hxxps://cracked-games[.]org/

Analysis

max time kernel
87s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 00:13

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://cracked-games.org/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
60	msedge.exe
60	msedge.exe
3788	identity_helper.exe
3788	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 2420	60	msedge.exe	82
PID 60 wrote to memory of 2420	60	msedge.exe	82
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4756	60	msedge.exe	83
PID 60 wrote to memory of 4844	60	msedge.exe	84
PID 60 wrote to memory of 4844	60	msedge.exe	84
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85
PID 60 wrote to memory of 4564	60	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cracked-games.org/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe082146f8,0x7ffe08214708,0x7ffe08214718
  2⤵
  PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3700 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2648 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1744 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1748 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,13594935360762919250,16419090899401314857,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:1
  2⤵
  PID:4640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
56KB

MD5
7cd333832535adb03781869767b2ca12

SHA1
7b90f6ed0f6d82d1e04edf1815679209b5aa798e

SHA256
7a1247400ec74fa2f9f775175f421f8a481cf02698e78ae635e9f901b3c62557

SHA512
36b16171715198b511379439b6e8e60bd18552db699eaa7ee01f42b4d3f1180b6839039232d73baef81201d4aed226c051cc9f1b8bab0bb14bd484f98f8f70e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
27KB

MD5
8d327694df3ebcbf19980f6553fe85a4

SHA1
ebee1e2e1c18a7df8be0cae7981770823e4db97f

SHA256
476cdac0e6b6f629fe3ef9716991455b515d87dda1651c3be37df4f3d3bc9a36

SHA512
1fa16800389256b0a70a4f519fedcc658ece5971f07c363bcb77b7267b1e9c3991b7f74be16db6223ad3b442029e4014e46ea7c87719c25f795204d2967056cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
49KB

MD5
7450bc3c7420bc5c1de8a4b5ec2d0cef

SHA1
583a1dc7f6b2750c0749633ad589442c15676267

SHA256
eb210b6abc60e5bb93d2a62f6467a74e9c7ca917dbc43e64b9125c5f2af2224a

SHA512
b4cd6182d040e971a25bb64ddf32b817ddd80df0f18363c9ed373b246f571f421014cda6fd5fd468715a183bbb0ddf3a62a4ba3f78889489d2b3344d7bf596b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
156KB

MD5
8602bcb999ee9d1b60e6c26648838a15

SHA1
3548ba1ce95055b5c3f97d0d6fe894e60f0dbfbb

SHA256
cb1084d54744716368b9513e6760e51d81522ae2dcb288fcd2feb2196b9b0551

SHA512
6f963436fd31b4e8508c12a17eeaafafa0d3aac9c8ccdaf96eda76398d974d924c7c60c11c32713846e5b061fd1890eef1fc13cefc9321f94b2cfd6c1fcb821e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
89KB

MD5
1da7706e20a91110d94217e19e3b337f

SHA1
0602b3241b28e680098f1eefc9f808730eeb327a

SHA256
9b22894fea6728b302f0c2ac1c238073eb8ab453922a9920036d818388ea6ce6

SHA512
7e5affa7cf4f7d9114899bf63a2048de9eeac616a1a3d10cc0c843760fe59bf6d120be404bf95e07b3f1212ec7f36a55a401fc447d332109828e334cc0b3bed2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
46KB

MD5
fc626c7a0a701db51fe5b7e9fa204844

SHA1
74bff7b1f11f775c1c0b5d9286095412064fc884

SHA256
17a44cb6eaad5b639cf0ede8159ac549913a012014516fbd35c133734eb6268d

SHA512
e2ea80754f352f8ec9ffd70e035d759138396414764e52815cb3bd04f5d70831d1635c70ea7aa9bf79fe83d633deff2f8db526ceadece212bd065a686e28300c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004a

Filesize
33KB

MD5
a25f2bcadb5f2702787e555569ff47e7

SHA1
b8b47f01d6aa6053ef16491d78ca8bc60b3f87c7

SHA256
6680a2bac31cd8a62c49b079228ea5b09dc5b937dd025a359b05ab467a4116a3

SHA512
e9afb3e71d53b47d8803b9ac73e7502dd4255da8e4c3907fcef9b959394af90de418748d2344603490df1af02cdad8b6904dcc1fafd88c1e5150c7c1f3c9e5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000053

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000059

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
c3965ab5408b353341e637d61467de62

SHA1
d863df294509c2b533f54a325e07b76e4e62788b

SHA256
db40bccedb66a422141deaf999c0daebbd383c6afc1390c6e5a6cf13bbe10943

SHA512
c725a90b36a58593279797319d8d7482153f694dde1c0665f12fe8dfe75c633c12e98fcdbab1c57d31635a8521463ffe4b0623ae814b2571e812d111a2d8aa97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgePushStorageWithConnectTokenAndKey\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
841cec66731ce452f651c586d9e3411d

SHA1
ec80e4a7d9754c485bf3c5a9c3facfe5831e51b1

SHA256
7b9bd5d48b41811c2c85c981d646e663f264e759e0c211e65403eb0def3809df

SHA512
96675ddc839cc454ef731ada366706ca3f572b651563a78baed0a9cfd85b00831036464ecccc559678e55a77ff58e062162daadbd50a527ceae39d43e628fa3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cb7ee838284cdd2ab61753eee33c9d3

SHA1
a6f5b09eed145f4457e593f46c0111d271d55fee

SHA256
4be0b72272e42c1985ac0358e1ded3e129e7013e68ee1a7d44e56d37ab58c68f

SHA512
8fb9cb77f7893e2496d8ff3c7229c2a27761286c08eeb25878eaf5bfb9cb474ccbe04d11d3b95dcd224173a914bc28512e466369921a708d54421afba34626b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7d4d51f3b574a21634b5f6bc7387d3c4

SHA1
a34535707a7d09ff82c4cd8c2a13279e8ea9388f

SHA256
8aa01d7d3f994488ad7636ee04f51a1ce0287167054aa77e699171b1c62f3e95

SHA512
c1eda94afca050c3a3dc0cd97c59b8a9812b847c5a5421e3e83be3c126be7d985eeb3a2b3a9a691a274413e96e79d9b7361bff104c95b10e50e1870df3141a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6284e599b8ac249b019e49e1a4c5c3eb

SHA1
57b4bcf581370780b4061da2ff373118e50e8b75

SHA256
c640dfd30f557e89bb5d68741fcc25a3a2f78f1870dac3d4837182b74fdad2c8

SHA512
d44b12b0e6c4952e98fbf97e57e5300380c25911b3685a496280703a4700168430b24d1145b52a1dd5d6766eb589ed248e5c8d5da50a7faf9ccc26b92ce342a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a3c6cd307a15d27c3ed613495d55b3b

SHA1
61442b3a313bef02174ec80099813a7a321116a6

SHA256
7da68a0f4761d8d545fc8cc4eb38011c391e07024aaeb85a765b9bed0d8713e5

SHA512
79afb2859238776e3191da94277386b858036bd72f7f6e5aa99a3c60d4061f387de15b0448eae88e122e0030187adbb3ee4ea6bec915d82297c9de49358c6f91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b2d46bf866bf7c2a71ba6bf962d7ac41

SHA1
1f44a6defac69914624e1bc9e2c417733a04c3c7

SHA256
accabc83e832f6e36454af6c84c6fef7e0c6f6dd66619688d4f4e362e20e077d

SHA512
8348585611071b017a3b61439f7f2c175806ab76bc1228578e0088ae6334c50352a2c2128bd5a678bf6f140add229440b7329539de55273c5f2a2ca093c324c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
85fdcd09fc28d4a60523a97d97df7a16

SHA1
5d207b63bde585b62682442047e7ddfd5270f6d7

SHA256
415aa2c8d2aa8e6651559cb71cf702920f9a08dffee64059b874b9478a0dff8a

SHA512
32d9e74c66c1e55878d2bbb948018bca84beb34f4e14297fa438d58d76ece8029df559c8dfa4478606b0b81b57dcdb02e75736225c488c50ef469bac78b14604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
6f68a61c59fbf1a294f04c2bd7e774e1

SHA1
0d56018136804f4d9fead6c0afb9161454a3ac2b

SHA256
5ec0270b88ad3dc6ba7a1307f56eb4f6fde4d12318d94df8d0f27e0e5eeadaa3

SHA512
c962124252e8d82f5d917dc797fdd7fea03d461e96c4802fed820ba858c684fa38b8976a169a0a97af986ca903a4dbac664c00680b669ceab4e320bb2744e136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5849f5.TMP

Filesize
48B

MD5
02424cca7c30af38538da1fec6f1740b

SHA1
cb7c8d1679c5d44036261ade80605a0e0bcb5f8e

SHA256
e42cbf1f297ba541000f106c13f308add85ff534d549e9d468f2342ccbc832bc

SHA512
9e43e73b2e0fac4215fe3093a17ee933d44ece0e4b9bcd8b91aaae5f25c9b18866e31e91fe25f08cb3a63ad7323656deb297adda138a4f4ab78ae01d874dee58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c6ca540c6d0391088d641f6142b8202b

SHA1
f4e52904dd43b382f0be218c637f5aa5e2d304b0

SHA256
aac132babfa04d039b3bb277f33e5be3b8c8890e1d0f8b9762ae0e8a8cd02b2e

SHA512
6224a9420efb87e5a4db735edd88081ef76b3820db24ebe6267cb9b48e8f8d47a72d5784ab7de5384fea831381e27f18dbc6b04b551e6de5c1441739cfd1ff4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
484a34195316ef8c94ac2d1412938de2

SHA1
24cb177938c8d70166ba48257e715ef934a4a4a7

SHA256
d30fabe25271e6043f6a4daac3b6b1509385887953717ce70da7e4422c4e0b3e

SHA512
9c8a849a46522190e6fcf813a03084212fc59307d1e64686321d744cab77c7a3e6656639e812f76a9d496c0d0358013245ee5a938f6b90b1b54246a24027fbe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e8c7ac05f47d131bc58858f8d535bf58

SHA1
59ae18632a206008967c3f42886065da6f43fcd5

SHA256
5711b67adbed895c486dd57841ba02b05d3ef2c9daa8bd1279b73a66d96ead98

SHA512
20fd136f7af6df54589fdfb0d1edad234e2bdcaf85013551d5cb2bc04b6888fa1e4f63acabf439891b510d58b77c8c6e4a2993e1886c9cf94c754b2b40a21bb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57dbba.TMP

Filesize
1KB

MD5
be3aa693e7d370a38659291f17360ea7

SHA1
609c5771427dd704601f01a5b3494044ff35c507

SHA256
f5cbea46ce40deae05d659afc56cc293a7e5bcf694e6632a5f53841a3ec88535

SHA512
0a8941e671fe32ced79d5cda8a6bb00ef9fb087170848186429863e8105b4486fa0d680352ec3f3109b8cb42fac0403389e789ef6fd1f23e9b7dfe2bd776a836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3b758ab974399fbeabb6257913254939

SHA1
37c11efa62edb47631677c0e718a744083e60ad7

SHA256
9784dd03a5e5b2121cfa47ef692ee1b8255e41f45bf81c2bd6a269bba47a2eee

SHA512
5e3d2c00ccf7da8389455f0cc611402a38863e7fdc141d6b7e3b7c26d0239c3b384526f00d5ab9f1469561ecf62a4eebdaa62b67c9abd1e9e4ad1d56761d9771

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
3d5c0988b4d8e8c1c1bdb9668bb06c6a

SHA1
7a797630e42b3778f33522075375d94222b50ef7

SHA256
2ff6cedec9082fd6c3b2cec1367336f56981d40b1441c34cf777b9bb01845b36

SHA512
dd94fb95b52321374832fbec59f1c305c997f9d26d98a821cf4b02ba7e4752779b003748761828f75020bb103cae113e3b400095eba9af3176da8f178e0aa8df

Download Submit