb113c266b1dc1365245b314360c0fa4d4b6b

SHA512
cfe9fd04abba04ec9694e0cd7f1348df0fc3a657271be781c8d8b2d96214e189fb3ed5401715d6f853c62823d2b2e26d1da2fe41c23739a860ef58e4239869f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
3ce8f97867057448e0a381bfab708c80

SHA1
cde0dabeb192b03ee25940fb147bb8266ebc6c31

SHA256
ed6b249ed0420a3468448c04693fed26c19ae6d25cfdb62521342d0f8f2892cc

SHA512
5f578e462ec2e9d5b773f447aa2895bc33b99a215dfb175d371583c706239c10e4040570d204e8f52b18f5b03bc2eab9290b0b08029b43960a0cb099a9bc0dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a49a39085aa3279de27bc1e434409f76

SHA1
c82f78958859aa8ea62dd3f420a5262bd613cfdc

SHA256
413a9fd4ecaebd17d177ecde351b8373e7a5f477ee1ef42d1a7cc9e675a5259b

SHA512
296d286f05a852117c06f3cd3308678af7b826893d55626466c5dd1947c158c4cf33326a0a9fe9bc58efbade3ed1933ec0633b11b420c8d044f1b662f71aaf64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
106f59443dafabb84d327c52b875d8c6

SHA1
949af8ee07912d66ec840ec60c3b63faecb1fdb8

SHA256
5d830c2702f1f0f404e4414935813415196a87024277d74939c948e1ab626281

SHA512
ae9a05cfbe0dabfeccff4d4a3cd436dc4b63ccb240d7404fc68998c1b11fee20dcf4c20b7fe985e479b4980a74d80303d2e698ad879d0b8a59ce5fd31add9ae5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
997e6f60c0fe3e1ce72b32a268639b1a

SHA1
ef5590f00d27057d0c644b9517d68603632b60ac

SHA256
d3c6d897a895fe5bcbe13e7c7c67766a07b3c1f333a3f3fb1f0b05310d075d1e

SHA512
38c8bd1d2ab9c55c5e800ac5ae8197bf532856d1f298341beb85e17222e289ad6151f355258f05cd69620b2f9750d1809647dfe246c72a45498dff98c3c74086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a349d560463e3d0e2f72451fd44cc64c

SHA1
387a18b176cd73dd168cbb9170238a5bcbbff3a9

SHA256
d12798f2af96c9c7f1227b0844794909d1f9caa0848a52dbb6bc04fc5ff9d303

SHA512
6ee656229b81083cce2bc70f79f5a2c421ee4a80aa7665e6b50c53e672d7d573e4ac67ea294695b9f09234e6d452c4080ba4719e0b32d225880b2c8b31bbcf35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\c0723d6c-2847-43d5-9308-9664ad35a382\index-dir\the-real-index

Filesize
12KB

MD5
ad9655599a1e5b9190a680915691efa3

SHA1
2a8eeb4e3d8193d1fae918b8bd0ef39a76d64904

SHA256
aa21b118f5c67a3bb038d91e019864e8ebf0bd8cb03f43b6559fede063510be2

SHA512
68b2f1d552238b0ad5b072b245d5ca75fd373c5faa683f23bfea13d8e73495a854c928ccdc022be7bc8522d167add25abf506d08abb9f600ba959e1cd1eb4a86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\c0723d6c-2847-43d5-9308-9664ad35a382\index-dir\the-real-index~RFe5840dc.TMP

Filesize
48B

MD5
73e7b306e178cf9129fd52a7ce938997

SHA1
95953e5dcc4358bd5686106b8762c74553190c0f

SHA256
2d164874280056dd5257081f482150ea5213a03abee52b26345cc2aa0c48e857

SHA512
567b04cd16a956fd603187cb9992fa7bd23026a2de51f1649fc5cb26aaeb8866ffe3b3e9f117f540ff021b0d315541071ef59d7ede87eb1b9236a9953cac8ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
231B

MD5
88430d778ed6485c0aad753b7e1d631a

SHA1
e1440d176b8b2418183a31e15b130dd941fd3855

SHA256
e8006808e271ba4ddf56b82d974bb5d073cc3e15e091fa914801659654a84881

SHA512
be8d34763384f74472f095184022bfa3269d67e228c1f29b1dbd4faf427a215dfd5c0ca541db6851fb8cd3effd728aa8a2b3b2c851162bc797d6c31b95cc6c86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt

Filesize
228B

MD5
b98d6225b242c8978b7e1d12e20d568c

SHA1
4886ad5bfa27fdc09dab5c3cc96d2b0ab4ade9c0

SHA256
1d8aa71320eb63e54da14ad88d35d8d8679b24fce319bb810722e54e4359d494

SHA512
00b299d593457f5ab22c07986b0a8d79e21af393602ebc31eb5022f03fae9fb2784e80958f72d7ea2b24e55281844fdb19f40bf0241f44ec63c88ba97d83641f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\29eb5eacb05363703a494bbad16a2cdd1da1fb81\index.txt~RFe57aa2a.TMP

Filesize
235B

MD5
11ad6edbace67931f44e92e338a3dba5

SHA1
911ccfcf5671218241f3b199a15d755997928f45

SHA256
f7065c2a63d4f1a92cb932807718768817128cce5ef8aa38556683f1fe54e100

SHA512
f7cf682251f5e4f9eb182893ded4f70b7a8e2d8742fbae5b0516d5598f7dffbf4aa89e5e337fdc27ba9ea66246ca0d5f1ce01f2e4af28d2130e77a784cc59eb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
dc5771f66e9717605ffcde7c28926eac

SHA1
6a33b427c332ea861e5e24c0027b77a1180d61f1

SHA256
48f2ebf8605fcb178e8d2f960e73cca1faaee1a10a1d8b62ee51349fd50f2eec

SHA512
12dd970a4a69974cebcd12c650eaf3f6942c98e224916cb31df512fb1e252aef29941d4206163425eba5b59461c564b3bd5734d5fab4d1efb1dccb96424e2776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a9fb.TMP

Filesize
48B

MD5
e7738fccf8f41ae3783d2ead103df886

SHA1
e86932e5b907e55e498bf75272e8bd43f3f82bc7

SHA256
e9ec668acf5e04bc269408bf68c14d6ccd136c50e29f62156dec24ba42a16ad6

SHA512
c18f22bbe690444822d886178327631182a0c02e07dc71996eb703a57e0b87ed025fe7df25195439cdf85033fe1147fc721a1e802af009847857738478b3cf43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
35b15d4e6159de85f44950c75fcb2982

SHA1
5d8fc7ea5595082c294b674dab2c0566259d81e9

SHA256
ad283d4999bfd3eccf233116bdbd3efb4d7ed28174e250dce7f9d04e3ed52b12

SHA512
f4afb4d0db398cb4f9e15eb3b1a93f08bd8365f9ae3561af1af277455e5623023f812314bc37aa313591f81087e7958e8e106941160c8df1fd81e602b35cd1d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
2bc258bf2283ff584ac636c8bbc9b2d6

SHA1
4791c3e54311102b5419eb9a89c1c1c7937ea226

SHA256
507267266511c42be88f71c174471ac3fd51a18a0c387a2162b03cc6a103bf95

SHA512
5fa00fd596eebb5924f79ce548637e31fd8d4b1eea8baf52431bce18578b73c3e3c5211ff706809b37c646b0453cfb68552ce7d60c3b320bf74f27aa86b7e1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
598fc0cd7d31b9d32b093bcea283c0a9

SHA1
e67a16389cbc02185a346799be3fcd417d36c800

SHA256
fbff8b64ffe8546d40a0e4f19a7020f449ad9b6250bcd58f21a21b7bde19a737

SHA512
a2ffb57c1eb93be7f9c1f39e9f1cf569abd9ea8dfa270cef082e4e6e78b65279454ea63c21c4a0a8dccc63cee025d4d77c70a75bf2bc2a9c69f334f2899a0c60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
111fa256429b73584cfdd80a6f9ff846

SHA1
c1100ae61e2ee5f982f17d54895af40690b1cf11

SHA256
7def14ef427b4eb5765fdf0259b2818e63268d31ab40a7a90622b7bb3e7faf78

SHA512
cc477f375f10c3b94d72dc9863df11db142c5d088778b8b48c1648c4290ab86e003123d5ead26252bde73029769ce7ab6cee40d79881a9b735ee6f5210f70e76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a11a1f37712180f2aa1a67d88bb9d637

SHA1
e98ec4212c33526670df7ae3cbe568a5750e6087

SHA256
92f1ba6b53e3a2b8f71e28d5e8b3a7031cd77004cc70184c98845f1820f7f37f

SHA512
6f0b69686e49780955d36e69783c3712675d2c4fefdcb1063dccab6fc6fae85693773ed739fdea15c6b572d5ba791fb05b0a9fba8f989ce6d51630173711b281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579ccc.TMP

Filesize
873B

MD5
adb5581fac4aa6a47aeb121f6283e7dc

SHA1
17a9dddb3c680c4abf7ce4b784a86e06893ceb10

SHA256
c48ee2ca35c6334d7be019e144b00285b187272aa6aa55a4d8f215c2751269e0

SHA512
cacf5d86831ff15bb7cc8979a44ed2d3cbe4824956708d74c043038e2b2b184c6b85a98c5ee4d96d18255044dcaad5c3e22d03bced91e79a89299e39f04d8133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
784b680717445ffbbb5179d23c647c52

SHA1
c41a6af6329feacea196094be0b0a25040bc74cd

SHA256
fedd6eb41bab41065f9140ee163579113017e8295ca7c06bc9509fe66b52aa20

SHA512
1f7de04ede872e3ada882432c5df8ccd8566571c41588abf37833700684eab607abd96f74be242d946f932bfc96152b615ad32c0ec0e226ef13547ecd0064667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2a122337a4b769047cef5db11095a97

SHA1
03612f856a26eb3ae2205485bcf119d50eff7938

SHA256
c375bcef47a18e765adf6c7453bad9b937e2a40acd9eb8e64cf8fc7935058abf

SHA512
2c96fb883b95b522e998dbd1442f131d1184ad16f163c1966fec0fed498802441b554d0c8715f97ca68b4bcf73d25331aa55acb94bd81e41cd40f0a56eefaa57

Download Submit