hxxps://www[.]luckypatchers[.]com/download/

Resubmissions

12/05/2024, 22:37

240512-2jyg1sbe36 6

12/05/2024, 22:36

12/05/2024, 22:34

12/05/2024, 22:32

12/05/2024, 22:27

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.luckypatchers.com/download/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3906287020-2915474608-1755617787-1000\{7B6E629B-B4B4-4BE3-A8AA-9A1C6D3FAD5A}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1160	msedge.exe
1160	msedge.exe
3932	msedge.exe
3932	msedge.exe
3676	identity_helper.exe
3676	identity_helper.exe
4584	msedge.exe
4584	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe
3932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4200	3932	msedge.exe	83
PID 3932 wrote to memory of 4200	3932	msedge.exe	83
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 4312	3932	msedge.exe	84
PID 3932 wrote to memory of 1160	3932	msedge.exe	85
PID 3932 wrote to memory of 1160	3932	msedge.exe	85
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86
PID 3932 wrote to memory of 2396	3932	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.luckypatchers.com/download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee9a746f8,0x7ffee9a74708,0x7ffee9a74718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1716 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6612 /prefetch:8
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2308 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6572 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,6415909821403418845,2219367876952455992,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4 0x50c
1⤵
PID:3032

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6ffc9feb-6b6d-4e9f-9a4e-11503807b454.tmp

Filesize
5KB

MD5
353650c056da4e2e99c7d64f7f3f50a0

SHA1
ee4b37db98b045efb72f2997e9bba27632bf8a35

SHA256
e1f17f23e0e6dc16103845f147725570fabb6ea989e6c62bbdfb2580e8fbeb24

SHA512
fbf202e4fe843cdcaf9822126fa7e4e9ca5ba0ceb39badd1045ce1fd1d69c305b73efc78b90100be7f78b7103f4d8d1329432e562c1f762ad2699e0f08f23277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
83KB

MD5
6b27d92d6c8aad94222e6b1bc8c9d1df

SHA1
8b6bb552d72cba2862fd5e9841fafdcf9c813f17

SHA256
dbd4fe958243d4f91758898820c58ec1b99df8579b0bac9958b767adc179a557

SHA512
4bb72540db5ba1c4c68f710cf6c991d32e2769af7edf50d3d6d0deec52c6c9d7466e6c50ce839e3074ddd4370fe7267eaed4136ac1ed5c9765a96c462213a760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
73KB

MD5
3ca2d4d05fbdea3e3d9c78d5ca5d205a

SHA1
c79bb97944b03b6d7486272b28512185212e1dd3

SHA256
54b34a86effcf380e3ec70b25622ba8b1033be2454aed3ec10d8d762a32085e8

SHA512
a9737bdf0e4f52a099822a2dfc11c30a186f6504454fb3f2397d3bdd61a28b355120eef35e8d4fb9d921ae8d2f9b9d651c9b6f012e5651c52cb595f8a92fff2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
88KB

MD5
1a7dcdf5ed3afa4015f26e112d6f3758

SHA1
2ac65d246cab2559b1a4017761a473b6dfb84e42

SHA256
46ef306824c3ff93dc20e75a2462ee0b4c6d584d7493ac53397cb0157239619d

SHA512
4b038e3c48fdde5ae09d6cedabbbad9a90e5442c492fe6c2f773ad06de73542accde85bf471d6d206b50a992af4235b1218a01acf0bd08497bdc52aa86d82bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
80KB

MD5
aa9b38078f716dea12a66dd865d46651

SHA1
fbf0cc54132ada897b8ed23d347d009054dc291a

SHA256
6c1e0b9fdd966028c8fa0f244e1f4dfb20cc75947669984eade1708a20724358

SHA512
756991f23636951214117c79097185a44cdc1d3e382c5408f9373f5353458d2c557034c95935066c19689e2ff464e244e83b989d7a48a8dc795e71b0d81b9523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
567d4ac959753d210fd19ba0e3ec2311

SHA1
0746eb7bd812028968e52877dfa8b115bb3ea743

SHA256
bc81b3414d7b8d532e3949fb429bc0aeafef1b45eb02703b1e84087ee05a6f0d

SHA512
fff3ea2b31ffdad80c27d072e85d124e7da8c384f0bb5f3da0344f75d0147615233f432df729c9624334366edf8cfdcf0ae868c6a54f2f72b94c98dca16b1568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
fb3a1b97eb295da9c11a8923fd34e088

SHA1
a95bb60af2cdf3a5dfc4f68f690422df1a23537b

SHA256
8cc6ae7598698043013eb146bef80d14f42f720672698ccf53ff52f372d1d964

SHA512
4f5834ce135ff992ffc4ef3faf93ff6485de83fc7fe6559d73b4507b4be9cb4324e44bf8ca12324000ef98d6204595432a8945b78a4306765ee06c9724bef416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
fc4f45403aabbc1f0e494f404c84b454

SHA1
bc26aa78c9c974ed8e9d76a3a65f1f2b5c54ab6a

SHA256
b97235afc9ef4bc2b2bfc96526f314a3bb0205815162dc4be5d6f6736c2a513b

SHA512
4ae4e902f76df92c2d842cb8291c80ada73fbb94a03f2d16f8616d1aba552f38288bbe2c78aeb41ac7dbca3952a2ff6038bdf7536645ff25cce6ecded047063d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
18f4541e29b9d0e56534ad0443b893c6

SHA1
831c33670b0645dc9f578a59253fafa537edcca0

SHA256
3cd8a8c58fb52b7ff1bd2c26aeb6ccbba46f33dbebc28fbaee14e7c56b3d0376

SHA512
3755815a1351a026d8e50820006f927c481c09171e4df5adf14de14d65303758ade4c3990772b85e8bf14a11b2ef807758deaea688079eda24c562dd5ea14ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
026e5fe10dfb79314fcf8058889b64e2

SHA1
f7f1a430ed9719d4a1f7fca4ea8a78b2ebc03ac1

SHA256
c9b8e0dd8ce8a7ab3743637a83970c33b17fec831d340778b842b8a9e2213eb9

SHA512
9d74b5afbef821f26e8663641f28797235d58935c37c5ca4d74d71cd0300eade3677996a94d26b1321caf5a57e4d80e2bce39837b57b3468c61d26c206c120bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0dddfbfaf2c232666f71e4a1e1e88e01

SHA1
bd473b1e57915fe1894317d09dd1a2f8d26ee82d

SHA256
b0dc19ff303a14b12114f742298c6c4b8a069074658c15b9723d9e3fc6af6bce

SHA512
35f0129e5e5b7a9e3983f8951653743292a8858c18f153d9aaeeeceb613554ecf9bda9c3391060a218af770e7b736a90c83f60650a1574eab8cfeee41f36560b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
915e0b063d41759e9044667afa7db2a5

SHA1
c2a7258103e079d5a61ec4e17080cb5897165e04

SHA256
ddff8c4ca93633a36307a2273270c6f49fcf84a08b3e676cfee473d82caed7d6

SHA512
b8c84c54c015ebaba70072f58d540de4738ae97b1dec525a76ad257bd177129829d09180715acd15b7f5a0d8aae5263fc43752272a5fd8c304aed9798c0fd7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c6bc14e2c60789882721bebd0d38e831

SHA1
369a63b9afd39bbda2a4301a44cebe8d9cff66b3

SHA256
2573e4bcd51e88c16c26161914e52c8d3d2d23c5a562476d99e472753c265137

SHA512
bd59b4bc7246907ee3ebe12e0d1042c7da4f5389a48233d0bd8233c166280c54bc894325aec20d319a77e52355b4dd766f09db385efcfb06b78c50c664cb4941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f3c26f93a0756d7c7fca911172a14783

SHA1
a042c6acf493c41b890d92ed70d70d73323c7711

SHA256
363c282afffc6c67361a48fe495b68fd560f9b8dd2617cbc8b6dcb76a546a6fe

SHA512
b18568e810063a973136fb0dc182eb5756e2963c929c41d29c9e4e5728a70cb1ce3816610f48cc878893dcf859c6fb543efbfe2ced0f89ba512a5696e4ccd446

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b4da789f825dbd46d3b400be8837901d

SHA1
29b767d154d609a252502968891973ffa9aa589c

SHA256
0bd19661be5d1be9c0f2c1b997df6d018a5f055d11df117eb105f1a9b2d6d9a8

SHA512
593da1e06249e45c8f4034784f8d727be77b6f3219fe6243aefc36f7d2721f59c84d804001b27824e7dbc043a949ffaac77e480c4e9b1d90ff13ba0c395b24a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
04a19f0f8639f5b9f9b476d87342eca0

SHA1
7ef899606b4612e4017ec965dd1d67dec098b843

SHA256
62de364b0947571f6506a4d3b2e8d85871a43d45dfcb82bd09af33834959e7a0

SHA512
1e4e3be46ea06905818b716d2b3691ee160a315b0daaddde013ff192d3670db72d280884f32afd70f2ef4e9b584b4ecb0fa1a10a95994d83ad4c62e4d5a6037d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
529be1a3d8cee5f0f23a7384df70a912

SHA1
b223ec39615e89d0cfe68302e4bb1a8166ccf8b1

SHA256
4b6d72fcd6d3722f8e5ab3c0c6a111c308cafe1ecb203f892086690d9248ef5a

SHA512
0c1d8bb931443210afcac82c256dcdf4357c4953b0dac7183559c071ea919bb946052f496756458039a3ef92745731c096b9a172ff4bebabf56d3f91a93a15ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
77e3d71b4789279e2e7d2400b2f4f957

SHA1
5cb3e2e461fb2a50b07f6b33b5a3b5a3801cd44c

SHA256
1180fe4d27d3a89c17010269ea7b614f6e573dec2ca073016af20f919e51e447

SHA512
0784ae8629c4969eac0654db1285a438f384dfc22c2ed2fc88bb952a3ebdf46998439db2a99b1b958ff5ff8f943063285c33b8c06d5b6b7d2b12fd14abae25ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
0f95564c838e98474d0cab81de696d80

SHA1
af21d7b88487bae742583685d7b0b6c9c78c352c

SHA256
163e498bb13ee2c23f2ded09b475d247d30481357ae5979238955fc9b055f8c8

SHA512
009960faaf51b07d47f3c0b70480567da63d465e9893bb6ea0ee122ab1c6ad7bc84b398032b3decfcb5f04b2401d369532a4e2dbf56dbe6147d840065cef2ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
c60ad009c08c634341a674f7a9cf2ef3

SHA1
3d203438de67d1c6fd9f02ad81f58e3b9db57572

SHA256
e9a1d74d26a9cb67d8cadbf171a1307c4accd1e9b65c6398ed7c86977a61b4fa

SHA512
dd024538c74777a307ba646c854f922de55211a60c8012638eada9138e1b534b621ac3adf2032054a990199776f2fb4dde77b156c30b2f5a057089f763944cd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
eeb7595aa3af7888e7c95cc45d71ef47

SHA1
26c96d73c38b955efe63b257615c360e731eddc6

SHA256
c6ad77d93bfb4832db9c6b3e8866c69b9311b40f2d42337c90a5c7ee2b5227bd

SHA512
48942fd0c17ebdb744a54510951fe40787747169ae70b6976716169f47b0b381297f003ed019c6fd1d50e32012b13ea2391581d5085252654b6683f878291e38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bcf7.TMP

Filesize
538B

MD5
4278c2304e794591114df808ab3b847c

SHA1
6f2491fe128b6032daf1686fec5ddaa833f46b8d

SHA256
e9b2143781326cc4742e18e8a6270f32ebb4038a6b34dccb2a771505cfbf1957

SHA512
cf1f8718ce122b408b86aec99523a894c0025d189ce89902a3ed055da8d085553af1edc8358390203fc1f216524d4d030ae39491135a944791037796556f8da6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f3bb54b30fc299b64e7b8287ffda3ae3

SHA1
3992ed8dc12773a15a994f1707bdc36d698b98ac

SHA256
d73c13c2974ee3ec91e5de744766efd2b22edece9e76f9b11d77777cd54bf17d

SHA512
ce5098ae42c4bd4c3af7ec3c82b6739629d7c36ff3b13fea899f30c57b74b896af899b4fae86c690d34c9c1499e27ae12308a634ff6b3147f6b4973b8b427a49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ca58faf4c61a2fd8ec9d47ca9ef8bcd5

SHA1
96b35e0faf14c67cb8c68690d6300e8cf5973ae1

SHA256
a82502451931b2b685fbf883f26cf556e59fde9289f17be8a6a62784cc697f0f

SHA512
e1501f118c878471644ce9ceedae74fdbbe3dda9bc11733ac2e4ff60ce2de2c354e07f9ab30a6d7750d8c17e6422eee34012068f6a2368de94e8213b3b5883da

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
60981190063c540bf308d7a1c1cb63f2

SHA1
8de729c6fdf4e474d8838204664d7f502bf2f0d7

SHA256
85213e95e9cb6719d4682ddcc3cb87b879efb9311872f75ac5ca03bbb553a61d

SHA512
6b79339ac2a70323fab0c21dd7bb2a979b14bd6ee17293a1f8d47c32b20d90a4961b65753ed2f37264074cb24d0cb59d2cc316194cd2bd364988ef27411bfd49

Download Submit