hxxp://blob[:]hxxps://github[.]com/ebef803d-ff66-416b-b817-29077b40ed1c

Resubmissions

24-04-2024 15:34

240424-sz7wysce91 1

24-04-2024 15:31

240424-sx1pvsce5v 10

24-04-2024 15:26

240424-svmp8acd7y 6

Analysis

max time kernel
189s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
24-04-2024 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

Processes:

flow	ioc
191	camo.githubusercontent.com
192	raw.githubusercontent.com
187	camo.githubusercontent.com
188	raw.githubusercontent.com
189	camo.githubusercontent.com
190	camo.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2177723727-746291240-1644359950-1000\{12CD7920-205A-427B-9C4E-5CF3EE3391A6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
4640	msedge.exe
4640	msedge.exe
2388	msedge.exe
2388	msedge.exe
1616	identity_helper.exe
1616	identity_helper.exe
5968	msedge.exe
5968	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe
5868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exe

pid	process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

Processes:

msedge.exe

pid	process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exe

pid	process
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe
2388	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2388 wrote to memory of 3316	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3316	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 3464	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 4640	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 4640	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe
PID 2388 wrote to memory of 5076	2388	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://blob:https://github.com/ebef803d-ff66-416b-b817-29077b40ed1c
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xe0,0x108,0x7ff981f946f8,0x7ff981f94708,0x7ff981f94718
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5692 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:5540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:5812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5852 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,6519369622546693793,18314135515620420458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1736 /prefetch:8
  2⤵
  PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3760

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e36b219dcae7d32ec82cec3245512f80

SHA1
6b2bd46e4f6628d66f7ec4b5c399b8c9115a9466

SHA256
16bc6f47bbfbd4e54c3163dafe784486b72d0b78e6ea3593122edb338448a27b

SHA512
fc539c461d87141a180cf71bb6a636c75517e5e7226e76b71fd64e834dcacc88fcaaa92a9a00999bc0afc4fb93b7304b068000f14653c05ff03dd7baef3f225c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
559ff144c30d6a7102ec298fb7c261c4

SHA1
badecb08f9a6c849ce5b30c348156b45ac9120b9

SHA256
5444032cb994b90287c0262f2fba16f38e339073fd89aa3ab2592dfebc3e6f10

SHA512
3a45661fc29e312aa643a12447bffdab83128fe5124077a870090081af6aaa4cf0bd021889ab1df5cd40f44adb055b1394b31313515c2929f714824c89fd0f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e0a1f5f-5a54-43cc-996e-0e046bfc6fa4.tmp

Filesize
1KB

MD5
f1881679ff7058331116dac1dc984744

SHA1
8f4d0f3bf4c014a01e0faf2c16559c8f8d35df25

SHA256
22c5a95185edfc534c36486e3cea4c40470163e5731ae545980d8e73dce5761b

SHA512
e08b8270c7d9abe45c3f17c3f387033f7f7783a71d16ca1c971418a474771070ccc6a3be952264505f649bb8947b2dd4282cad8d2b450c88eee68d7f17a9fac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
d7e863d09f4b278488a9b7a869a189b3

SHA1
514028c5d64c7ef1a1dc4cd1cf0d68c87bba250b

SHA256
5a61b7622e1e677b3d859c0236a03dd29bf2eb95c94a8e564e161acee4b36f59

SHA512
17015b3161c0bb16be1255a368134491390a21690f0b0552a3a384173e2a1f58257dbc7f154d9c4f19efeba5fabc578f0046578e50abc857c5ef66c741709796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f72545f00418380cb180f4f0b2012a6f

SHA1
af26faa8ae919959e233ae1671b1e100b04a3d3a

SHA256
5078478d157aa95c9b966c6f22fad728162c738db16f6f686ffaf22937b379e8

SHA512
33a967dcb3f70efbd7e962b2af98e16b43de39ab04260ef6a22c89f3705ef4aaa03aed24b881cd3e4c460bc8379cfa09cbdc6cfc5dc31994a58e48d4f01e07c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c771e0992a81874f6513c8a38b3f33a7

SHA1
894fc359aed41b12ee4514bb6f78b143719a0dce

SHA256
bf86fa1d51ae7710c728dc185368c02b60136b0108ce88f7912fc85d2172cb14

SHA512
7c3d06dafd9e7c51ff7b39da188e89eaae88c78491ab2d783c562134c8f379d2a1df6e3357ac9836b869b47bde2a8044cb302c24c963446de4d8ee9c180a8481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2d4cc7e6eb037059fc593b57d1817e90

SHA1
941274a03ee002e015f0d162de2f84ce30f8127a

SHA256
6a61dd21d6ec928275ae406929384d46c898b2b7bc5a397b659119b0b72d8fc2

SHA512
51d136612215c2230fe33f704570df1491bf6c96cabde52e05703b7c15b265f4c6a474b2f417a9bccd1f41900fbcc4b29b94314e557793e90a9b30506fa0a7bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
cb22178e04a26a38ca31b0e425bf322c

SHA1
277b5a94ede73aa1774ff1bed8b25fd47eaa08c2

SHA256
261934d1703df87a5a712500b80ed6d67da22541658a45e967a04697d2b9c56b

SHA512
54c03b6a9938a814f6bf73974d088269efeae3991f06c3ab345981e08bfb7678fbb8529387a44ccf98bf49f47d1943c8cbc7b1cf18f710abc7141c03061c515a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
951B

MD5
3efe05e7628f6ff6b7736e3a87fe9440

SHA1
947031ca8d32548f6e30d227a5e82af96cdb4547

SHA256
d7061c33a0e90c223043c7e04cd6b30fe9d18d1dd2e27b247e33564f42665c21

SHA512
7f5e3386076f9cda429259e9dc1baf8a69bfce3e42a9910801b002a0028db50bd06e0ca9d6ca0763c85429e6d61ffbf55c65f4fe56862dd4420ddedf51422735

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
398B

MD5
3143c4752ad498fdd8c908c94040c89d

SHA1
cef57bac8192e4441c06fd7d9ff9a4f420e6f23c

SHA256
7fe0ff757daa415417e32c934f9738a18d661361a62fa7fd105367a1e0f51365

SHA512
a9b26402896f6ecdd0501a606ec524ee526838893e97372f7a7fac8812a50607af59254674c74c4911eacd72bb0cae2f17537bdd69fe83fcf3844e76b922c89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
027a840172cdff40324f2ae72010888b

SHA1
f476f4857f232cc16dbd5a3a90a48c4e8eef3461

SHA256
9bac381750c727a6218116645788318ddb7fe7453909885cf84e08069d89fab9

SHA512
a9619ec9595a0cbce728d2b8e9aff9ce19e9b83ea65be139ad789b8f3c1aebd25efcc122201230c91f880b5bb8a6a8c9cdf53596511a9b490f3cc76092d3e15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8dd8d3e2def650eff4bb86b33b54b6a9

SHA1
9019d22ba8b7714edc6415abcbddd6df9ce3b24a

SHA256
43e120bc3357a9a4871d154ae2f687498981aebf497e6a984da391c584c6ec35

SHA512
ee8ddc2d3f0d5141e30cd8a5e3e2d4c28477f01acf5bdb9efdd0cc2d89e0f68721d516e2246b12710e1ca7402896b1d312d93c28b552a10cb001364c297e003e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b48c38a37f78f9f4cfac4ced13d08f32

SHA1
63a0dd7584d9c88e93ad6a914bafc93adf1a6750

SHA256
e0547082fef599ccd30eb8897338ade7790e1c27d8ad602cb6a51e3a0479667b

SHA512
f4af21336eff6aa63263de0307c38e998114d08a3224983f2fa98826bbf66a852bcc98a4150d1b934959c3647b0fc0094835783741560273f1135dd55c551d4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
da0d486d0394229420bec2d6a9aee72e

SHA1
0d0e0d177dfa31c98afb0738a6b6433cbf5ba7d3

SHA256
f32269f3aff60f085ae11f32a0ce307cce967cccc98f7aa4483b0fa04712f3a7

SHA512
ba97d268c252dbc70c01b775f5100a677b16ccc8652a80f370690ec9325fd0e5bf8bb862657a4f55c9378b3df6dd52b2076eb03c058faeed3a1bc77531b5ed8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c5b8068376594539043712e0f67c47a

SHA1
acefb24c0f4e62aafe8bba6dd4e18de5a4b2fdce

SHA256
f34d6fcd5948fcbc46f5dc26e31d00f0c509bc48929f6144df576b483bf41575

SHA512
183fa8b4ecb9d4a98ed4d487f2a29430c0f9fedb35dd46022b10d4921f52032c03aca8ea9ad1ca42342c4a838c2366dd09a21c30d7c77ea7a5602d94b465889d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ad21d07d1883d9845061ad6ec074ff6a

SHA1
415fc3d0bb41e94190f7ce792693cf3274e188f2

SHA256
7a5ae8b96ea5a3d9f0306314f9a36ad5f21d826d0cce7ee6fa04e1e01d95bf3e

SHA512
39e82c0b99863901294cbbcf85f16d76c11bd4cb4b513a9464344d5f51d25ca2eb93619766f74a916925e4d2c154b78cb375012a74ce482e186400a04d93a733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7bbb966c6711e7b475170ea8e31931d3

SHA1
ab89542544ac21fe02fac2c6e4fb096446ad2cd6

SHA256
b961fd33dff5b254bcffcea2086b16d622bfe462899c3a8707693638e80d8672

SHA512
b45108785d5e83a24fc9e457e4cce2bba346adf97535d13000fbe87678727641c20bf6b39c1147aa9b87d2fffb230f8a98da3028684e30c572f92497749cd40d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61b57d6da45c785b4b6ce3b5bac36500

SHA1
9881d664519a26e87e42195dc94eae26d83cb295

SHA256
cef0b3edfc88ebbc56e1631442151a709b8d0b6ed8197630a50e567435657288

SHA512
70e6c7335f61b62197061d4695dfec5457541258120b86685168b5bcf32d11a6bc3e1aadbd1b653bc62f7384fcfa29debd93db1ec11c9d9e0fb18666623e4860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1975d01a1175e5114ab216468962e89b

SHA1
6c4a8cf25f362297efbe1469e0e8cb9587ddb13c

SHA256
f8ddaeff0bf2c9d9443b309177efe76285ab8f016b62ccb7a1b359064f2b1b24

SHA512
f24ba3155b1dc49dfd6d2770bbfb46cfae40daf4c1be6de7af1a40d02ce938b5231f0f886c5867bd8c9a6adf08cfae029fe2c1ea7840a256800f7517bac568c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
534B

MD5
99983888388358e16fdbdc152ba47e22

SHA1
fa795a84f8f9923c6cd16083d7fa15beb07ef949

SHA256
72565852b17c19350be68a6b35c709533a5f5ed9ba64ac9cc50bbc4b1025cea3

SHA512
e05f9cb828b7c215206a49de35286a92128d95e534a4476a37925a415443fd9b3b7bf685f2f2e1051c30108173edd6cc8bce760350f59af108ca2b31bc9b1d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58def1.TMP

Filesize
536B

MD5
38cd85aa3b0947067c43c665b57a9de0

SHA1
fc683f1e583f4862bde058e2344aa4b3a1816ba3

SHA256
eb62bc682ae5aa342a1e7d230d8f261e342c0cae7f0fd3e7fcbc566d2166a3fe

SHA512
6def596da40455071e22c1f67906d11a2045223c60f21d4a76ffb69aca53bd4a68c3a30851a681036b3bc51a98c553493f2299d6febe64c31de7a914960b46ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0dd5e9134b709b851f1934827097d6f1

SHA1
af76f7bc2465a78fbe96a4499495d691621d1d53

SHA256
ff2610bb747d9de8582d4d54bc75b02ac970476e30a2c623217d50957ba87d0f

SHA512
97e97718f18a50499910bdd198151abe8f9b71dbd0abcc431ab2c9f92f744b213e05cc2e2f14e4c218a5d2f4ee367c0e22fcb4b24f333df8e346f272f599bbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9ad66d577ae703ea046aef6942c55568

SHA1
9c8f1ab3f0b8a0c23226cd2c59ef4b87c73194c3

SHA256
a1c56105b650a3567ee18a1ae32cc1d50f6354f60e74bc91fa5b138657b4eed9

SHA512
71c2b0ed3230543427f9db22729ab585a01d944529aaf45db46b817c746f675852295e300d8931ea90a20ac732f2428bb8fd29003a9d4d5d331e887e6162a14b

Download Submit
C:\Users\Admin\Downloads\satan.zip

Filesize
143KB

MD5
d309e1391579364a758c67fafb3b6e8a

SHA1
d36d77044dce9a03766fce192629e6d2bc2e8dd5

SHA256
595e2825095b12ddfba4ee6f98f4f6cb1ff1fbc37a3b3191b2fc203d486ba163

SHA512
b1c5af6894983c58564a2b3b63e36edf0a2e5f6e6ab5268030eaf3027326dc2a9fc31e449a7dd12078a0e878afa753872e309e0e16bb58997e7fd3b8c03aa6cb

Download Submit
\??\pipe\LOCAL\crashpad_2388_SBJCBGHLRUVBVKDG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit