hxxp://17ebook[.]co

Resubmissions

20/02/2024, 14:57

240220-sb21ssab21 1

20/02/2024, 14:55

240220-sagcpsae96 1

20/02/2024, 14:36

240220-ryrynsac47 1

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 14:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://17ebook.co

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{5C59E08A-A0A9-43A8-8C23-913AB375A3EA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
828	msedge.exe
828	msedge.exe
3264	identity_helper.exe
3264	identity_helper.exe
688	msedge.exe
688	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe
5104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe
828	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 828 wrote to memory of 1532	828	msedge.exe	83
PID 828 wrote to memory of 1532	828	msedge.exe	83
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 100	828	msedge.exe	85
PID 828 wrote to memory of 5036	828	msedge.exe	84
PID 828 wrote to memory of 5036	828	msedge.exe	84
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86
PID 828 wrote to memory of 4616	828	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://17ebook.co
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2252 /prefetch:1
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2620 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3880 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5788 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5072 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,7433309490613855948,15692691738844181093,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
  2⤵
  PID:1656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
29KB

MD5
df217f862f4073ce4585999df73a53fd

SHA1
8f39eb965e90eee20c2e94f547acf0db9aec24ae

SHA256
dfc2a82c870fd4c1a5b67929c316aebf1bfe0e8fdb90d64158a111feeae9c0e3

SHA512
f52da493abb8eeae24642e958cfa6ecf50101cdb0038ca7b952a19f0df0531e44828e4d2b9e365fd08a73a3f78009fd76af37a1ae58b8ec526720356c2767738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
408KB

MD5
eea5866ff8def80fadcb5cffbde6df92

SHA1
6cd8ac6d9f947cea4381c6b892d513b161dd4e69

SHA256
4d06154eb05f5792647084a6675847da0f4a66575c8b2aa053ccf8e3b08b7251

SHA512
47a3a50ef58b6484239b25ce6441a3fe2eb26329c09e755ad1e344313579a952b7ea982698c820ed70c60cd53ed5854055e2c97d54703efa1d84f9e9bb361727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5475610ae02dbacb829784901cb20cb4

SHA1
ac5e01873a3e4ccac833b8bf92174a0412a2a390

SHA256
0c6a5191588e795271243d9ba6ef48af474f60a1bd21ad4328f368675152d323

SHA512
137f89a7a670993bea91b94504b7d4d6ed582ab34e4d38701699d69f518927143e968e68f5c1c00263e97b5f4a68e7785ed6b2f533ce7c717f728ecc9b93baa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1f56cd30982f84c52c0fb6da38f89e7e

SHA1
f98623344eaad54bc98b35cae683b9348ced7263

SHA256
fb610bc8b232d5182b0258439bbcad40ba759c790dfcf4821adeb783cc2c62c8

SHA512
fcb6455a1d58cd21252e56bdab190121e05e6fa1b2fcdbbfc34343c454851e0a0b122e0482b9c8a4063717a14268b732b684997c25090d535350f4bb17e664ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd08bc4d8af9d7bb0611527dca53bb33

SHA1
6f95f6885d30e00ab32985cb7b1fa7708b8f3902

SHA256
7a67b9878344b1650f6b3eb0769cda8b6b5711d48df1073d8db964374b51241a

SHA512
8eedc3c527d72389e6b5ae176cd35ab3cdf041fb20e06fb2d9b8f9b378f325cf027a63408a0be896bf76cd4635e5942c6a56a319218b27acfc8e6a45a89e91c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
65b03e768017d65fe921e424c45df2c5

SHA1
07a8d31f013692fa7eba88158e47eea943ea1f1f

SHA256
e4c49bb36db5fb7e784e1091fac04c705cec5489f9aa27860b5b4927661c7c0f

SHA512
a8077017e11440ed28ed395c60bbe7ddd912449993ae660736f011e8e56ca859df95ae3e7d2f40679c38f8fcbb061088f816715e91effcbdb18bb6e03af9ce19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fb4be70bcfb02fd21dac77c4a57c6e26

SHA1
3439e41ddeadc8ed3a13824a938b5e1d460bcf00

SHA256
412fb779753f17fc631a521a9b166313e0b96a568c08e06ee2c3e0dd8f02f133

SHA512
0f45318eb85e3c3527173892032d1d5d33764c6df58f2ccdfaee65002d38f0ce9f8851d4cb5cfc247ccb30fea3dc198102facdee912707b93d2c80ef5cf3c5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
42bd79d8c2ab18215ad7d0529c71b134

SHA1
0514d51f04d2fadce19a538f2627da65f324066a

SHA256
e258ac7808f96d35f7164ed4ba888ec2f58f39ffdca6b894cff09aaecf51d8cf

SHA512
ccacf6b500dec5d56fd3f85857995634be88efa6f0c6759fcec8c0c5319d29ddcafcc17fdab6ecf14f19cce893285b36ef304006835c03af92b72b9e4296fa09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3aedf12839e0ccb84854a8d9ebe3b9fe

SHA1
aa19e281c0298780ddd87bc889778bef7689a55d

SHA256
0406a4c373d07699b4b7b599e4a4a578ad324ec8ea8b3c72d2f8011105002574

SHA512
fca4ca8eb546e94fb41f65f0b8bf718bfd1cfce070e38dd0f3e3d8bf62446849039b456dafe2c0b1ec61e916910f0581aa0e4e73e6243ed8505b06c81c24c1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
377dcdc513a2cb51a040ed8c84f61847

SHA1
e4485013ca699cbe8648cf68456622716573c1c8

SHA256
f54a0850791d35003695af04d9833bfe9231101d289ae39822114235bb80e66f

SHA512
fc0bedcd174a20cdfdf077a25088a26175a8506678e6d67f55ddadd32fad74c5828acf699f87c5eabc6901dbf5fea0833ad083c589a3e8ecbcbd2803a0aa1c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c87b9d41af24d716822365815a339933

SHA1
e0f650e99693967c130d7fbfa4208ebdf26d9e26

SHA256
e629d0c5094cab9af6f6ee97ce37b820147694151883f710e0c6b7b10aa51cf2

SHA512
eeea0a4cedbe48d00b08cfe18f62f402bb2132afb9979b78d3b95a3395b72adad68a43e858e8116913eea18cd2005bbcae25a3388d45b35bbfee77a93134e83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
52826cef6409f67b78148b75e442b5ea

SHA1
a675db110aae767f5910511751cc3992cddcc393

SHA256
98fc43994599573e7181c849e5865f23b4f05f85c1115dff53c58764d80373fb

SHA512
f18df18cab6b5ecd71b79c81a2a1fdac42cc9960f62f06ac25f4d6487792705f2766ee3a10239eaac940d090186e6bc820e4eb7a5ee138f6e5c1c64f951b960c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
b7e7c15e0657d6ea7b533c1cd06344f9

SHA1
1b3cdf6f000ecd1d7a41b80c121d2e5149d48287

SHA256
71b58a97f377f3ade88649ffa9ebc4f84691a884304a1968e560b53e1221f691

SHA512
954d08e0bb94747186f63901f801bb049ef4fc0e81c91a7ea3553cdc67f06ea243935aaf57ebce38e6111d083aeb836f2ff0aaba7047ba3e45ff57a78d6d6e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b303fd511c043d75b38b13583e308b7a

SHA1
8e1cc6f76bbc146ed7a174e7dc35af494bb7dd72

SHA256
6893cf374a2bddfabca527b3c5af7f166a4e76542ae91362c0d6f4e2720825fd

SHA512
727666841cee2b77d3863b60d42f4443a2d76faf203aa01e60b8adc2eda81a1383cc48ede1523cfcf58683aca27830ebbe0c2d286b587d8ead6806ce4f1dc030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2eaf87edd233e862dffe3bc1a6457be

SHA1
11026e82d27256b06b244f63e2d0f845aceaab65

SHA256
9a2fe0d7d5722e10c7c895f9585c610f8348fc97b68ead627c6d93559f5d84eb

SHA512
bf4cab039fd799be76ce41ae881f3b469427a6a33047a980ce9b33b5ecbf8ef402f72c5d7ee1cc241567bf2e8a3714a02a965cc41009491bcd6ae41208f830e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
72f75820f87aca34e541befc6028b571

SHA1
aa9933f0df712ccdfbdd1b25e5b748f2384469b6

SHA256
4d3d424f53b0db9b756f0591c708d15491073c0efdc19347b881bfe866255cd8

SHA512
5b0db4c675c54b13c622457bf7d49a1c69e7e120cbc40efb19dcead24a172141a03e0ece6779dc0efb4d1aa37c4ad98516bf824b4754e3db148423b3dc075197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5889bd.TMP

Filesize
538B

MD5
4187dfa0e86e2519f2211faa74f26bd5

SHA1
e8fd59d3eafd008f5d2795de1050204fe6f4cc83

SHA256
9aa2540d6a9bab2414ae69189c76566c431eea3c9377bacbd9406330b0f29ebb

SHA512
d8e111d22a560e304e7bac3126138f1df5c6eec998a091c8fd94440ebd0583400a76ef56c7c1b0b36b0665a80ac437e3b0bcd1ca08463f167afa67d2891d6596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f8b63c79-c32d-47f5-9bcb-f319e3fa6dc7.tmp

Filesize
5KB

MD5
42a9fac302a0d1285ce6aa9e69a0d801

SHA1
4456d1ec90e74a5f248d29b7c87c8af68edddba3

SHA256
fe2da078b24d8577bc8045c7c652b1b84b8e993e3cf29ee1564a0c4798d09655

SHA512
b624ff3d39252fca0b4dd2fddba2246c68c835315a7f68843bccfa754f9341f3dc7a248834757d90a894e976685870ba721e3a8ce6780a14bcb4de0b0405aefc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a0cfe5faf96dec856fffda4f758edb53

SHA1
740e460af56bdea48c6d4e413b518bb48da818a1

SHA256
db22de6febf834f4dff7b36af6eb76d9b670ae4eb8085dcb59a860fb2e8a86f9

SHA512
23129261d9d615f79be55ded0155097143bf2d7de782eba18632e4c11d758ce8e85ad616a6f42d51eb34f27d65730c18a65a0bf1b64d89aaac1da5a1171b24de

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
4727c1d7a7800914b3e763129f3e3194

SHA1
edaa893ae1ae22c755e8ff76ca2bf150bd92a1c3

SHA256
92d77bad897d73a2026b33495db73aa2aec7e886d1673abfe57214cb0e603b03

SHA512
d793f580848f4358c4fe1b5de77c506051e6297a602913a320d3eb3a805f2c409d44a67d893156ac37f5de132a1e85437a91df8cf4f2d1c6ca0a7f2568da3cab

Download Submit