hxxp://hugegame[.]click

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 18:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://hugegame.click

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4708	msedge.exe
4708	msedge.exe
2040	msedge.exe
2040	msedge.exe
3832	identity_helper.exe
3832	identity_helper.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe
428	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe
2040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 2040 wrote to memory of 4820	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 4820	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 2508	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 4708	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 4708	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe
PID 2040 wrote to memory of 1176	2040	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://hugegame.click
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9924846f8,0x7ff992484708,0x7ff992484718
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5296 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2304 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3084 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,2680161402176863434,5761191361487444366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5bf46e6a-f736-4dab-af90-0e8c91e43dc8.tmp

Filesize
870B

MD5
dd4c8ace3c1eb02e26ae6a6d0d54828a

SHA1
43914513cad6d3ff486f5a44fb9262798ec792f7

SHA256
a94d4dd6678f4f9c2ac2a6deca130507ef5f0b6dd01d6862f15b936d674ac111

SHA512
381a05995804a7119ee815cdb27feef6feec1907d9de8ad993b1d7acb6f493ec21d5d8f2e20321c12bb6db9b00d4ec5a8acab3dd19098d0cd452743a9ec6afcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
a6be935055d68ddc14af758adbce0e29

SHA1
0345a4276de6ba6e49367418336374e7b6f5bc60

SHA256
da633b52417dcbcd7f99d613d6e6bbf8249845ba16cc95e5c511b6d87b4c153a

SHA512
7f98901b3c9693f10e251d2e36dab137d270522d98df0948999857ebea328e6e294f5ff4f147aa19fe3f4e88943768f91ea1fe4f453886523960cd5b6765b9ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
6e5374b05e5eff6688cbab812c1e7db9

SHA1
739fb38220e53f90854cb01d88f208c2f073d0cf

SHA256
94b7ec20863a9c94003336bb808b680a7bd2435113b7e8b044c5104a97c51588

SHA512
354f4106caafe7b28a8455dd2b76a91dd332791b57fc842aa3e7b91e01c40b0356dd520aaa99a5c1dbab450c04d146b4682c414aa9c09562dd80b2c1b749c4b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
479b975d15bc85d710960dbf86c41338

SHA1
4551181b4c17e90ec75d984363b194cbac46b8d4

SHA256
83673465bef51f12d7575eede5cf0579533d354d7639754ff1973d1fc62f8916

SHA512
dc97426fe116656b3b96da4acbba20ff66c77a337e5d827746638c3112e6df235ffc203aa76dae06b26633d216ade41d87628377b9dba45ebe1bb5aa2cde6aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0c647fcc307293bc1f555fb6321ed355

SHA1
5f26ff1646911229d9bd0de985cf38fdf5d90c3c

SHA256
a016417db59f02c9599a3154a291b1d07412798163099fe7a446af43e2010014

SHA512
f97f9819d4e9c8f364fb0a6d1aa1aca06eecd45ac94900d283cd79076448d5035160001e7b6cf229630e467347029ed99d4b7d4910d2cbb5d02da8cd7355e3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
de5ffe9cf640d336d13a76a232ec5adf

SHA1
55f88685fa866c47fa2b5bb86925a57a39f4c60b

SHA256
f966f9ea90cbf682a7bdc14a64ee6af526a26a3f5894fc0a5d64f3d824622e76

SHA512
165c69a3a1f2426c5013c66c73777aea2aae9f3e56680ab1aa6759d86140dabd5c06a801495adfe3e212db08e1aa738bf9f73071df9d2eaef84a1a9fd2c54d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78563cfb48a224ff4e13ce4a55580c56

SHA1
3644a6da81a01a0ef1bcb586c3bfa9708cef5a52

SHA256
ef18f4b3695b4c07b48c80b9ddaaa38fdbc7209170e0adcaf7f55ad4102357e6

SHA512
36ebdffc8ab9e723297e4a7fd77506dc91ecfb84929c262780ca0a2fb7bb79319bb4dbf9240f140ed0644f856440b8f985596ccb720389769b07c996c7cdba10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa51422c2b4e6aeb60fbea6efb82d6f3

SHA1
47912b08cf1c70b6dd32ab48e2947eae8f548ee3

SHA256
9d243cfbf52683153434a131a47e11808d2a7bfdb43f4fcc69d12d9fe9cbd57e

SHA512
624aa1b0f82cc3300eb3c5779fe91de91eb5a9fca38feeda1c47d27bb26257104d48f659399d9a3e7c491040bd3a8aeacd3884add4502c6b5e4e65b72de9c1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0de50a30746951793191631f815447ff

SHA1
35d2878fe245de42e93a0adb5923a294a45f389f

SHA256
1af8a1ce1bd65c192d5126ae79b74fa915e13d513dc883c76eb4c31fc878e07a

SHA512
de2f61d84862b0f86fc41c23be8078c93ba67dd6f97d8658db44b3ee7b884aecdcb98495392ccfd32a7db98428766d13b8efc7cd471b6d9c1aa057b542895d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
680e24e06b83c31ed37a2cf24a801957

SHA1
4ca68d65e32cbf980e80aa72f6292d2ff874f8c0

SHA256
ad69c067cfebdc0bc479c7482ed87332253e11e2715514ab85bde6383a440be0

SHA512
55abe22ab79457dd486bea9ca9e688bcb10da7b18073364913cbdeaa00220da3a653e2e0d0baac58231d7501e58c21372731e93456dae0a107afedd8da13831d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
320f3139e9c65095bc28ed2215664ef4

SHA1
d27696c1040f2bb50ea8640654b7408fece79e88

SHA256
43a5957657052ddb0b2ac64e83c0cc8acc9415ad374e3b1fdcd546044ee17b2c

SHA512
151374ae2d667ad0b7469acd1a083b6cca0862f6f8fe9e28a51f878ab97bf09fb9efc2326310f58e2a4e8351bc411aec872bd13134b91cf702e73ee6d785fba4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b4341358ce0e086f4bad32e69f90bb11

SHA1
8094e5ddb3162a984785745a8e942a132592bbaa

SHA256
4c094556681ba10f77ebbfb89ef6f2a77f18515c9314f236b15578890f83e2b2

SHA512
db9a3c892a1d2b488a6d3c42b3df333de4c351d2c676283c2875243027da2998ef77f06d4720f6541a1c04690f7a254d5c6048023f92652fa0d4b9207c1ad01a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5fb4c66246f757357b73ed30e3532884

SHA1
0e890e7abb34efc86c71bec84368f2de240dcb96

SHA256
3e811f92fb2c405c6e0a1bb4725204f85f6b5816d117f051d56b05f92ce6f951

SHA512
bb25010a7957edd3fa712e1fecaad9ddd1e70d3de7ea9af245a47f2cb89b766593bd9b34e74361b27bf620ba176c8956459b4168c0b734bf0345892cc07c8e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
449dc7ffebe378d96c238f447c98c457

SHA1
0c6820e009f15466ae7d297eaae7340093bf5377

SHA256
9196aebda3a1eb53edaa9cdcb5504836494f2e508dba65e6634c522a7c70f590

SHA512
ad6b3afbfb38ad265cff051c37b4c54d58221e18e21ca3383ef5cb3459e03c58773ca8242ced21d6ca1ed6f7e46e4ed1b69cfd2ebdcc6d44d632a6270ad8262c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fa9de4df9bdaa5d19d2d2998d61278b9

SHA1
cfea950fbbda1eddea32476bbf1cdba5b7d0fd8e

SHA256
907e729b09689283c06ad5550aaaf15437876bbada43671dd92384bdbf115d01

SHA512
e38653c8e651b6769712d490890dbe1ad76bd117ef91464d71cd2970bf16753b7c87dffb26a616fc3638ccc14902ee328aa950f76169afa1a904dc5e0399de91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
57deac8201842dc99725a8ee1e371092

SHA1
e7ce4c8fa8b94638b4e5cea82442e675ab730469

SHA256
007f8b355ba8f1dc5433b2fe00fb288806e74118bdd6be0aa7f9d7967387d451

SHA512
d9bd1d868bd04479ce3d35b113c39b4f1ec7345df5e939cf323310e5c79341a56e3c22e16a44657a1876a424345fcd03947e74f333c288d036f376a0a3de631c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c0087c28a8bf083c90e07bc9491d4ad

SHA1
f871e95742da04abab364521eba64d5b539d5ff7

SHA256
660467a58e67f6fee8f0fb63095a6af474de0d829b72d1a2fd6b692fcef00616

SHA512
053c9c85dfc2688d0ebb3cd8755a5021fda971cb9573965f27fab8cc1f8c6ab3f0eadd21af9664d222a85655c94b28495290675d49d300e8ef41c6aa53a806bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580e34.TMP

Filesize
868B

MD5
1a45cddf432e54773721d9aaf16622ec

SHA1
bd9fdb40017d245c6a4557dbfe85f44e304451a4

SHA256
0c8bf9852b62931e4ae14a5c0a35485b54f79eeeee8742f4fb730fc6534353e3

SHA512
a4b2ff2ed8105de167defba008fce874dfe5101935fa72a53fbdd903cdfbcc85f3c8583afe806baaf92e0eb5d8331737c093a4c58eeb86a8823ded787bb693dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e1e10447b524cba43f3eb6f3e3f07a7e

SHA1
aa9042766a6770cff99fee66fdcb7e8fec5c7c71

SHA256
8933c9a760f5f5161f75dd901cebc7d5e0ed1f9b252aa5f8ce9bf06e77808fd6

SHA512
5593665ca76eaa1a5aca9a94664fb37bcfbf5d6a622d1d3d50b03994a33d5a33592709427dae63d96c7977a56818521fa6715c5c1455bf1b475380adf07485f0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
\??\pipe\LOCAL\crashpad_2040_NEZDHVZMMUGCAEYY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit