hxxps://qz50rtzy[.]r[.]us-west-2[.]awstrack[.]me/L0/https[:]%2F%2Flink[.]mail[.]beehiiv[.]com%2Fls%2Fclick%3Fupn=u001[.]IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs%23bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=/1/0101018fa17d09a8-e7754550-9619-448d-a275-dfdf25ba34bd-000000/v4ig6Rdixt-DkjWMIWNvt_kUCU0=376

Analysis

max time kernel
82s
max time network
83s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://qz50rtzy.r.us-west-2.awstrack.me/L0/https:%2F%2Flink.mail.beehiiv.com%2Fls%2Fclick%3Fupn=u001.IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs%23bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=/1/0101018fa17d09a8-e7754550-9619-448d-a275-dfdf25ba34bd-000000/v4ig6Rdixt-DkjWMIWNvt_kUCU0=376

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid process

552 msedge.exe
552 msedge.exe
1940 msedge.exe
1940 msedge.exe
2484 identity_helper.exe
2484 identity_helper.exe

pid	process
552	msedge.exe
552	msedge.exe
1940	msedge.exe
1940	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe
1940	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1940 wrote to memory of 4088	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 4088	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 2800	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 552	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 552	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe
PID 1940 wrote to memory of 3076	1940	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://qz50rtzy.r.us-west-2.awstrack.me/L0/https:%2F%2Flink.mail.beehiiv.com%2Fls%2Fclick%3Fupn=u001.IR5-2FfMU86qTPKU7GpVO6NTSAFgEkju98mxAwxuhW9Dt6ZK26M4xu5D5yq97Ww5IufS-2BBelnuJBf1iztAjth3Tp8jLb69dhQXf4WNBUAQvD3lpWp4a65uwXhPfDQxiLIO0uIXg7Ecgu0uFoNQlDTwLXSCy-2FjR02C-2BC0m4KrEj-2FvpXiAw9YT0p2MnCih42IbKfEGmoOgQ5BdxXQe4aKJ2YxooLUIuFElNuj2c0T5CM3jzgBRG-2FNwi2-2ByUnIBOohpq-2BZfpE839kcw1A83X-2FbWaM-2Fw-3D-3DHFBY_VIHqStjbLRLc-2FWBFP1nBjnBIdfKatORUSVBly0-2FIAfGuGbT17Zw-2BCWySuZUuanaGJRHTOmbaHNbjS-2Bwny-2F5pryClFlRO8EUnUaQJEMC9SrTDeWvF7W3wWojnduuZysCmyXLNy9B7v0FWMmBtzZxTy1lkM4cHmj8jl5KM6GXpsEf9nIEcKyeISfsqksWQESn8WgYdHCpMKGB3tOUj2nun5DHAKRKmdfIuKIlNztvBqYcbFT2xMxfTvV8TVVVmb63D6QlbNdhLJXoiiJyFKiylTXp0N5ldnAQgXDYoiOmOUgn1-2FLAsQRIGIUxZkgszrk7Q6yrYwnuMKxaLIYutiVWY2BYl10ysAz3H632mQkAhcIPDG-2Bme-2BZRRnQD9gaotME-2BcK2buJOlp5yJlj5Nl6rrbLebrC8RGW9hep1TC0I7w7krrnbtWfbiDgosUFlDv9obs%23bS5iaGFyZ2FhdkBraXBpYy5jb20ua3c=/1/0101018fa17d09a8-e7754550-9619-448d-a275-dfdf25ba34bd-000000/v4ig6Rdixt-DkjWMIWNvt_kUCU0=376
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd1d746f8,0x7ffbd1d74708,0x7ffbd1d74718
2⤵
PID:4088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
2⤵
PID:2800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
2⤵
PID:3076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
2⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
2⤵
PID:3324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
2⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5772 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4648 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1
2⤵
PID:1952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
2⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
2⤵
PID:2352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
2⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2120,3983997949594557985,17231851430086016170,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3632 /prefetch:8
2⤵
PID:6064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
5611cda36953c1383b6fcc51532be931

SHA1
4a1243dd16ee953c511fafaf6670976e7381f49d

SHA256
a0124dc56a26778695f846156819b16a0db9947c2c8edaf9d49832a0ba6a4e2d

SHA512
cc2c97af9d6adc0d837d26f6a555065f93b1192f3f92d3c4844d7a48ca37dedeb8ca4202de1d621f1aaca2693ba8fb851283c712ef453f85c2f5deabffb3296f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
0e269f7b1d81d7d49442fa2446f51561

SHA1
b5324781c3240a90b785b5dc887f31a964260038

SHA256
3c72c5977e581c5ed825bcff45646a2bb462134c91afa83980768d46acb08877

SHA512
4ec521a930ce1a28ff3c95b99ccaa03db393c41f702679a27bfb9bad47ee3fcf849c878f17c263d5396edb9112ee01df34ad92f4222c03bdb929e95b400dd5e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
312B

MD5
3e47a4c743ab959ea4134b7851a06c48

SHA1
b929c7ca92b68e8e2132bdcca9c450620a2798c5

SHA256
857fcf9bbfd39db7287d9f3891b3bc8c2a203309125e1423b29598d0ef30dbe9

SHA512
f0a82f9a70cd80a44cb045031968f6fb04f4a3c6b6a887bd6417a258f61d577319ba353d1959a484e385da76baae4656a8bd8c08dbb8bf1fa955f4ccd861b0d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
847902ffff073e7c31717c575fb9eff7

SHA1
814273210c0a4483c2e3202216a9845378599803

SHA256
b4e083ed97e3052a888bdbc19e6bc88d3caafc6345c7409eccc2ba7d6b29b473

SHA512
3124244ccf59d2558fdf09372cb64e3133549e9207136353b8ee82f04b9bec331a9fc8f447ffc7153f45ddafe95471280a075eeb06dbe5b9e135f85c2cbc1d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1b409a496ef577c153ff1353408d14be

SHA1
3599526abbaeaf0a5dd4c4a7d39e58708d4fa07e

SHA256
c8785694dd6495cfb61f877b0ba8724bd7362ccc6e0497d7d395b49c3eec652d

SHA512
18178cbb50c2aead85017e95c204e24ce3eb07589b1febf5119caee5da42099c40d455beee3e99d054bb34d43cf76f73619cb43b4189ec8beed769eff3d723cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
096d35c7cbe87b5860c0175e6fe6c0ee

SHA1
1a6d4d8fd53b4541bb6d5e424fd21da2dd25dfe3

SHA256
7921fe5cbcdee13ed8ae82e1a2d74ff69dc58f285c83d0fe2d57249e033bad0c

SHA512
b2e0d295ef5b15621e7687dcb989b1d8d1b09612a648a8071726d9daf9554a81ffd9cdc700c51734e4da3501d96d5240f05d685302252f8ac601325de54fa750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
3db62184390c28b6616e433e3d32d81e

SHA1
75fcb14725a724bed6619a5e17707377cfb0f5ab

SHA256
cb5b1d4ce9f536b228b922c36d1a3350929238024778c6b70d33e749f531ddd7

SHA512
f17fc249c37af002cce7d931276815f3084fd4c23e901da619c1d4ab83d75396d0625ece1960fbd2b035dc16187bdc6f6a1389d4412d7b7cbd84d340e80b40b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
703B

MD5
fbf5c9d4333bb04be2699aacb3806a03

SHA1
b23e4a5db667ab75e8cf11bcda9b052e250e8856

SHA256
d96e805a9369549b5e0a69534aeb15d99acc006b51bdcb0db78379a833105d7d

SHA512
6900ad8d8e8c57523deee7a7cca7b99b5946f33f9c8b22da46a0cff1e6bce42cb59e1ab3e890c57289bd5c1e8682f542f987811fbc2f25e4291d9893610214ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586da9.TMP
Filesize
202B

MD5
f49a9b7b8782766dd0b87f1b549a77c5

SHA1
e112ed3aefd36efbd9c1393c2ea282ccf840de1a

SHA256
d7eb7faa4bd1a8b6708ddc28ce2d2111a39e1ae41b8306f5c258c4672048fc8d

SHA512
01fd00cec2047d2aa45731a29d084dc67f238558210d450906da762fad83d98d70c2c2ba72da88bbef384fa817d98d28bcdd37b07b5d359e7694f99da01c51b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
cbd7223c256077ec97d90f3f84650940

SHA1
8a83f95e5e6d9e900153a6d4392ff11a1f96cbae

SHA256
f88b605063898bbfe51df151e39c8f6de3d6050d0ff8c9d4c112776f69d79c22

SHA512
4014fd280c233dfd268d1eeff20be40632f22d4ad8f2e7c7b06623473763a6701a989425d18eb754ea2d7b0b8ec400279f28bfd09fcf29e0942ab61238d691ca

Download Submit
\??\pipe\LOCAL\crashpad_1940_DGQOXGIATKSZCWOK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit