hxxp://google[.]com

Analysis

max time kernel
1680s
max time network
1687s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
07/03/2024, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4181651180-3163410697-3990547336-1000\{748F6EAC-C6A5-47DF-BC17-3914BDBCD85A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
4072	msedge.exe
4072	msedge.exe
5088	msedge.exe
5088	msedge.exe
3284	identity_helper.exe
3284	identity_helper.exe
4944	msedge.exe
4944	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe
3040	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe
4072	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4072 wrote to memory of 4284	4072	msedge.exe	78
PID 4072 wrote to memory of 4284	4072	msedge.exe	78
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 2372	4072	msedge.exe	79
PID 4072 wrote to memory of 4384	4072	msedge.exe	80
PID 4072 wrote to memory of 4384	4072	msedge.exe	80
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81
PID 4072 wrote to memory of 3528	4072	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd657e3cb8,0x7ffd657e3cc8,0x7ffd657e3cd8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1244 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2592 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6240 /prefetch:8
  2⤵
  PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6252 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4972 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:1
  2⤵
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1864,2077596260057213021,693666704655574499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
  2⤵
  PID:2324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3b1e59e67b947d63336fe9c8a1a5cebc

SHA1
5dc7146555c05d8eb1c9680b1b5c98537dd19b91

SHA256
7fccd8c81f41a2684315ad9c86ef0861ecf1f2bf5d13050f760f52aef9b4a263

SHA512
2d9b8f574f7f669c109f7e0d9714b84798e07966341a0200baac01ed5939b611c7ff75bf1978fe06e37e813df277b092ba68051fae9ba997fd529962e2e5d7b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0e10a8550dceecf34b33a98b85d5fa0b

SHA1
357ed761cbff74e7f3f75cd15074b4f7f3bcdce0

SHA256
5694744f7e6c49068383af6569df880eed386f56062933708c8716f4221cac61

SHA512
fe6815e41c7643ddb7755cc542d478814f47acea5339df0b5265d9969d02c59ece6fc61150c6c75de3f4f59b052bc2a4f58a14caa3675daeb67955b4dc416d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
194KB

MD5
f5b4137b040ec6bd884feee514f7c176

SHA1
7897677377a9ced759be35a66fdee34b391ab0ff

SHA256
845aa24ba38524f33f097b0d9bae7d9112b01fa35c443be5ec1f7b0da23513e6

SHA512
813b764a5650e4e3d1574172dd5d6a26f72c0ba5c8af7b0d676c62bc1b245e4563952bf33663bffc02089127b76a67f9977b0a8f18eaef22d9b4aa3abaaa7c40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
88a552e6be1ac3978c49143983276b3a

SHA1
dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423

SHA256
927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5

SHA512
125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
31KB

MD5
bece038422ccc92d498cdb88950ed3cc

SHA1
743ef43ca2a84ec9d7a3aafd7550c3e6b0b48798

SHA256
c8f101aaa8ced4bf4d49828c264536ce42759e1dbf926c0628377b4939eabfd2

SHA512
b11014d24aec1f37ddc3160a5e15c8d17a365ee603e267405d38dd1afeb7e1df357b7ada92559ddec72df7d6e291dfce3f2b792320ae2a4f14e34dc2815933da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
1.2MB

MD5
0a3849594ffb16d685f21d9dc4444069

SHA1
0ff3dbcfe68dfdf69ef5b1c6082c4f79c43cbf73

SHA256
bce0badb8987ce9a460f090570b750408d7d04999d5a2d75ec7350623bc619cb

SHA512
8d6b552b9db633fc3ac685745f605f547e600ce5a0d98e890949892a582bc1cc0695dbf2d23817a1bbe51617322c3dace19a713f33389971e474207e396c6bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
81c7ce94f5fe288afc05a054d98e8e82

SHA1
76d0c996ce4e4172e529cba5b44eded1e24f69fb

SHA256
73387da8c0d3d23ac07735b62a77ceea8b7b91405eeb88fea7069b071a9cb6e6

SHA512
10802309f136ed21afda9920da3714c547212e90f08e18debc6b1bca5646688fd5e47ad3f54a8ff4abd8148f443bfac4fba749ef7352660bf4fede5a3e2e1085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
667cb939789419420bcbd5fd866d01bc

SHA1
fe381a780be70712ba932c98d914e76b8062db6a

SHA256
5a09c657135c8587e27852983353072e06504b3aaf4d9df09c26e952dbbb16a0

SHA512
847b8271d674a246e12efefb32e45ce26725c2f8a8cc4e037d957c1446d422e10cc69f4d050ae01c5a577375b4e447e529f9a75e5692d6eda80d78cd241c2c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7be55c38a6fa810c980f885061798a1a

SHA1
61cedcf55d81f349b63205da4a2e8f4f1342aa89

SHA256
27511d2acc3f4c9876554060e9b4557e328ae08f4c4d86f37432d9df52546b46

SHA512
c725e531ee08fd1337983df6f431dd1caaed737b6829c1f388a7516dea9e6210e6fafca87cb300c00c11e1d79df80fb0b5e7f54cc1138db8236f7c14f7b3ae22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
428d1639d14054d6bb38e02c9ff0a6db

SHA1
1fa7aae1d2a0ca99bd685719c0d2123ebb32da07

SHA256
0810ceb6a9692164823dbb0490a8b733ceb25a732d461f8fd9af2ff40f76c413

SHA512
e39e94d2356014ecd5e22f455ff8a282974eb23ef8f68f50e3be24c96b82f500bb22ffb16ddde770359ee4ebb8c915effa94656b8e364e823a2f971eeaabf1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
0d2937735d01df1ea0a58e4c49f96e67

SHA1
3220d65a04c3f5a9d56029b0c4d985be65786c85

SHA256
8034bf8fdd30fa34dfe88b8f4a661a911dc3942d112ad39d958c91a91691ee40

SHA512
b10c2ed8163b7a658d29e26802d177cc149bde60a475e899d31dd88c19d9c4a1d6fc71f0bdab19fb3cf0387ffc6b64f6c2249e6ad4db0a1dd9959994dbb2e58e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4dbf42101017589c6184092c596ee35e

SHA1
5226a18d2a1ec27c1aa33d6d757406fba175fdee

SHA256
13f5e8af72d793844c938eb61d61d9e8937191f33ab5612d0a0187717f59aef5

SHA512
4051c86b7d762f7f5c2d39d242da6799e8e35a8601e2e5f9434344588609ad3b5c2587af5507894f04c1177d3a563219f639e0852b742c7597fec3f173571039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
4dfc06f0511d9c0e668eb2a72d8e2212

SHA1
2d2bec7bcd0e853a38e50d59f24bb2459b2b01a2

SHA256
90b5b354c7581d1c9e1e50a5253fddbcd7553c2dedac4902c9dc902bb32b0599

SHA512
7fde6e6794ff21e6fe8e9d0ba6d33dda73aea7c2f3005531ed5a6e61c476a8ca766e35fd87b98692bb6ccde64ef8342eec9f6a431bceff46e1a2a6b6d2f9cd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
152f139778ffc1782f43c75e88c656b6

SHA1
981e50a7419cb9417d6f586055968cb4d2099fd7

SHA256
dd88b7bd7921a08b976c102405bcc700458b1a019301853569d7e33dd6e7ef62

SHA512
a766c768dedd9b262079fde710e45dc601fa5914401deec21d1f07505e2251f0795a4152049f52e83564c5c8a4e5e73d14abbe27a4d84b49bfa0e518a56d9913

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5d1861707a103a0f189f107e8deaba9

SHA1
d0b10c6afb3f6674d0c13fd1338e2fcdb22e26c9

SHA256
79531b9afa1a7f426683e7caf76eb91a68582165e24dacb7ef01071fbf305126

SHA512
b784100e2a0bb90990ac521501f365e74f5b29ab66011fa2f4516e058bcd13a67f63584462ffd4e6d032115c3fbd4d1621d7a3ca6c6894edf47af579237fa19d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0aa6f7aa46098a0ac028d8cd7ace108f

SHA1
59adef0c98d184dd86faa56e53bd7508ec7a2a88

SHA256
7f504fd8af86447e9ac3b931014829b9f0d29597ca46ee119febbb256f6e6b4b

SHA512
7dd1881febe36bb11b948bce9dfccc775ca7706cb617167f3ddb45b0e7e3cf268e3471a616967b795f1c35e73a479d18c7897000f8f52a896a3311d54eed0b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6e7b4e61a8e340fb5e182621f09bc330

SHA1
31b771acdea286e9cca200bf8bc5c3a3dd44db98

SHA256
f5e86f5f3eb55697c8716f0a3d93d1ae3314c254ce8e5fc0907d4deed0081131

SHA512
ff9e3cd47f964790e2c43f7f5ca039235c39c0c8c5c954c00b84e4b5ecd7986800034cbcf46ad5e47ecfb9b97d9bf870ca662df6439d0358448a5f31ba08ceeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f888f25c3478e4d4956ff294ddbc5b35

SHA1
9c20a17f441ad7a6cf13ebebd47785e69ada5f45

SHA256
7f1ac435f30980a9119efb323d1ae9b3baa0528822ba36a63299791c80a3229c

SHA512
609b6d365ac8806c909e5a605711eea1d95b014be36c67f5913c67e8606a76f017274b7561a3c5da4b305a98a8700d48691834d15c5ec4b847e496e80a760a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c65df90c91a003b236c94f8e6d0b2463

SHA1
ab10d76389e15675c323407ae53d2120cf2b1d72

SHA256
42842fbfd34c49d0d25046dc508034a2df3ee970ad51f1ee339f0abf8663430b

SHA512
4665efbc88bbb5a524d545ae08fd9c6cc2fb3406e7e245ae9a4871dce4fbbab759231e430d7572ef52e6a78e53fddcd275e27b508a58e82ab2720416c236cbf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
08fd473296361b855d150e6589c5828c

SHA1
413ece051fe4c902cc472a3a83793cbe3e4ccaa8

SHA256
e563cb63c959f7965155756eed52659e5910cbd5e6daf9e68e266c4d1b5a6e74

SHA512
0d447b5cf530f12f94346285da592333b820af08b7bb9202b0d11aa02a271c95ad7303bf571767ef0d11d85b931776ad4ac8447ece767c2faf71e70e6c964286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e0918d5956f40f8b0c0951b8ab5c2ab

SHA1
ceb502d028b715702ca76aefb81c7ba2a82fb8cf

SHA256
6cb0826a745e4ed5fc94f6e52936cf4c4129712314075a89f8bb3ca4ecb24acb

SHA512
d41510476bb89af4eb24f9fbef32946d21a4edc8b35eeb17ffc964cf7de55943f19f532db0a2dc2b46246ecb0fe877ecc6ffc5ca20d1255501b65a8d43a5ccdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
67ee55603d258dd5e389e91a3f05e47d

SHA1
35fd011bed510ac15695244cbb0c420a71c43ac8

SHA256
e2e66bef080bedcea5c7399c0866ba2d4a70f0892618ae2363726cfecfa499a8

SHA512
dc94fe1c1230ee6dc867979f7f9d0c5e429a8805031542779a07dd40e32c6dc77b357a89012fb0313dacba8251e3ce392cdb49e267a9df60647620f7ff4e45c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
02350b03498d720bf97e819551eecfc7

SHA1
d8ab19adf99f3fa60ae2e4c3b280723f48def62c

SHA256
4a6a1f3f4c2db6714a0481fc9366e285bdb42d8dee51a25fe3e5da18efa2bae1

SHA512
a8a7a3407f4a95057b392aa423961632f6be84056340e74a717d3577119caaac8769bcd076d3d33088e6fc46a481891269d6ca7d6f4a423654bcaf388a89fa90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b9c8365829a7dca18d1df393591bb4f0

SHA1
0f1336bc976fa29fd56a5fc945538406ecd7ebdc

SHA256
0be302afade2cf7bfab1525b64bce7c3508cef59d16fcb22a1d544ab0a5b5196

SHA512
5d32b9eade437922ff3c60cc5b8040d78483700a8c7098e2fd717d9c4b8bd15f9e0ce116740d4d821e340ea1d46c496d2d840c2814271385d3ad5489db8d319f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59624a.TMP

Filesize
371B

MD5
00fa9420c6d5647bc0608f6e47f9e6c1

SHA1
794561f553ce2ff143a75fcce39101b1d78f622e

SHA256
3cbc1f57ccf5ff66892f60f379a3e7b1a429307980a83f3474cbb98bc6d94b5f

SHA512
82d53164162612289ef71e141742f85bda14d08e57278be5d48c8f9c9744aa4df4d2b380c21e220345d3fc4027cf6458e2acb09a01bb661db97c282c07b5e503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22cd581ffcb847ae73e2ed5757a3aa68

SHA1
6853f72e10828c7372cf5c8fa1abe0817d90ce0b

SHA256
7ab207a2e1ffd01884e45f2b5ef7b859671501665f295703d001092ea48f1c02

SHA512
6883ba68730b9c4ad0ea504d5652226bff05c04017f1ed00265948f53a79a585ae1e938319d967560732c24c3c07d7eb69ea4fa0b742739747e289907cc0a60a

Download Submit