hxxp://discord[.]gg/address

Resubmissions

23/05/2024, 12:09

240523-pbe99agd48 6

23/05/2024, 12:01

240523-n7ccssfg71 6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://discord.gg/address

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
24	discord.com
19	discord.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{070D37FA-1449-4C06-A4CB-C74BB79D6C54}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1612	msedge.exe
1612	msedge.exe
1260	msedge.exe
1260	msedge.exe
652	msedge.exe
652	msedge.exe
4020	identity_helper.exe
4020	identity_helper.exe
424	msedge.exe
424	msedge.exe
424	msedge.exe
424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe
1260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 3508	1260	msedge.exe	82
PID 1260 wrote to memory of 3508	1260	msedge.exe	82
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 3176	1260	msedge.exe	83
PID 1260 wrote to memory of 1612	1260	msedge.exe	84
PID 1260 wrote to memory of 1612	1260	msedge.exe	84
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85
PID 1260 wrote to memory of 4256	1260	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://discord.gg/address
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb1b46f8,0x7ffbbb1b4708,0x7ffbbb1b4718
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3868 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5620 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6616 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,8766681285857609767,16129222418823827903,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
106KB

MD5
3db0ba15b11f2e5235d342b87bd6a309

SHA1
1ba28223fc2c037c9ca9fc44b2ca790e775f43da

SHA256
8d957f6ed3ba12f476b51a3368223c7ed5a59d046611581f9457a14875083b9f

SHA512
dfafdd6dc23d24f59e92bd14fe289f98f959ac65936820bb15e5c32d18a3f9fba01bea50e8fd981b56fbacf114b4987c4d0478d6ad05e0db994dfb08ca2fde41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
840B

MD5
1aae0d9101676186daa608e94fda8d97

SHA1
8628232b589dea595e15d6cc8494a04fa8aa3c5b

SHA256
f3bcd73a2ebc94ac6b6a573b46757adb25e78c081d7f2357ada0b58ae4b1c9aa

SHA512
7090ca64a395bd7495eea23c8e2e6fefde0c581e823bf0b3c724ebae4c41cb1bb3a712f5a5bdbdefe3316238320194cf535bd670b7bc56312dbc2c34507dfc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
126b7d9b25532f1710e7e47762364fe3

SHA1
cf4a72f1ec5e9ea26a3ce8d883fb0b31475b1f14

SHA256
ae34a0eda405eeba23ba42c781bda0872f5e7a647fed0502ef840e9f06081b8d

SHA512
12022cb7ad5b604f38e8fc8e54b11ea52c69a719954bb40440506b86e26e3f21ea137475b669085c31d5e66212b1f488e2c5b38180a48be07462df2bd3a40118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d6586050586c02a18fff69586be2263e

SHA1
9c8d10395fdbc62b3e737dc8d7057b3bff9625c7

SHA256
bf8edb26b90e4577ac3903a6c401771e36aade95228e0c0c75dc0b3887aba0fd

SHA512
6844c904bbb63d0235c5286e1e774ee4457084aa8947e893bd912953a5b14a8671f1df3c24e66d241b0697df9e36bc4ffdade1767ef41f5c8904a97b2d713c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
323B

MD5
a5a1149047729a493b1a2a65063c39ba

SHA1
8f1f45cb0c0772dcd05795734cbf408636fb9fb9

SHA256
e0ef1f906ea2606c802310437fe799d93e073770ab6549060ee4b9c9c49f2006

SHA512
8ce257a087115e2d542657a2b4679d0c100ebdec76e3392cff1bbba133e129f2fcdbd73f9baab92e762bef47a2572d3dc8553fa3858d787d2a0b2bf8f05dc54e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aea1bf2c39e89a84614881bc515bae1b

SHA1
a395f04253e3cd9c2a9e055b989f54a737ea8a3c

SHA256
26d223915821e1aad0fe98913a86bd8b4c2f9e0bc9c6ec6c6030004628eb51e7

SHA512
6d067d072be84886353eb5f53ed0d23c5c509160883cc44dc4d507f3c563575f2ca29403f02fb6c96b7743327cc94f81a4ea0aac1174a3ce9a6bf701eb7a649a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da343f0a85378354e7a2e0f88420ec0c

SHA1
46f3486747ba2b20f55afeb92b45b7ba0c3f9347

SHA256
762758e7d9c0f2c5480db34f403a77dd375996b52af3212c2d95ea6b5a5231e3

SHA512
a989087b5189fc681f47c65f111fc29d27f3c37175d30c919342f88d495a5dce75b0592f4804335c91523c7dc2ecba7d19e1d99b013a5b3fa13d4ced36a44376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0fcbb43e0d6b70f178f2e7a6a1f6d49b

SHA1
5d2585feddf51ef2725f0ede84fdbae81832b7b7

SHA256
5d5394ab6edaa206899414fee04ea64bb53ce6ab31ba4595407bdc86138018c6

SHA512
0fa48fa3ac9e20c4d07a1141467e4069715c9a1d8e7e146707e622fee9e07f3d11ceed747bc439cede32ac0f3aea2dcfa5b8fb108013cff4ad4052a6c76025ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b25f2711ce8c9ae336d789966f022c9

SHA1
638d02d9e7763dc24b159664a7204f0a09c6173e

SHA256
12c3fb4900b9d1eb927ac26ff567eb1adba051234348357edc0645728641f8c4

SHA512
5d9a76e34a8cb5e235687044aeb89b3ba2ab9ba3a91df2e1808cc3149c9bcdcf6e2da2de9b0bcce2d5e77627a319f79dcfbbf137fb4c41e1d1af3ed47ce2c300

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6d5af30cbae12377cd50edc4ba891bd3

SHA1
ae0901d76f9f9a50a6e566981d3952850c410c7c

SHA256
2262627b13177b2223cf6af6bb5740c294f5638199d096f75a1e0d9e5b416175

SHA512
0f28a058aaac026e707c8ea3c4668a1ad501ef22e2740902b5c47759acdb2c28a8263a06f8d1469a2737b37e0d2d831c5d009a50c807a4cb49f71b38193f98d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b4533c99e599ca5de7a1e23394797e5c

SHA1
3b649868b89b36124f3fde29a0c970407ead2c0e

SHA256
7c8e58b81661fce70659b892f1c98df78113ed8f031365591f39e4dafff83d3a

SHA512
68c4e1c3e8e3d68fe22b6cbf39bae9175b3ae2c214d636318426941c364bd9171762ef67f6dff37b825a6bc4cb0417ec644c6519c799754569b72de302759da0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
790fb21c32c8c4e19371e9d18ef2c5ee

SHA1
88406d134bdbdb3263aebf116cf5853f5536a40f

SHA256
5e54e08aacf6d63f8d83e087b275c4b51e9b8ba115f703d36633045e9f75fe7a

SHA512
191c8fd43294dbd467436e3d6eadabaaba9bd61f1e48305ac9db4e02c5284089167dc294a284791c40d71b82faa81cd1b3f6850f557e9e3b67e39efa0671b1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2b869c9a90d3ad482e29fad7643b6cb9

SHA1
f97a16d2232b63b4a5b81a7544ee63bca021d78f

SHA256
ff0006b3c93be5419e04e52f83822497d0cff73d01bc4f9a2d2f9aeae59e08a7

SHA512
22992b91d6ebf449c3e43ea913fe7cceaee3b28cd462bb3189ef4f8b2593eecefa4720ab01dcf62c457c1645a022bf2403248f1a39a557ec6517d2f8df6171af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
06ae6041a2fa7a760344899f3042c87b

SHA1
caf63a44a6403e93d8577739db9c219e412ec062

SHA256
67199e6a6db8b94a9b7dd3846e8abb2934ccb4935b58db125c36458db0848ea3

SHA512
3ffd488aee012e760d7d2bf3d6a2396cbc96adde51e4e5346daceea68a1750624c8710fa8f30109f00d3757b1ec175dcd95ab0df3973583904335500bb7c591e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50e625c949d2dcd306d75bb60c5f00b7

SHA1
a8b773dd46625da6f113b3e5426469f94796b9bf

SHA256
70ee8d4d14df329abd5e3eac15b7364e9452fe486c46729b91dffd573d989db7

SHA512
74c73b41f7ba6f4383e886d76397ef95d7eca78855653f3d5129f08cee49c748233c40fc804b5d00fcb21e09a17bca74f66e85fb4e0576031762e021d74dd099

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ff779bda09be41b2510c118574e011e2

SHA1
c6206d49e7c34b0358acf180cd15094b384a6b30

SHA256
c28face7b3b654d484226c7fb68989067fe747cd2d87a9b52a2a5790e5259b15

SHA512
d1a95fef7a8c9ccd44be34d3944807ab3bbd13b8681d15325b573b8e61bbc2acf36208b2619a9b5bc1f996b37c5fa25480227fec94e6039cc759940ff88708d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8cd43f75b7104b3b8ece77c08c03042

SHA1
58755f491e58c229fed6b856b499384d7c5b27af

SHA256
767977e83f39c0f29a7700064b1251957919f3ed32263d8016ca24cd255e3945

SHA512
3065be428e7c57b4d5290385d5278f081624fc3915a7ac96aba34dbbc72dfb03b4fa092ccc2bfb81595ebe3b5134ddfd83ff5fb043ef8537b5070ae4b85cc06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583eba.TMP

Filesize
370B

MD5
0d4a6fd673bb7b869835b7618ff3aa42

SHA1
dfeb40627269a741a4c76f8e96c279917a03a92f

SHA256
540f4b362015d4cdcc5f2c957918b6d478e4b2d3464115bda8b880c5ebd10958

SHA512
b36a79af30f418a21c056a3e722fd5de487feca859c6de1b2f955701b8db68a767e4b6b51d6ec2c20a131c0e40eaac02bcc6dd8f9d65f9ae6eecefa029ef9779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\bdce6aa2-05da-4a3d-9892-159680f41e8e.tmp

Filesize
6KB

MD5
0df790f2aeba57f438d3c3e215c5b592

SHA1
2535a3e8be555a2ce2de1f0bdd61c6c63d35f310

SHA256
93967a911007892bca88939fa67dfadd214463126f45e60b4e9ba163dbf31ebd

SHA512
5a4c0e7ee3547f4d2af88ba7decb0776713a988419ed41c9531f47a5ebb003bf9bd8f3642b5a917cb654047da8c8ca1e4c318f8541ace15e776c24dfba9c570c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3347963baa16b770aaa366cf1b15165c

SHA1
98ef3e889bccc463947a4efdd9f520bfacd12f51

SHA256
327f09fa4841650c8e5a575fbb9bf946b00e9b9b5e1955bc3d8552e2c7a4f5e1

SHA512
6edbcb846f0c509808c5b6afce8ecead816ff769e6069693a4015cff826e1e39baa46e4b9bd08a032948d071fac6df39774dfabd03b4730b22cff1ad4c4ecfd2

Download Submit