bf8ea959a382e6fbdd510054b1b47e15772581dd395e19af60009e9707a860f4

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 03:33

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aZB7o4816880563.html
Size

42KB
MD5

e98a5749ec16d1a3e023747be659ef51
SHA1

8ed57b17b2bf07cbc46f9ad2d8084027f69cf88a
SHA256

bf8ea959a382e6fbdd510054b1b47e15772581dd395e19af60009e9707a860f4
SHA512

38d40a733eaeb92a21169fe2566da04439566235927dacd7f9a32bb9aa13cc354ae74cee84795bcad4c61a7a45555f134a34f65e36e359f106447d909a10dc17
SSDEEP

768:bVwghq7we+DER9R6FVipdvuK/8x9p5HutI6g6TqVgGo4a5JzkI8pyDRgXwghq7wD:pa5JgYDFzUX

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
128	raw.githubusercontent.com
114	camo.githubusercontent.com
127	raw.githubusercontent.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
51	api.ipify.org
53	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2828415587-3732861812-1919322417-1000\{79246B5B-756F-4FC6-8C53-D3132004AD67}	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2916	msedge.exe
2916	msedge.exe
612	msedge.exe
612	msedge.exe
3624	msedge.exe
3624	msedge.exe
1048	identity_helper.exe
1048	identity_helper.exe
5064	msedge.exe
5064	msedge.exe
5716	msedge.exe
5716	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 4964	612	msedge.exe	68
PID 612 wrote to memory of 4964	612	msedge.exe	68
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 416	612	msedge.exe	84
PID 612 wrote to memory of 2916	612	msedge.exe	85
PID 612 wrote to memory of 2916	612	msedge.exe	85
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86
PID 612 wrote to memory of 1116	612	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\aZB7o4816880563.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaff5746f8,0x7ffaff574708,0x7ffaff574718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2524 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:1388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5364 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6572 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5528 /prefetch:8
  2⤵
  PID:3384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7768500049984069456,664103126020835807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6328 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultfe9b6b36hdb7bh403eh9f13h00187674427a
1⤵
PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffaff5746f8,0x7ffaff574708,0x7ffaff574718
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,6313596934053820303,14794245181598005858,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  PID:5428

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65a51c92c2d26dd2285bfd6ed6d4d196

SHA1
8b795f63db5306246cc7ae3441c7058a86e4d211

SHA256
bb69ea4c761c6299b0abbc78f3728f19b37454a0b4eb607680ed202f29b4bb01

SHA512
6156dd7cec9fee04971c9a4c2a5826ba1bb3ef8b6511f1cdf17968c8e5a18bc0135510c2bd05cc26f3e7ae71f6e50400cf7bec536b78d9fa37ede6547cfa17e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce1273b7d5888e76f37ce0c65671804c

SHA1
e11b606e9109b3ec15b42cf5ac1a6b9345973818

SHA256
eb1ba494db2fa795a4c59a63441bd4306bdb362998f555cadfe6abec5fd18b8c

SHA512
899d6735ff5e29a3a9ee7af471a9167967174e022b8b76745ce39d2235f1b59f3aa277cc52af446c16144cce1f6c24f86b039e2ca678a9adac224e4232e23086

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
30KB

MD5
e28f931e111434efe069866a5b251d8b

SHA1
46f6c259db48adf8858631ab597a4092b542c47a

SHA256
7556137381b059f49b7272a5e2c341c184f59c95832e2d16c49e9b2ca05b7050

SHA512
017c644ae093f3da4d3c2d72b753a5c363f4de21afcd774c65d460d8d4981031f0704e844ba5cc51134717eab77f4974a8d7f3bbe10e38f11bf0d81fc66f8425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
eeb2da3dfe4dbfa17c25b4eb9319f982

SHA1
30a738a3f477b3655645873a98838424fabc8e21

SHA256
fbfee0384218b2d1ec02a67a3406c0f02194d5ce42471945fbaed8d03eaf13f3

SHA512
d014c72b432231b5253947d78b280c50eac93ab89a616db2e25ead807cab79d4cb88ffe49a2337efb9624f98e0d63b4834ab96f0d940654fc000868a845084fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9b497c386376612bb25ed67f84982fb6

SHA1
478e35f19b2ee6b90cdb67c9321a5c317151fd13

SHA256
1ebe68c668c809a5eb306309babc4e2165281fa2cf39a53246d9666061664d8b

SHA512
031cc4e7c04e2bce7c5ea8292abeaba0a1eb5c219897d9242cb2ba605cb0614e84006cf99645877145cce6c70ebf2b7dcb097381dc4fc80e0eb475e10d9f0512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2d0b104e2662eab8857ec29aca0a333b

SHA1
3f62c298ea6576e7191ede65ae0989688b6fb9cc

SHA256
dbe9e9c258c359de93b18eabaa829e7a4132f18e6adaceb2323e83745e7b4b78

SHA512
275026b4b2a33f08de46ad85b60bb25757cb03cfc114e2aee53a9d140070e65111964865c45d431f0f53239aee8aafd49d952562430d12205ad4b7385ed957eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cc2ed77c6800d7d1bf7eab0947248f35

SHA1
df5714c4cd23e4f3547c384067b46be6e7faf75c

SHA256
78f2609bcaafccb69002854da5316d95ea8f6c603b6bd796e0fcc861c67493b6

SHA512
9020bf45f35b229bf081616753d9460c40af316b61c13ec800c620e3c9970475da16c20c8db8a69208050d0aa4bddbab962c9d4f41231d46fbd0894f9af8fe21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
caaffd9728d88acd64ba8f84f1c53592

SHA1
60a730f11198962b7db448b1b9219977d5d7ef3d

SHA256
57bf7cd872e7dcbbeee9c8439de423bdccc5d7557944d7bea66683db626e1412

SHA512
f4715f12d96fab481710a6dcf2a9840ba190244773772dcd9680c77329505fee2516d30acac3682b10f40a6e828694b0b8d69d4c67cf51e4b3763063a6e9e220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8f55dd2fa36de25aca25db102d6526d7

SHA1
a51578a4bd261aaba979e2ca522a522ee4d5959c

SHA256
3ecea322a36c1c469988cc2337fcacff351a31645e2286b0d6a371900bad11c7

SHA512
6e76526225b3aaa8d1a338668312ed8733ac51bbed4275379fdc1598fb355bf9fc672e1ccf224ff2af72ec7015cb385d4f6a85d1c1b6db3ebdd044a53cfdd7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b6b82b84a7030fe5d2911f953a7f6181

SHA1
ea5383bec4c80e548d7ef2fbe47b111baf09dab9

SHA256
7117741ec9f68685ac72e4ee5a2f29e67b23fdd3fd1b473c3fd3dd1a2ff0549c

SHA512
ebf9a789e3f5d3d4ff483f47c4117a7c3e148729317b2b1c7221ac8b1b902d5673fc0f7d7808423343bf03f51f1d997415119e6bd1fb3f7a52ca8b562b3f3eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f02a0b5492a4b4fb5b63b807aca63eed

SHA1
53ea09ea84e531c0139708600f935e8558a1c03f

SHA256
2b130bff611195c056dd2e59d7599c8d8f0aad0acb1579440d03ce493ebff224

SHA512
a89625ee698449f43cdb297e4f7dddd0560aa0a55de226ce0057afe2a3283dd1171aeab829843d0098681969149a7261e37d0144b8533c22eb3770020342e694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16ef060a330637f188b63a2a77ad615e

SHA1
7428ee619292ddabede133e05ec9abe5327044f3

SHA256
1babd179c45dfe0a17baee9f87d8f8bbfce15c394733f8a336253dac239a0fc4

SHA512
c14e35ca22c488102892aff9d0e05bc2350cb80ffa906d672564689bdf537cd378930b050be935ca0b541af5806d688495707b772826a05ca7a2dbcdaa84abc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf35f9ad0ceaa762f6f8ba44638e7c8d

SHA1
a4acb4a28f0d38fce1961f28d1c82ef61f5cb11a

SHA256
134ae9eb628272bb95a159f9ed863019a867c02b651ba3738eded6ee8602c616

SHA512
68581bf48af6831f1651a3d1d40d0304eb0fe52ddab1135fc5de9b604a0321779f3bc3cf2d442bf0c4a34c07115040fb2f0a5b18ebfc659a900adf016a0fd960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d11c7b218246426bbccc032eae8ad152

SHA1
101f0b15671006acbc8cb4bd3bdff44867c6f890

SHA256
021e6a490b80da4eae55f64baea86285d0896ab1068c1ab45f9c568def4a81eb

SHA512
a1d2d613084e312b6a09c091bf6f6c3243a6e157232613f231b0617fa22b96e6d2f025a53f43b6f710e46f1d3bd2a0320f8e1995a31c3e231655ae551b84d39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
37c688043e75ed9196da609e10b95db6

SHA1
083980133f1e0c1e3537d178288c389c70dfa80b

SHA256
39f0f6267d63ea30e321d32667d443107c2a4f63a2cb6330cba76d9574081747

SHA512
3dcbfce58de5cc5304b3d896da1ffc9cb1837a4f2da544916b1bb90a8d7db75ac663374c4b40e9f267e91aa51f000c34ffe61ae8d2948022cde3d4fcae0cfb26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6afb7858ecc323c8ac9656f7641b17a1

SHA1
1604f32a221157407098b06e2d620e6b833ab334

SHA256
0c025eadabdf7075dad8544da20ca411d84f069fd8ca64feb2d331ffc437797b

SHA512
b0969e5a03f253b3e82feb9989adf4dc7fa3596f69ac114739b32bc59ab7a3801a1a2c54264df43df42b65e651e018705930212c863f67ce26d80e5d4ad99e0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2aa9fe8b93db80d63f47748a602bce03

SHA1
548aa9767952a299b909884e99d4df8d5f062ea7

SHA256
cf2975cf6cecba3af26cc4eedc71ca6ae1df8acab560a7905009fe82972cd844

SHA512
de82d8f6eb3f30b1e05f80a3ad0d18e1803de5daccff0294f03b0a375cafb40daa9db51d749c3f0414da19c42c4e11096f88fcd78b77e19308f4c3e69fe19452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c573.TMP

Filesize
872B

MD5
8ee319f7735c5ac23de83b3726019ebc

SHA1
4b06e6725dfe9650f90c0d0ed70c53c0d4b71f86

SHA256
3063f2d186a29eec4c57a7235495166d1949265101dcdd724e1b64e408a8dfca

SHA512
8a8bd7d6ddebfe70f75722280857e739ba120cf31b0fa975b257251f6b1f5bfaa9e270e3ff3d84cd69126f3261d5ac85efdf47b0082f359a146abcc754e203d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5186a28a077afeda2d1075fa396dea2f

SHA1
d8388f6d7c122350875d71df38780918a00e22ff

SHA256
f7068b8e471d6ef53eb3bdb81453d3a003058ade9075300027748a11f5842fb4

SHA512
f926672afec18e0f5e782d21c51c5a17f03c90ab399828c1bb9fe3ebf5d1e433e312ef25619cbec29d582f8127da1256b7cf5de1f46a5a9ffe6ecf35d66583e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1455e2b07d0e3bbc7b2a169970897632

SHA1
fb9f1df6feb1d6b4592ef2d9dbfec3752c86158d

SHA256
bbb5f740f6fc906733d9bf36197f1ed006aaf7ce3e49bd36955c4b932ad89f17

SHA512
7af24a0a98d4ab00e9c3b29845e89d8bc40791e585f34fcea2e9632cfa686693989fd019286a384a7043ef07f2d30da87664a285656835ebcd7df6ef535d1883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e87a7c3c082fba13b7f8f0736a152404

SHA1
5796c9383629205fd359a8cb5986dfded2093f2c

SHA256
896284c32832ebe3b17d6d42162497858928b45dbc2804d5ae86c9dea98e1f75

SHA512
47351116691bdb85df86153fc9d459c010970c2f5b630c111097a44c631f069fc24338bc2f64321af93b919d628ff9fcdf6b32adabe4094e5e27be85d42521d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
256e59c5247f1cf8d38874f867a7d52c

SHA1
92b609e7114d3dbab59d56980ee9adcbfe8ae79c

SHA256
a542d6d398c4992ea28c250b81ae1bf1001335c3755180bb01a13e8e651f914c

SHA512
bc025080753acfd57ef95a6d11648fc550c91dd22d0140ef59834a2e1b18bf447af8a3b0c6dd364263430c5032d47b0847e5816dce178adcdae5ff3865400059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
51fd533b154fca7adc42235e9feb585c

SHA1
8977ba4c30e6c68c5cb1f97a57d86d33fc12445d

SHA256
53e5d2296edf037add7f77562bedd0d79de4beaa03c52b373a04f6f058c394c3

SHA512
a6dca2bd30c00d335d9e3ae99e91b102671b5641b1ebf9c415f8b09a807c256b71cf95cef22b3b1527c07710e3921b2d7b28d7b38a0cec1e77b0481ef608db4c

Download Submit
C:\Users\Admin\Downloads\YouAreAnIdiot.zip

Filesize
223KB

MD5
a7a51358ab9cdf1773b76bc2e25812d9

SHA1
9f3befe37f5fbe58bbb9476a811869c5410ee919

SHA256
817ae49d7329ea507f0a01bb8009b9698bbd2fbe5055c942536f73f4d1d2b612

SHA512
3adc88eec7f646e50be24d2322b146438350aad358b3939d6ec0cd700fa3e3c07f2b75c5cd5e0018721af8e2391b0f32138ab66369869aaaa055d9188b4aa38d

Download Submit