hxxps://www[.]google[.]com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI

Analysis

max time kernel
80s
max time network
82s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29/05/2024, 18:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3107365284-1576850094-161165143-1000\{AE245237-40CE-4A3F-8BFD-A29AACE4BA43}	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
2748	msedge.exe
2748	msedge.exe
2000	msedge.exe
2000	msedge.exe
1568	identity_helper.exe
1568	identity_helper.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe
2748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 3784	2748	msedge.exe	80
PID 2748 wrote to memory of 3784	2748	msedge.exe	80
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 4924	2748	msedge.exe	81
PID 2748 wrote to memory of 3740	2748	msedge.exe	82
PID 2748 wrote to memory of 3740	2748	msedge.exe	82
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83
PID 2748 wrote to memory of 4504	2748	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=google&oq=google&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIGCAEQRRg5MgYIAhBFGDkyBggDEEUYOTIGCAQQRRhBMgYI
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9a6693cb8,0x7ff9a6693cc8,0x7ff9a6693cd8
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5044 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5076 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6764 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,3050033296748263135,18443950935676367859,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:1
  2⤵
  PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000046

Filesize
19KB

MD5
69ef77257c7fa3a494a232f90b05d55c

SHA1
19dc83dc05f718e9693de231d48bf0307d8d29a2

SHA256
d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421

SHA512
1b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
19KB

MD5
d546a874d6488dc7b2abd0843b4d02b2

SHA1
abc38412c078bb9ab9ff9757aeefa67a19ff2501

SHA256
c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e

SHA512
13c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dfb9a5220ce0d6884935bd19ad007812

SHA1
3012026f742e6f78efaca89adfecef61db3a65c3

SHA256
16d1d0f290a27e93621820ebb93ead7a99a9bb162edacaf0aa7ea2837f0b197e

SHA512
7c05fcd7ecc48ed25af692184e206db6197ad552f743a3c5f30df5c73c3f173a1a8911a6d5e40c29362f8072dd912357190f578b90767469fa897e695b3816d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
95eb937c16c75ef7e2d300d8b076e811

SHA1
99ed63c3cba1929767f481090b2bab95bca8ec15

SHA256
8d5013fc6a575cbde2a877e39abf1b7cea0ee403007ee113d3d5b18bf563cb44

SHA512
d26d2ad37f92450480fecda4d13487501a7cb2471a24443fd66ba2497b538c8f33e8c553bc199edaf6442655bc2cc06cb4b48f7303934093dce07d3fa8b1af92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8ff06ab8fda5b83d7d6f78e3ca9fed00

SHA1
63af7e9a968026c84c11a44a5fea73b0167d3318

SHA256
9a70eced13613b19c6ceef729e059baba389cfcbdcc53125483dc40fd456576d

SHA512
73946588a2d25d40f9bcdaef63807d5f6a46afe95b398022c67d6eb81eb31c49788edf2d6434b1d876a71930e0a28baf981ecb747f1a4da7adfc01a7e5091fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2ed7b414c6bd9e106958f8c767d5b40

SHA1
0039aeb772cd3a6fb9760a45f1a845ed4a64a0b0

SHA256
f8cf4a247d9826580b1db44d3554f96a24ceb63bd3d482ed1152b96713e09a0b

SHA512
982b4e7bc6bd84f35188c4e8c5964ec771cf42346021e754f585d498f3592ac33f986204051860745226168992f8967c2ee69542f9cad34b5fa97d23862cb4d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
96f8f46388257a7089dc7e0a7f81775b

SHA1
8f16e94b8734700471732d40bca673d586cb5a00

SHA256
6ec7405ca0f8884f4ff9acc0dfd15cc23805c8b4c7aec66319c3c2559330f824

SHA512
df345d0a18b97e8dcd845e3b3d09ba8dee92c60e06ce774728ec753c96e4f9cf1d6f243316d197eea5213721a6466134416eed02c199063bb7b8616602c0210c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f759fe2fe257af4c8000e80d53305e45

SHA1
e99db6079b276f2bb6b42d5e559c30f3f162f123

SHA256
18d218a5e708302a8695b37c3c0a764614b6563c415b9395a1fd7b0e065d19aa

SHA512
2cbc84cbd212cb99d0e9c391abec2e81e244e734b84f535f28525988482df546876633273c5d487a9b386e2415dc0d5323fba77bff363a01191bbfe166a9fb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
207419ce7a94d2f83d7589fbcca7e4bc

SHA1
76715b99a4773a48962d263c13f2ef9ff6fc3d91

SHA256
14c3720cbaa2a0898bb23ab669a4b85f3b34c205de2b5584633466d330db1e30

SHA512
e545fbfea438cfc2336084e363ec539576a8b15f46cff89f7fdba94c7e7ff755e9abba0b201a10f0ebbe2a2a81d98cf61ed08dc1bcc9b54a5c4fbef890792de8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ce00b55f5a3b886b72317953c74e057

SHA1
dbe17946e7250bfaa0e8920ca169da4c7c612ea2

SHA256
42c7d914ad66c8c96ab8c05e6190a478cdb9995fec12c9e552baff8ea2da7219

SHA512
9ae7b6e140259c6450cd3dfca7847adcf4267c56272b4739409b3693d33b6d56612f88d28ee049dcaf19b6838ccc74444ad7ae6572bc1d973cff43f50f183687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d55c344cea57b564ca461380b4a455da

SHA1
91cc314e3a42a5805d14f398a3e4a042eb01d92c

SHA256
78897d358cc7a6bfbb0e3d161deeb08340e781d260b7da7a88dd2f70c4100102

SHA512
10f7635f349c874d977f9324d7afd07ce1f1a9c42c07d3c2e0997870879543a11e9d3c986ae39e3012effb8900e315f6e62a9e15a8f28acb408a5caf55c2207c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
daabf3c52066df83bbd1af81cb122ed5

SHA1
d0520c503d68d3eac07eee1036c78c54f592ab3b

SHA256
1f327b671d9571acf0001ed06c93a25e2fa72a2a04e7ff3ba893b59b6bcdc471

SHA512
19b028c8076535ae3a6228c85ce80e4be44a7ad2488b3278c8db27935589fa5375493792881281606be4927118486fdc4374a8a674694c68df2cbf987e7dcd90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582b80.TMP

Filesize
48B

MD5
9b07cdd7c55e27c88492843ca4b763c9

SHA1
34f301f73c63caa7e47f128c4f4cbb0eaa4790d7

SHA256
3f97c17f573944b55c3b0a735c2d8fe84c5e7ed8ab1aeaaa404344db614be5ac

SHA512
dd410f989895d69b626a0347971b8d2fb604ac923d22aa947b918f0d46b449f16d841e0ae001c05f5058be0a56465bc9b2411d3135ac4fd2457d6b0cada8a2aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
548b81be3001c18d61e833fe42f244c3

SHA1
e8c5af03c25be81c5cb881295a4cbe1a681fe688

SHA256
8582387f3048fdb02d01355320c4015a3998d95a48dc250919e9c4f7a1064f10

SHA512
686d05ae42d945599af90c388b2aa865b98e93b5b773ceb495f07fd770ac1d7a53d4d08bff373a19275a22d05e95969b7671ff51896fa592ba18d9526e31b058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ef7c49a5bbdbe870eced484ac95c448d

SHA1
cadab3d05acbbdf902991a4d83917ae7b3dad86a

SHA256
82fa478161b74cdd3fc8ad98372f5dfa85020e2beaf760eda7ae59538aa3d60e

SHA512
72970cd9bec2d38a3d211b5e3755bfa4ced0ca56544b3d7c55dc7c2ca2a47e2124fc8056f7d8a88bcb7437c3b61ce10f0ec2e29deaf38d1570defbd2f53bd84b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d1a2913ca6c2bf8869156986a1abcf7d

SHA1
17d73e5fbd3f683c1cc31ed138eba2dbf6fcbf1d

SHA256
8ba303c8a1d0ff32e089962c106d8dfdabc997850c6420e6253e3d19398862d0

SHA512
c349407c8acf2632eeb0a109c610e2ec29fba279a7f80cc8c9738ada651d892542d82a817936d9b3086d56d6e9716a2e34ce498e1f2a7be64001df2de6ac4fd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57deb7.TMP

Filesize
204B

MD5
0610bf80731956da72d2c506c515878b

SHA1
c69c328ff73d6490261e3c433d5f04aa02c4da12

SHA256
f27dc3aac8dbffa2cfb924464595db3706ebbb859cbe27781b40d2032e4070dc

SHA512
3efc1847e44dae6279c40dcbefd32e3501b42a22313839fc784456cc7f8b6d0c7231128dfe471514dfb8ac6b21fddda126297816db4aae6c8dac8d9dd0523776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
39208c8154bc481511536e569046567a

SHA1
c7516033133079412bf2dacef7305002be7926b1

SHA256
f16495f50051b1c0cb9428b9d9b489789ba4c6d25d907caaed1dafc54c4ed91a

SHA512
cf2c21b2eb75331ab0c7cda4ac03fa6e5d1a6ddf4554fa7d32c0503adaf1c42f085d30a6119e2d7d28f63d333234f722583767d6fc521e67e96836cc5e708639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
553199e6ba5729f433ed61076de7d072

SHA1
3cc2a66db08c2011d2598d82bbcdd8d1c130dc4f

SHA256
632fbb23a8fc88280e352d5adfbef7fb66ffb0e2185f019a0d751325b5a6689a

SHA512
778bafaa9823d95817372925888a11fdee82439df2ae738685ff7c59f3da9290b35eb9a9ab9067c1f2b6d967942121cf34ef2629938840ef7de682febc614496

Download Submit