ceb7fe551a241719bc6f6baaab1c06e56c28939baae257b3d9c6b8b4c44f7f9a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
18/03/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d47aada7dbf3261e706595a2a3a0eb4d.html
Size

31KB
MD5

d47aada7dbf3261e706595a2a3a0eb4d
SHA1

d1828c396d795bc7424d0e84cd68e737ee407eab
SHA256

ceb7fe551a241719bc6f6baaab1c06e56c28939baae257b3d9c6b8b4c44f7f9a
SHA512

e88aee547d3c277ef6850766b0676c3aaf7d8de59cb5ac9c90e6c69bc566475e71e560581b4db2feda98d2613b8285b76963cd1dbf6a3f76300698e23260779c
SSDEEP

384:YdBGItkiAo06+Vpi3ITdEnEVKjWA+7ud8hl2DpcL61IWLJAcB5D51IV3aFm7mBAh:YdBTPz06jIB4I6WBEedEERnFT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3316	msedge.exe
3316	msedge.exe
2472	msedge.exe
2472	msedge.exe
5772	identity_helper.exe
5772	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe
2472	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 4908	2472	msedge.exe	88
PID 2472 wrote to memory of 4908	2472	msedge.exe	88
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 1460	2472	msedge.exe	89
PID 2472 wrote to memory of 3316	2472	msedge.exe	90
PID 2472 wrote to memory of 3316	2472	msedge.exe	90
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91
PID 2472 wrote to memory of 920	2472	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d47aada7dbf3261e706595a2a3a0eb4d.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff361146f8,0x7fff36114708,0x7fff36114718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2320 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6820 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,17027883573398090095,1872904048754656617,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7104 /prefetch:1
  2⤵
  PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
30be678c3eeac810a11baebd8e7ca39d

SHA1
a7759bdbd6d81bda5addb7d297125faf8d162712

SHA256
b631fd3a2cedbe8626956c3f914a4b338372f77b38d7f477fb2a1a03873bc69d

SHA512
150902c52cb87ae836bd6ecf64a7940f86d7971105b6baa1a9f28239d439028ae9f65b7b0a03e846eff8eec5b861f328f12e2dcb8e209a26d4dddb5074360ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
221f46fd9af3d8e0cc9bc169e6d3f422

SHA1
ab929180f9ffc3ba6e0f509b9a0a09b9fc97c140

SHA256
be7a1539d949e974ab592648b5fb9673925b06bacc0e522bfde78ecbd18fe5de

SHA512
df1f34fbdeb74bcbea78397b5d25b1b99fb3a93f24db4751b5f135d4164e2d313dab66c4c0556e3e693b8e6704cf76b544c98c09ef717be361648c6535c0082a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
930d7feaeb6e8fbd5e230ecb9206904c

SHA1
1e31d5357a59b6cd6d3927056c408731199fb349

SHA256
d47a3f10b423f6b29e1fbc3b65fda2a9c6a33a5160a572449ea2ef5fffd90dd4

SHA512
a1c94650eb36eb7a77cbbaac03eccb26b02a0b577c1bbf3a651e9eabc30bf9fcad3d555817ebdea0c0cd07f35b438a3ff610431b80be1c43f06de5d630655b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
20d15efcf8235e7f32980e3161f48905

SHA1
68768c3e2c5c8ac39f32de2d1f1f11ce9b3abf27

SHA256
73b24b94731c554225f9ad29dc86b9b6901885e85380936333ff580fd4a0b21d

SHA512
f21096a9bd9eb05b4d8fe8dc242ec027be53c528e5c558628829b4ebee5280006ebbffd69f49e10245a6bdc824416fd4307898c0ff768a2cb51aac6045a507a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
aa7b9a4a3bfdbe6f5d11ad5594598e62

SHA1
2995b37064eda9e2d90c665b63458883edf11132

SHA256
bdc86a4c3f4b7474fc09e4c0910b44ec33d0ad9a1f906c1f378d3dc3210bbec0

SHA512
f653ccaa39c33c744299a651c428e464510745822d04c4e1f2c4f5315d61cabb1be88bbd60362a792fad6444411e5b2e3fced1a98f63cd8dd72d26765efc8740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f4e5befee1d59411fa0e2bc191666c0

SHA1
b483dd4755e4ce1091181e4b7f3e4c22871b13eb

SHA256
ce4e81671b244b96fb202035b161c496c22f9e60f5fb257aa71ff0d3e4aaf335

SHA512
31678a8a1a8a1ec049c45990368f2f03de58fc315c147aaae0971cdada678529ca8361fcf3bbf4584bada44390afbe6e180b11dd5a0644d668a27be12d1655b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1cf8f5efb044a4b13d7faf629535f62a

SHA1
a5444e32de91c5dc79e237361686647e70cf64a1

SHA256
dab0e41fb014d63492fbd725ee73b69f23b49ecdfd299e53aff8f0da1208e811

SHA512
0982f27d2a3beae25612973f347c2fd4580624d1a58e8e27f8229718ae1ca0f90563fc9a97dedd9c68befcbadde645a135de19d368f2c13f47af9f9f7a65fcc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
51c6b8fec06b5bd95f67e3775b638e12

SHA1
98d11d17c972680c8322c1b463deebc68f6fb597

SHA256
a7e1749c434a976ca52ea337cedb595ae981c77bda5baee5cd86d2ddf0bbc01d

SHA512
29b356dd804e6833bbdf871c131ff9d5c03a39230fe1b478cf3edb7235f097d9f950e772637e68e0030b4c64a8ea64c024e1a2a3dea8937f552691791e289944

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d23b22a7fd8de52b090a0f6c38e95b16

SHA1
5aff6fb2f587040bc8917443a74903ae0d00c72f

SHA256
7f5321e5ac3fb17421c4d0e3406d2967812a5e38f30544935c5b8898800aac7b

SHA512
104cd17fff3576edeb6052f4f212400405304aa7ba1a708057aa7e0423fbe72f867ef73e2526705c215b1d761abf8648208eb9e8ce2c91b9a50d9cef6e8300ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b4211ef871b255fea0a369e496a592eb

SHA1
29d55efbef6b238151e06227beb9246c2053e429

SHA256
e398dec3fedb7f2596088920a23d5951cd4fa3235feb864fba01077f7cdd3934

SHA512
85c6945233bc05ffa0fbf011501bd21568b61d44bc5186baec195900dce0154888a3e9139b67b42396b10aba0e165a48624d7a2aed3917a31e8c969973b3c765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
935ad6bef3f8a628dfb9dd198e352bcc

SHA1
55d3c05177b4a9f84237774610f98af866697ea4

SHA256
3b7ac16478d40aa494bb304fe9707f35c08e96d66ed1ce6ab8873597d83b14f5

SHA512
428a97d70f971197c1e0286075133a72ef0b90b5e223ed61a4f4bedc98dca8e6f8a25e5e7ed1178adfa9a63a43f47efa8a54800a5597a6a59f1d7ecc19d3e7cc

Download Submit