88314ed5ddebc9c1f87b88d3b1f56d55c991036cb09522d8c20f6e01b74c22e8

Resubmissions

22/02/2024, 17:01

240222-vjw6madc37 4

22/02/2024, 16:54

22/02/2024, 16:51

22/02/2024, 16:48

22/02/2024, 16:46

22/02/2024, 16:44

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 16:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

56KB
MD5

13f5ced3be33542807ff00edec69fad2
SHA1

5e2bcd38d5ab54d43043feada4c9dcf4e0928c06
SHA256

88314ed5ddebc9c1f87b88d3b1f56d55c991036cb09522d8c20f6e01b74c22e8
SHA512

ec40cbf6a87d9d74977bc7290cfff89b3e01857f7702eae67786f5ea4ae76c15eed22e233c545a30961fa4f730a748a06a63d40c3d7218b5abf55ed33cd243b6
SSDEEP

768:a3yvV72MqMZRfmzOt26Ws/g36Or9v96AgtWLyvV72MqgZRfZtWL/g36Or9v96AGE:a3akfxDeHfxh

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
82	camo.githubusercontent.com
86	camo.githubusercontent.com
130	raw.githubusercontent.com
131	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1414748551-1520717498-2956787782-1000\{4BBB5FA6-C4BC-4FAB-B7EF-B02C5B040647}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1748	msedge.exe
1748	msedge.exe
1052	msedge.exe
1052	msedge.exe
4148	identity_helper.exe
4148	identity_helper.exe
3800	msedge.exe
3800	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
1460	msedge.exe
1460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe
1052	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1052 wrote to memory of 3392	1052	msedge.exe	58
PID 1052 wrote to memory of 3392	1052	msedge.exe	58
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 344	1052	msedge.exe	89
PID 1052 wrote to memory of 1748	1052	msedge.exe	88
PID 1052 wrote to memory of 1748	1052	msedge.exe	88
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90
PID 1052 wrote to memory of 1796	1052	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaa69046f8,0x7ffaa6904708,0x7ffaa6904718
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2116,16765332897418267863,10566506502400319930,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5492 /prefetch:8
  2⤵
  PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1f6d41bf10dc1ec1ca4e14d350bbc0b1

SHA1
7a62b23dc3c19e16930b5108d209c4ec937d7dfb

SHA256
35947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770

SHA512
046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4254f7a8438af12de575e00b22651d6c

SHA1
a3c7bde09221129451a7bb42c1707f64b178e573

SHA256
7f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b

SHA512
e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
67745b2eb5c0231cc6b364029bd7ee83

SHA1
db8d336fa9e2588859dd8787de8c516aefcefd74

SHA256
44ec7a8852be3b962c249b212d932a4bb29ece8c3054269c31e7f5c1aaa14b10

SHA512
00a326aa46c586b26c8673c52848beae04a12037b8f5c0dabba5a38901a5d92db56509c95808b70039dc7691d6a767d68e01967d74982d35ff41b8fb1d90feee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8fee3df785fb2c74e492e0356de993db

SHA1
3a55f4dc862ef28d7dd401d00800d1a687642877

SHA256
0aef42474dc50ad4604e20d38387915ab85b5529dfc169e5d66f11a25d58cfd7

SHA512
a278bdce4ff0570424ca5cca85d8d2c4131143ab0bd1beeb3b63dbccbcd06bfb290a775046e2500e6c87ef8a88864821db44a64999164682580cd39d8d8b0f87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3cab0c623aa618bd65940bfa4122ca68

SHA1
9f37b7bd1b2189c00d80b7c25e3c5e7efd2f493b

SHA256
213f052c73ecfb9333eddfb22b1af613cbe47888bdcf5436425ee2a485cb3215

SHA512
fc3738ba26dac5231a20a63cc4a2cd5015e6fb37bcee3864bbe8816c5b24d6fdd75a7994ccc1271286d908cc8b78069dd9d2e63f95bf4cb4745b990ff5ff7557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
89701ca236f516806fdf591613080868

SHA1
57f5c3eaf2c27bde6c0bfdffc7287399b3eb5d85

SHA256
af14c9b1caecda33a662a6302a94c20a4d26f4e1f849da425bff46561a23b929

SHA512
b44e5ade75a6be13a6dc5552da9a0a67ab9d9cd822e5c3486a065150094877e02e4d8d91adc6705b4be893963410e1f5bf4b87973868b887543bf2b68b337051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
937B

MD5
ced784173e2bcae27229aa429fbd6bf0

SHA1
fc847773a3385359b170a2cb2ecb6c6f42444544

SHA256
e40dfc85ef9b57699f30f4068a098630ddf8d6cf71b48c952ec84826ab0ce36e

SHA512
3bcdfc5ac71fb81e5b77000ee74ad505769bda7108c9acfa00ade05995034be13dc6bb562d5f225044b73617cb08a13fb13d1a64e795096957b0c0d0f47bea9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1ef7aa51f53e6d98503ece607b612689

SHA1
6088246cb991329d2b29ed0f1264cd9b53a356f3

SHA256
0abf41b5fbdd50b2ce02287b9ce7455698e43054ec267c00cf9fe9e748b53a9f

SHA512
2c600db4786bdf18ed219e45e7ba5c60d2bf371a1a36e82ab9bf9f3f89decbd28654888e76189b08bf89d92c962f46fb1ccf285e2c5e0f2c3bba56689903f552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d91202c79e64eec0f5fa4f22d7a9796

SHA1
313e3f5efd4e3fe8d9025c4ec910b0fd452de6f4

SHA256
3908a7ff608585309e48168e697c3026d246afe59c248b41fca95e04f63110b9

SHA512
343d4a371ea73937ebce8ab13f31f51c33f54462fe965efc54c7668c833f095fc7999f5714e8c53f7aad785662e517c4aa3b51ab93bd776421946b456b6fd13f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d721a884a1a77e1526d2fd73c94c52f4

SHA1
b420411ced6e5cdaecd4384c18c2c86d1884a7d9

SHA256
5adf2906ac75292f778647d780f5844730460138bbc0633900efc9dc43bf4ca2

SHA512
59d41bd4a438c23e0030b4812ff03159543d562cd6a47a919820e45f937ac48e33d77f54d21ddb201d93cf978b67954ea1ed79d4c2d8729ca326abf4ac0e5e5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b2763d08069a278dc1bbe4b77c7ed7e

SHA1
f044f21920ecd28d5aa3eea6a6ef788675c4f250

SHA256
71534ec345fa53a6d98e59766efa234ff0f117223dddd90b8cf186d6961ba611

SHA512
4694b391db6e934a1223d3dc9b77da23623c784ac11eec84d8d934eb559c5d8ef08ada5f28fa2e998788388da7cd46844d9fa7d960c347e8b1c936b368aa0dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d76884fc9dc174903c734cbfd340502

SHA1
0c6ea9a4329a2173bf5aa538d850313231f42513

SHA256
8f4c86fcf90021e6e7f6fecd413282788af2113f38306cc0e6848c056d1dd8ec

SHA512
dc3ded19e40a460e3420eb98a16806ff968b8b19474a3e576e13f56e2d94847caa5177471712c60d655a1260f9b6225b02fc8d95b2d2e1f07d53465d81dd6aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9acfa952744e3bc91a3abd41de36cc56

SHA1
0820b4f9b8e92c59c4b1548f8d70fe075d093ac9

SHA256
50a9eb9f89106d5edbab9c8709973e59759730417976379f1cc0d3c77a69be34

SHA512
d34aeff8dc0c36d46c72970beb78092ff79270bd843e51f2c470fbf4ebd2cdfbc8969671ad436d1d24b71fe1cfdbb51800cc3538db47edfd39b6487679f54b7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
debc8447ab2e72f274dfb95269f4dcb9

SHA1
13ae55178145a7c3c1dbddcb62383dffe0b1ac8e

SHA256
6995ecb5f091b24cb4240176508b2f1375b2be023e737188b917c7b53c57d89c

SHA512
817c1dae0d6502d85f570ece57ecdad244ad93f10ec117ca297e75bdbc9ea152df034333732d31a6e97855556d5934d421ebfc64103e88ffc490e889724bdfa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2a5790d7c30e4e9ab2ee145ccff5e192

SHA1
eb04c432ece2945b1955bc225504910dd7d8cacf

SHA256
fa8de3507937991e9268413aaa51c07b68c0c093076385989bed4d9210e920c2

SHA512
7e08cb7240d21d7c66fed9a7c4d8998ae83ddbb5bc42d3b03ffe01e2113b8cf3d5df07937ba809829da08be7d109cd2d04f941004c672379743c136401fea522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1907bce4f26ce96a341fc74e4c606986

SHA1
5bd6b27fcb30b84dd27729c8a98ba2168b547ad0

SHA256
ea648c867cf6d814d75815c6a8cc5a3f1a2db2b4a57b748c0cd844fa4af00f51

SHA512
4af227b051052a3ccbcb16ad6a8042fe668911a52b563fefbcd19d5c35708e331b8cddb2bd2d75d4218197b6c815d181ed0475af1a8e81c07f5272374d01a709

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d92a.TMP

Filesize
534B

MD5
165be1735f119505344ef8e74868b8cc

SHA1
671f4d519e8da32281785b0dc6ccfcb8db47970c

SHA256
d344d7e005d123b9ff17e7c937bbfc2640e531865a6190e2b0dfe61ab881c57d

SHA512
c7764f596decb49453ffabed3fb03ce4e10a207aa52f7f7ac18110c6aafb0292eb50c19431a05538bd409f3c2529f1c1601e3cfe296d124323daa3d2cb8633b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
29c73a12ce0c9d5a7d2bb7f6e6bcf556

SHA1
292c103644d40c615e63525daf4e2710595d7568

SHA256
a2d288db78dfddbe548ac60bab4add80543b99e89b3b74bdd5d929df9819841b

SHA512
8273644e8b535e3982643f42db5077599228dd0b6a14f211b2e252b5c731f872ad1f413f5ce317e1ab5da75e08a9de88064d7d7277f4fe93ae4fb2f40cb5f76d

Download Submit
C:\Users\Admin\Downloads\WannaCrypt0r.zip

Filesize
3.3MB

MD5
e58fdd8b0ce47bcb8ffd89f4499d186d

SHA1
b7e2334ac6e1ad75e3744661bb590a2d1da98b03

SHA256
283f40e9d550833bec101a24fd6fd6fbd9937ed32a51392e818ffff662a1d30a

SHA512
95b6567b373efa6aec6a9bfd7af70ded86f8c72d3e8ba75f756024817815b830f54d18143b0be6de335dd0ca0afe722f88a4684663be5a84946bd30343d43a8c

Download Submit