hxxps://maps[.]app[.]goo[.]gl/fUJakKhnMAt7kka47

Analysis

max time kernel
105s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://maps.app.goo.gl/fUJakKhnMAt7kka47

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2539840389-1261165778-1087677076-1000\{BEF0B074-EE4F-4473-9F5B-D631AD04CB31}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

4020 msedge.exe
4020 msedge.exe
4076 msedge.exe
4076 msedge.exe
3204 identity_helper.exe
3204 identity_helper.exe
1084 msedge.exe
1084 msedge.exe

pid	process
4020	msedge.exe
4020	msedge.exe
4076	msedge.exe
4076	msedge.exe
3204	identity_helper.exe
3204	identity_helper.exe
1084	msedge.exe
1084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exe

pid	process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe
4076	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4076 wrote to memory of 944	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 944	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 388	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 4020	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 4020	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe
PID 4076 wrote to memory of 868	4076	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://maps.app.goo.gl/fUJakKhnMAt7kka47
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6ec646f8,0x7ffc6ec64708,0x7ffc6ec64718
2⤵
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
2⤵
PID:388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
2⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
2⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
2⤵
PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4968 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
2⤵
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:4812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:2152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
2⤵
PID:2320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5676 /prefetch:1
2⤵
PID:900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
2⤵
PID:1904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
2⤵
PID:3720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
2⤵
PID:3376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5852 /prefetch:8
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4940 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
2⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2064 /prefetch:8
2⤵
PID:1656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
2⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
2⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:3728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,17920678565031367535,7914073678098991524,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
2⤵
PID:3720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
36KB

MD5
ecae49a67e5c3310d12641e70cca87f1

SHA1
cfdc8aef4916a60b9ad45dcfd66743720627b5f2

SHA256
00d35ebd1c9e1f5b52df8da3fed0c9e57df67d1c5a1d575c299fe5f4af8d32dc

SHA512
089b15b805f8c127c556dc4839ba08b5d50d2d4c76aea53d6928c11583ce3ab8258d94ab7c422c738319eb916b6b67af2cd850143071078c8c8969efc6c04c07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
21KB

MD5
e63973a93262ffc037ff65bf5e8c1382

SHA1
893b38b50ca68b93b1f66b91afbb2d611819b008

SHA256
262d34b3e4e20fdbd55227d97d2fc75d197f91de4bec0013cf18abbd7cec175f

SHA512
da4c02defe08e77c6737d1b38b1798ed89006b4c67712f602d6cd89569d7721d19fdbb3ef6589df45fdc6d63b394f7e9273bbc76fa631393af17faa49bdb7bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
97b672bee15864bcc02038b6661325b9

SHA1
14a0560c75bb304624a47ad5e51782ecec58dd5f

SHA256
a05aecf77c85f5a2094fe0190e7196144ecf81a63461f58e076c5061db615d57

SHA512
250d30c57b837bcf7d38cd56dd8ac0024d4f16dc42dcbeabe8706bf2b95d5f7753b443dbbb00bfebc72b38f7bdcaea2960450ae059e43c1aef5613250c6a7bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
28c1a22d5be29856c52ce481458998c6

SHA1
a88e62843f384a255a57250bc23a97735fb7f2e5

SHA256
fd128e24d1dd59b196cdd783b3e6a34fb4a998fe9de1be5339976b24408d6cd2

SHA512
eff5b7d1e18660b0c39d6f481671fafb7d92fed4c0f64a80c9c07a4ae0d5c80d8afbacc499cd21b6eaf0177705f9d427481b9d33cbcad1816a7a636b854b03db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
96B

MD5
961ee0953e8591fc3a6784ed26af45e6

SHA1
781627759065508150aa598e8217f7a9055af968

SHA256
171d087aef31d401e2a6875368c3ee8b8c64ed5db0dfcceb1683cff78e823235

SHA512
d75222b09ec9a0eab7527fd7e9391993130c5f1d0e0599db2b5369e4e9134695e135289f8fae61e90dd271bd756ef932514ff822a6d84401cf1bc3f0bdd704bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
120B

MD5
8e57846ad27d344dd24f479683023724

SHA1
268ca8ffbc76a07fd94955e7570a021af8a13c3b

SHA256
73adabe872ada2f5398a664e243bd050568ff930c3e5f99abbf16b815aa0881e

SHA512
831ca3b8593a57b4b745994da2b9ce0b52dcbf219cfc267adf46635fdd4353dbe43fd6b28a136e01ecf589ef1a6ae7f7f2955803478ca6c27b67ae4d2a6f5185

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
edd24180c7db019c13587d54293f39bc

SHA1
2cf34f04a01a8cb27d766bd2d81f4aa96fb2c3ff

SHA256
46835726bd64def85cf11ead8fa6878deefba9041d544e07ec02a394ac8878e6

SHA512
35bdca5c6ed9a33ce58910474ca841b72616a43509ec5808b8a9a5e223b33d95452a459fae2a603423d8680d739d1a21110bfaea7dbc3f6ca726145f37633cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
07af808ce9239b8942603d10d87dc0d4

SHA1
ab43cc7b9a2c621fade55563ff623046aaa51a7f

SHA256
f61c75a0c65247a6ed3e5b2ded7d6be68817d9ff03045bc57a1ff411be841362

SHA512
761fc49a8508143880ebee0b96fdf8291409b64bb8355fe00a3ce2c98b8b40fc84f035bbc553ab3614940086fce5354e6a51fe1ad2e59c0646067e4c38c8d915

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7291f025d4ee4600b07399e2732caa4b

SHA1
4d690ddb7022ef614d7be13eb6f97819f140f8cd

SHA256
475320e94c3a36f80e935561882921bc1aebe13b7b4e3d89afd0d418559c2470

SHA512
61858936a959b8270f212f11763801f33e453adf272849f69cb4e15353e1b963a72a040eed353f606cefc4cbdd6e645c06d5bc5efa6f1755340cfd3a93ac1d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c59f91b66bb62156e65aa8ed69e5a610

SHA1
5b2f64d8b7c01ec0bd0d925020ebdc20eba7ee3e

SHA256
0c8726ae5eb81ae07ddf4c6cabc1b753c0497236192bcacee43d2e7e9dee79ef

SHA512
eea6fc09f9bd89aff11bce9e21f596af33900c649c8e6de64a361e652c607180caf26a0434134f7a938e0050368abcd2b917ed31156141b45413c166c9f53c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8ca6aed5d84e819e3773bdf9f1f256c8

SHA1
2edbc0ae205a000aa2634fda5d91fd8da0a24619

SHA256
f1a8dd8e3781dc7cdb4fc387474f20d2f9c20350a9f8ca858eea2b7e36a425d6

SHA512
83b8dbe39c29245e403a2610ca7886a84102ac0cbcbdf3d267e76f28731f2336c5843c2b118d0d5c0c249f19c1d873a35bf6c8ba2696b5b4ba51a183477012a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ad61fc5f4f733d8104d70b246e9d830

SHA1
0ff47ef85598daffb48f9f46fb038a8f10e763d2

SHA256
c116890d53c575824d9b825ea894a2fe785da0f538efa5542bd6f342ae587e27

SHA512
051368d3cd2140bc48680c3b9d6a43bb8854c30f1502bbcb002be01ef283b75cfdcf7b7d91083037dd896960f613b71d8fabf81328e0714fa6d24b238ae5bc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6deb686035ff6ac8cb34b1ec2a7bd4c9

SHA1
bec833cd683f79b1218177888599e71d9e82e0aa

SHA256
2ae20c2179a1d40686c16206daffe498094d39ed1dc4959a45299618690674e5

SHA512
5b3f08c26aab134ad69fab89f2a7aabc0707a52ba4d72331b351eab9311e222a1ab3dab456f41ac5de455c72056f46477cc359f867826bc87cde5eb45b276984

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0965c64b-b4dc-4e12-8eb4-99125bf7765f\index-dir\the-real-index

Filesize
72B

MD5
bf405b45393cd37d1a610e9342e86809

SHA1
89942af29b7febbbf7f343faeee34a8415ee25f8

SHA256
161623ac7f783448742290cf06f39d35163c305471bf85b2940d656a2d701242

SHA512
a6e77749534266fb5c2b56b0206b5f155437894d8ca28b229c1fa3d37d0f3d8e0af6ce676a1c84c7dbea551f6907d07c1ad03b92d69f0d5b962f7292c3bc2b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\0965c64b-b4dc-4e12-8eb4-99125bf7765f\index-dir\the-real-index~RFe57c95b.TMP

Filesize
48B

MD5
66a785cef4480e1d1348475bc2de6060

SHA1
4c154875fd331cafbca9ef478cd8bd343880c4b9

SHA256
c1d1151e59bd18033b04d2fc23ca8e3a1e1b5b7aeaca73a7e364b5e80f0bf4cc

SHA512
6a882f35f87f065b62e24e2703a33fef1ecc49e835e8df0a00bde8c39e22130a6233e6925c13be3d4c9b3aa73c73b0157024252a9b761568bf78dc95a5acc611

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt

Filesize
90B

MD5
4ee461daf7c76606b2ef3e48bf065766

SHA1
e6356f315d1678df5a9ff9516791d041e6d0f826

SHA256
1883bc99d34e0b225ff0c8fe80e8e5d6b4fe7944bd7475e426dc815f7317e686

SHA512
f1e7dddb80d638c80630bdb2f9599272d7af6a3b1f64c1c8acf98d3942c759d863e85d607a286a161c6d86ff0252fcb3f060d3d8026073e021d1df75a903b66f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\28da9c56fde4021055a681112c092453f74d8dd8\index.txt

Filesize
84B

MD5
a08c3388bb26a8f64d92d53e1d125efe

SHA1
c86c7ba6bf73a95b99b103eef89733cc4f2d11de

SHA256
689f8b7a0d0b2a31c9c3c1f5ed8d0f3d5d769c884b10fc98fcf0f3e6ab1c844d

SHA512
6664a6a2dd124af039cb58c8bd1251e91ee70b4474d04d47f3b4cb8e548431fe1e2cd32f57bdc2e41c53815e9127e401dfcacf15327fdbeb7e25af69cc67765e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\c6bb079f-bf66-4a6d-aa8c-c410507d82a4\index-dir\the-real-index

Filesize
72B

MD5
bf682a4ef89f85e35523aee06926890f

SHA1
025f2d53e21bb04dc89f3228d094fcb6d22a8dd4

SHA256
69e61ccf10d5d0b45fc915616c9ecfd76f47177021459dde741abf5c1b530f76

SHA512
a26564bed2f83903525a5bcc680966fdc986d3fa936b6736a50ebebee205969e0e5e85aef463c609caa243d35de9245be2b3f6135b63cb9ed3b0f877b9969432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\c6bb079f-bf66-4a6d-aa8c-c410507d82a4\index-dir\the-real-index~RFe582824.TMP

Filesize
48B

MD5
4428737eb71a56412901b5ddab7816b7

SHA1
f4eb467d05eaa3a806376112ef53d05d921763f0

SHA256
ca774075921def98252ef2ecf0e7b11ac0c4b5e9a617f7bd0f730cafe54cf98b

SHA512
812ad4dae9e6f04848611b3c80caf790d9d7d084c8beeba4faba3ddcea2a9c0ca447f7c46363a0f639a272eed51f3648903ab8b2b5b7e493282d506a6c10874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
92B

MD5
3fde7028333cab2dd167a58849ee69cf

SHA1
15e1db4cdece63fb41caf6cfd68d770a1b373ef4

SHA256
ae37dd3e3306dad75372c076581dc8c620797067d20cd3aab551011f6fd97cc8

SHA512
8400ba2d94304044956d21f13ddff55572458b1cef6b449764c8a601db95f1817bc423d79656c7f4ac60858bb13a7cc2a0de92a32c6d9ff57f483431dd42eef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\a79a6c378e0edf822240dc98c63f691ed622ef45\index.txt

Filesize
86B

MD5
7328dd8f292b72cb298f86652dd84bfa

SHA1
7d349312b024152c556fba931a5b5387b79e0bca

SHA256
10b399986624510c41207369509bb23a4553cec6f828066ede9c41cac971de58

SHA512
20a2ee1db495d63fdec38d88dbaa2ed7994d8fae843e21dd7ef8cf5e998ae63113e9dd470ca252904d56162fe8ea5068c26f96c200bbbf38cbb5f7cfbf0cbdf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
263503e731c1f7abd52a1ceec1f33dfb

SHA1
29c37183248d3fd010c42291c8bc9c179123ba54

SHA256
7e4593b338800d8f8cb49dd18e05026ea39c5ee33a2a6ce063fcf85dd681f016

SHA512
1f3c33af4627fcbbc7b6318fad9433c94feabd2a2826a5dbe9464089619a21677f56b87ddd8af2f5da269f0b3331a46d321712959fc31aba4f2a13a1c0100b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
349debd9dcebffbb5c1a26b494db2930

SHA1
04688a46937313d9c27c4e5bb0da08435cd412a7

SHA256
a0767702308dea49f85c1f60cf75715ce49a33b3140d9c6864c6a80fec1e5fda

SHA512
d2de2117f03938284ecb23a3a8bfd26ac2a3579fb344a760d52fd74d3369257260273993491be5ba261395cace3b2d34ded59c0e765f844ff004e4abab1bdc3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57c8af.TMP

Filesize
48B

MD5
728003f37c87f4e8f854d433e2f4bab0

SHA1
514ee58b3f0a6f5c66710848adf7ff29271ea16c

SHA256
9665ebd315eeb38d050a3b8bb3abfd442fc71e78d99ca311eef2f833385b81cd

SHA512
ce0ecc750ef9b995fb2ab880a0e355f081482924330dae9614de62e216211e6d597e46edb42c390e5a58790e6eb3de1468473c140c6046847fd207990cef9a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
8d6114b08d6c5ed84acfde382b0b1970

SHA1
a8ffb5b47d628ee493fc6168886de11e11954c97

SHA256
5f824c19ce401dfd51d77232337e8b3561c74812bbcd6ce4f661325570c6bea7

SHA512
d2cd2bf429b7437a05b4d8894311e4ee567ca2ad4b3762e70285a927af513d0fb1ac8bb5ef3e1c55f470c13ee6929762500c4f600378dbbae9c0a66f6fdc86ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d5de.TMP

Filesize
204B

MD5
71677460de2030c6809065d8deb2f78c

SHA1
c2be49d5c0a0679edb307e4be2bd48a500e747f3

SHA256
d933a48ce31effd8452814fed8d1331c0e8abb321fa84d88cc0294ea08fc0a87

SHA512
5e07b5068c2de816f24993784661223da2292cc3d26569669fd681eb96096220fea1fdc6f020409a5e99cd7f9d6fc0c120d88e60908e5ff1a2e9b8eea2e2dda5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e9461fe001166ed396527f26a3f908f

SHA1
01475d08f14182448024d66b175dadf7de901774

SHA256
4fe18e1dba9585f968de5b618980e71d4b7b7081c4a79b2e20be60c6254e68ff

SHA512
91656c2eb92ad253c0c6a0f7236ed9f38e829d989d8710aeaa33379b67146e0f73d88cbc782eb1dfa9462081c5680d7218f76568a01446be76b6f9cac4962bb6

Download Submit
\??\pipe\LOCAL\crashpad_4076_PFYDHZAKWZEQNLUQ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit