hxxp://h | Triage

Analysis

max time kernel
2640s
max time network
2692s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21-07-2024 02:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://h

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 20895.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
4700	msedge.exe
4700	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe
4700	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 4612	4700	msedge.exe	84
PID 4700 wrote to memory of 4612	4700	msedge.exe	84
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 1168	4700	msedge.exe	85
PID 4700 wrote to memory of 2732	4700	msedge.exe	86
PID 4700 wrote to memory of 2732	4700	msedge.exe	86
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87
PID 4700 wrote to memory of 4728	4700	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://h
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff93ab46f8,0x7fff93ab4708,0x7fff93ab4718
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1732 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1376 /prefetch:1
  2⤵
  PID:996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,1857636752565745685,12934637504349617455,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0685ef43a714f93eacb7ebddaeee7c9e

SHA1
e9f081cbbb8c4abe82eff9ead71cd60ee80e8ba0

SHA256
663049053a538eb0fe26e2ad1c4965cb7a5d66abfab7b64f9fbdd6d069ea5527

SHA512
dcd6317553f6ddd29e399d8c39d023a1c27b93e0c4fab37dd0aab95a6471674f6d8a3268f188b80e32dbb8d32672a658aa6f223db7b8d2a6b45ba99eb2c3ea9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e7141c9a333ae602140ef5a5fb815f9f

SHA1
83eef0837617de0ebb4b7087297e2b89e11cd9ac

SHA256
769032738aed6c060f9adae2979af705f20f81280e40677ab9c0bd4c2eb55a71

SHA512
14a92a9303ea151bb9bb9c9847fa114c018671c8957e53fed157ed3eb77debe7a5f8a53c65bcc42cdf8611b00c9ff7a05db326199e15641256c341bb809b24c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
5dd63f665c10ed2a8f2e49c8291015ac

SHA1
c7597267463d0e9eb9857daa33eeb0d49b8f29e8

SHA256
6e652367ca996721a86559c3e8d76a2a235d9cb4b3ea6002e63e22c408321777

SHA512
3b734cd8146105d1e5585d7689356fd9a835e5380ef2f458dd9e23d97e03a7ec8152e88049749a17b89b65450c5f438cb825854de8a657756ce8f72473588d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
625B

MD5
3883cf3f923027dcf47aa80888f5be00

SHA1
196d0af461693a4b8eb39f7baa6c6b6d9ec054a5

SHA256
f846b133912a844b0972df4d6dddfdba696f969d9538a5d9563f6407d769f895

SHA512
7ce71ed73a848678797ceff4de8889a60f47eca2da9d6e5b8f77b1ef6363d357df88ac3cc94e24ab84c869e3767b47023437a07f9ebc4f28500dd7f8b7303aa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5341c11cd3914e8f090ff5fc662634d2

SHA1
8915cac8f65b530bf22e3e08a90996beeb384fbc

SHA256
baf2ad9cb57f0c94632b55cd850829ae33a280bcb774dd4edc6e4c13f8471110

SHA512
67ac64bcaaf8256d076c49d7ec6c2dab33b8230888c44c20dc4623f09e748e14c723338b3e8473da402aa5640357f28e49c9487912906b6f56b530251486efda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ab44f81a908c61187f759c4dfc3e0213

SHA1
dfe0cc82463f948edc073ce70e4106d8ae33d364

SHA256
513784332fdde46de02c801fc4b0f449268e2412f9b54efd51fab620f84af19a

SHA512
5026fbc37634610123b42bac251aa728189ed15c6f6cdd854db79c6dec8db97be01e32b4f9d72fe603325257060911c71e5b40437ddbdb38f61163d83faff1e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8dcb02ceac3aae2eff64372b6dd0227a

SHA1
35682a4f496b1d2ba8293464a0421ac85e756937

SHA256
948f98782cf782c93a2f5e98768b08dd12968d240831ac6e781174b81c3d54da

SHA512
740c0dda082b8a9806e780de78c91579e787903b812f51156a4ae1aecaf9820b8fc8ce11a71fea9a8af75b50cb4644e90feb3ca6cdaee630337896791dc52a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0f8384451e98cbe1f4e2fd71c4187fcf

SHA1
7c145e0c3201425d2a530761bf098ee9547936df

SHA256
2d048e79796c23e53dd41a0ca0b3f2788a5bb13b00f854fabbb3dadc3c65223a

SHA512
e76469d4f4131c288dc5a22c1acb5fcaaa1a8d8027725687d5409f049ac317db610f92d43a641392592b48cba58bf5c30e836dcaa3cf308d116615781de4e7c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bd3d13f0da5441b2177751c56a863481

SHA1
e951471d56542873a4cb8097dea03d3528e59594

SHA256
ad60c5cbd2d9ebb1853041b01701abd76f11bbfff29099e93a708924b15e67a5

SHA512
ecf8cd23abe7fcf8874197692cf1f4ff73d8100ec16ed983649cd61376dac37bbe0d19095e38babc3a75e9e737c88ce08fcb4592c4c4202aacc72db23affab4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e27a996a8eaade18bfdd9dbacc51c97c

SHA1
fbb95f2f2c3d279c36902e4b43c30c216d5dba54

SHA256
a5aa2f542780035f9bdcb641df711a2c4c44fd17b3cb89c0da7ddcec6e382625

SHA512
fdcce39f2cb81a2adb9514d908007aaf8cb9bdc23485cc0060ec3d2f0b6307922dab7dcee2c2fbc7ac0ef304910a8947ef88f01f2c963e8db43ac38847d55089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c604ab9058cf504f5313237c8bca656a

SHA1
5f01eef9693c7aeb70dc277203ab945fc087eba9

SHA256
829db8ebc499aa6a6b2dd37c512c8ad60a80788912477a892bc1d2ba5b9800a9

SHA512
91450967540abf322fdf543d141a538c425a4f10e7f58ff7e3eebbf86401d46cc720c16a5b824a906a9808119e0de021c558819ac79d92dbd80e5c98450b8814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
aea9b9a05e424ec718360d8bc57e1638

SHA1
a77775ba33ea62497e5f5077317cbe7ce7cbf65f

SHA256
c2b044748469bc3067b2d2041ac5425bf38d140e334e550d39fc5c4beb8a2f73

SHA512
c8b29848b6e30561a1a488c21464ba351cdf3accae566fd3acab3d0f86e788f7c90288d767080b4e01d9c508f79c69a0768ce98bf75a6f1ef791a7ffeb3d049d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
201B

MD5
5db6748939a4a8354cf01b05f548003d

SHA1
7fab69000aa5de3dd1774f0821040510beee7120

SHA256
597dd671bf33c61629046f3de94d0246f408c90b6365c3b3b5b6474934556fde

SHA512
da16dcf7cedd84a76bf1b5a3331b95d7c47436d5364aaa6df3278e3c333e155ab0cef8bab7da77f2e5307d26f3dd28ebaa94a75d269aaad48139a646234474e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
704B

MD5
10deca8f785948208bdaae7204c23287

SHA1
0693d4cd74ddf6545fc3e7f5d169f6f232f1314a

SHA256
4a59d89a05f1ad456b19dd79476d95e150e2a97c91400fda453ef5960300a54b

SHA512
75e1d38e2f6e559dabae3b16ff09f1ddf47997216737efde2bc9c2a09a688cf9653ab4850f85d53c5751cf5ad31f913d6d506a1cce2b7d36c22e717b5c319ec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
3f7bdb38a5eb8a96f271da412eef33f0

SHA1
71df04ed30130563c77bca6bf91d98042282c4ef

SHA256
c6830bb9fb26356d5a396b2cc2ca2f4d6fc673b45289532f25e787ba3aab0f12

SHA512
472ecf3539542ce981f04c7d3a10406aa10d9693350502c1c652492aa8d67f28a3f915d204a443ad2cbef41ed959c75f586b0cb9684ae92f29f84646da6aa85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe6cd4bf.TMP

Filesize
203B

MD5
b0ed480c8e00932096f0a4d241c26bb2

SHA1
dc8797cbc4dd720ce813e4e4968cd6a531d4538d

SHA256
8149e64dbed933ea33b62ebdc5817c6443c6632db99a3a43be98a41f434640a6

SHA512
791073fa62c9fee7f92ef49c32c911849c28c2e8d66c27774fb7ded5aa501a8d345e8c8a0f45bcee565bb09d9f246891bbff4195ae82356ef9745b2dbed37bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
af0f5c82aa4f5f405a95a6d482111781

SHA1
05432b379cdbeaace683d83b59a98b14073dfa0a

SHA256
477ccd165cd5f1a911a8b09f998db9d5f64148f5ce3acb5f5befe36fdba7f76a

SHA512
4d9593379b37c5a83c47f60b1c0e19cdd9010b455a007121e6ee2e1e788fd431897810f447e66572e4f10127203ca432377d5dba4df986b8a69b77cfe0cee022

Download Submit