hxxp://ftgh | Triage

Analysis

max time kernel
600s
max time network
558s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/03/2024, 19:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://ftgh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1497073144-2389943819-3385106915-1000\{B65AB753-F1E8-4B15-945D-9AC8DBC24357}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3928	msedge.exe
3928	msedge.exe
832	msedge.exe
832	msedge.exe
4340	identity_helper.exe
4340	identity_helper.exe
4968	msedge.exe
4968	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe
4832	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe
832	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 624	832	msedge.exe	85
PID 832 wrote to memory of 624	832	msedge.exe	85
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 4392	832	msedge.exe	86
PID 832 wrote to memory of 3928	832	msedge.exe	87
PID 832 wrote to memory of 3928	832	msedge.exe	87
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88
PID 832 wrote to memory of 3900	832	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://ftgh
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa73e346f8,0x7ffa73e34708,0x7ffa73e34718
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3448 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2984 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=6532 /prefetch:6
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6548 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2092,9434618588319359013,2334019635047942515,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=3312 /prefetch:6
  2⤵
  PID:372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:212

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x468 0x41c
1⤵
PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4d6e17218d9a99976d1a14c6f6944c96

SHA1
9e54a19d6c61d99ac8759c5f07b2f0d5faab447f

SHA256
32e343d2794af8bc6f2f7c905b5df11d53db4ad8922b92ad5e7cc9c856509d93

SHA512
3fa166b3e2d1236298d8dda7071a6fcf2bde283f181b8b0a07c0bb8ba756d6f55fa8a847ca5286d4dbabc6dace67e842a118866320ac01bd5f93cccd3a032e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bc7c5e9-a0b0-4e84-8b4f-9214eeda3285.tmp

Filesize
6KB

MD5
9a9082a9ff881292a09628b8814f4ce2

SHA1
a35ae862a9c4ad49639971a4ea38663ec18cba92

SHA256
5e2f8fb144348efff5af169e94ec05895b261684bdb4f372c6464d19624e76bd

SHA512
71603bcac54597663d466f3045f3f67118647a667dac792bb3966dbc550e1ca601a42631a65ce20286b596d9623e576b19f62fb5ccb6b3bddf5ea76b4785425d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
34KB

MD5
3060ac80130d23555fadf4515e40ff70

SHA1
3cfc80c3d60d120a06b9ed55f3e8e51fd8859d9e

SHA256
d910d04b57829fd461019430e1d095960a5c0c5b377533c084430be5cb7b6186

SHA512
b1f1a86324c9e34b7eaa1b28badbe3ee4fdc1ff8707451f0f05e6e2abe78d308993f00817f42aa901ce800cbc7507ec0bc8b2a747cb36b96b5b12b40eb1ae7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
2d21a8d9db851866c6027b830ac737f1

SHA1
859824d423a9e61510c3767330f8f457eed41598

SHA256
c35991447bbbc072db4c275cd94135b49ed780e40499a27e1bc6ef2abf978107

SHA512
77b58079f9cfa9aee4fe266bac4ed660a31659566ffa01012be19122e300d7f618876b7edb2ec0c77648af4e8d6be781fda472407b32bc9d172dbe1a45c00b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dce0d50ef7a53571116b44d8d6178e1d

SHA1
ea87e0c68d639b1462150fff85166e49c1e7d16a

SHA256
760142b2bac34d6995b2db5d81778df6e3a7610ec24c1964c769d8e379330b5a

SHA512
9546fd37c3174e8e1f759c8786a43ad0df9925cefc737020cce3371f213831b007d9ff330f321841fefdca2fce14fe911125478d26c8af9f0316c58e5eab65bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0732d33d08ec3b5d3b1e252ae3f7a5f3

SHA1
9a5d7476f4871a967bef8fe77f2101124bb491a3

SHA256
754ed1ec846533a8673c057d22c2e426c3b1051aa0a30ccd3b576ee81bc4075a

SHA512
79e654d7012744ea43f94bc2dc61e2c2f8d9556ca48ab9c482d60c5f33f32fc556c51241a9bd7d68573949d03b646e9908684e9b7ab50e8275666c84711b6959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1013B

MD5
61522608937cf3771f0271c7632154c2

SHA1
f61c52cc3024e9c932cd770ad0304ed717875bf1

SHA256
64406d0f3eb8ea9065814d58c3c8a5d3c127f26539e9d59c1cb297a080bd2b81

SHA512
6b148d77e94c78eb8b8ac9e03a93a3f6385c9a05226449f86aed4bf661fa405f06f5626a13f0e6a987afb5f93d0feb9b1ef1f909b2160ccd2523be6f4bec90fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
481B

MD5
3aa75cc09950c60422b62eec13219a0f

SHA1
44ad539de11d19df072d1449d2625c8017af9bc9

SHA256
ec7922a690fe4acccae83f5ad5338b2ee953c66ae9fe729adcfd4684b2d99a13

SHA512
2183fb2b27b50cbdc6a5ea40e56aedd0ee7324315fae83354b7de10b7079af75a866803f95398ea1dfa5071014bf4241a52b1827fb67a32a9ff1a45772b157c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fec42cc3d980e9c1d1eec245622de84c

SHA1
0b4200b7c918a5016d165a63fbbc45f18ff33ad2

SHA256
39944cdd39a01504a41ca7cae0fed57f5e69e887dceb0368b176e7360396548e

SHA512
d9ba884a21a6105c5e78665733d591c4d6cdb0940db4c8b0d1258f868c38564821c2d68de17cb2744073b6169e899cebb9c6d295b42a0f9c2dea79dce73ae7d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56092017f7dff26bff83d3a99ad81f71

SHA1
b4fd02a7430c49d2383291ed902b2d51958cedd7

SHA256
97434de1217c73f68be1691d024253c8ca57e2b250179e8a41d2406121c5e30b

SHA512
df4daa5b9ff262838cbf7f9308a55b2ccbc04c95226225850a1178c03b12acc4e8d1062132d31fd337015c15a71ffd33741e395f288399c6cf09b91f770954b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95013e1833436547ae943e0084d1fbe5

SHA1
63adf1f3b8732c6b1c7d43493c238ad50c6cc1f1

SHA256
1ae52f0304b7f64bea618859b55cdb0b5d0082378c828860d4ecea8cdbddfee6

SHA512
389acfb803065f46496901235740a844c39c6ff311e45ce0d648a876291ff5a5398f3d92fc35489f776dec9ee1f6056c4a3f70c0052896f13c144c85d19d99ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2d3071a834ca75aa29adae63502ab3f2

SHA1
80b4208769893eb29a8fd3a0367666e71f8fb91a

SHA256
fce2924bd90680332576e9ec0ec9791b7220929b3c820bd893be41b488638ffb

SHA512
b78da485e0f4a6649e1d09d4959f152036755c3bd0aed5ab07951fb8214cb30968b2ba4c66c5b0a3cd5af7db1c5ce3b8cf530f5c0abb0c793204f6c6aaf9ebfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89e35f3f78b2dd9e686048b6d80cdfaa

SHA1
af0ed8865d6f96538816971ebae47f34cb15a971

SHA256
781a4a6e83b49081dd035deaa39ae020d75c83517f1408bf76fafcc886c3c058

SHA512
c254a931cc238e6d46c2b93465b7f72bc6b155a7170acf137d6be73f7a48fc0c3723333afa57d86394fd0daacac40da12bad8e04fd388703ab318e3c7cd3b396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4638135c602de0c38abe4d482c82fe9

SHA1
b89daabba68a70eebcf45f0485f1dd6026e7d2a8

SHA256
94009aaaac62bb1fd37e1b91f120d232491f41987e0d396de2ddba3498149185

SHA512
479aaca14a0d609a0cc94b7594dbeffa3181c09b148ed6098ea386d0843afd3c3baba24c2752031755b4d25ddcab0ca852278880ccc3781bae3fa704358d944d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ea3ea09458bd376d9af2379600c920e7

SHA1
c0fe4d45c9c9a5f75b8779522aff26ed8b25bd85

SHA256
b03d5719e3acae2173adfc5ff5a1ab5c4d9530c0ce6094fb1704e8c7736b735d

SHA512
316f04b83d3bd6375e968649735095902992f030ab17ecd2c2a89a4b0ec2fd0d3dc5ff3d605e8059fa2a174c2b9ac02dae863ee619aafeea601b7a7d98a77a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6c5126beef8cc4cde83835795a5e100e

SHA1
82b6cb2b89a908c65fee5765fc0192f801a9ac4c

SHA256
5d09b87de7c62879000fc00d06b6eaf3cf04f32b38a489b49ffcc1f44a071f3c

SHA512
7fa54cba9bec37a774a1bdc55ea717a47ad8fab01a6b62237e4b287e3a4f70bbd66bd225ac386de18c1920a538f1505b6431d91da7afe811b9163701cddf0051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7b2f342ca4e03076ae040d9fc3758f4a

SHA1
becb7273aa43b8a2650382ed0c6d4a2918ca8af6

SHA256
fa5c806215718be5ac1ff4b22deb98c0026c8eb212ee69ddaba4d41a5976fad8

SHA512
94cdbb97ac818da480e0aa61b702a29192079af23d4f31c0c2296b9c4eac1709e3d2d0851fdefc9ff686786f2afdf309cd7e0408f0878d62db5b7b99eda0265a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b81b8372bb2ea5d68ac41cf0514910c

SHA1
e0d04ce97a56cf35359489c3b03216abf5635233

SHA256
14b94f89759404d315751b03d69b4510ca9322adeac7adf52f6f59cd433ea0bb

SHA512
444fd46815bb96a77b9a1f9367d3dafb78019f83f810b46ff3521d2a0e7fd5d6acceabd3f1c3c4cbd58aad3eef850e21e5ecb1e4681466cf856b6a92c96d1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ce0b9b5990d18844debe98efa76d65c

SHA1
34fe195f0f11a72f93f8fef90a1a1c8e2e83f712

SHA256
af320307a826cae798baac61c6402f2e186695c520532678f450ef3f5a729824

SHA512
e691af83be800c0227157aa42e5d0e74cb896c8305d6c630f4e127d4c801b9ef45758b4b5818f1feaffc77bb3c4239f535d29097cbeee323b29f0289d6c79bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
c2ef1d773c3f6f230cedf469f7e34059

SHA1
e410764405adcfead3338c8d0b29371fd1a3f292

SHA256
185450d538a894e4dcf55b428f506f3d7baa86664fbbc67afd6c255b65178521

SHA512
2ef93803da4d630916bed75d678382fd1c72bff1700a1a72e2612431c6d5e11410ced4eaf522b388028aeadb08e8a77513e16594e6ab081f6d6203e4caa7d549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
48fb5720cfa20339040158fadf0327a2

SHA1
a3d2faa6b71e1f7b0ee23246755cce70cd674194

SHA256
08778d16b8d14c40c767d7ea80ebba8a35e6ee1eb61490c9535e0a19bed93e78

SHA512
af106d335962869cbd3d35cae43bec923ef6f61e2d1eded639b5ef68ee00cf9bd9bc1cedc129cdc8d39622bbce5dea0df807ac7eec96a8c7550f712a26b45e04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59e229.TMP

Filesize
538B

MD5
4b042b42f7c677a1163eb3c338c9bcc5

SHA1
382507a9de5bab0b73768db8781131646d9f26e7

SHA256
3a55af15b67355845371a429f63d1afbe22f13d1c4b3fc602ddece1edae97026

SHA512
e6925477db14bd017a2dd1a51aa2d34f9103196eff221e0a5cd180f9d9f15bd9970e45648bb5bdff837e7ba334f65f935df2903d3ecf31728bb4ee597f59bbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
518619ab4e4da3615b8c7435853f0d79

SHA1
2645eba16c2b7c83f0288b5ff8358fabf47f85aa

SHA256
42effdfcaf4989a9f28780c16b7d8e3c6ce7b0f54ef111ae4ada8bdfd047f81b

SHA512
ba0add8db64fe1e8a802c801e0531c1a6c8b185d609f279677d598e63703b4a4f31f78af522f2a13fd97b0708c8cffcf6e746c811c810f5c03683919e8d01bad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
68398b9dd31d6300bd79a8a3918b11c2

SHA1
91c60be84fd5b0efdd8c8eae7581f4138d7bdb9f

SHA256
473bc741d4b1bce776b600ff763596ba43ea94f1d4cb352111c31b142643867c

SHA512
2f62efa92ed6ef7fdfbbddb9cb4c56579e96ca4a6df66124d0732b216893911c72ef392fc864f4cdaa1b34f02082b230b0848a9d6818863c19b434de48b85f42

Download Submit