hxxps://doxbin[.]com/upload/freakkarma

Analysis

max time kernel
720s
max time network
726s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
07/08/2024, 22:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://doxbin.com/upload/freakkarma

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{DAEC34E1-6516-4E8B-A653-BE2D8A0B671F}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1728	msedge.exe
1728	msedge.exe
4476	msedge.exe
4476	msedge.exe
4660	msedge.exe
4660	msedge.exe
612	identity_helper.exe
612	identity_helper.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe
2400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 3492	4476	msedge.exe	83
PID 4476 wrote to memory of 3492	4476	msedge.exe	83
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 3532	4476	msedge.exe	84
PID 4476 wrote to memory of 1728	4476	msedge.exe	85
PID 4476 wrote to memory of 1728	4476	msedge.exe	85
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86
PID 4476 wrote to memory of 1540	4476	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doxbin.com/upload/freakkarma
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe667e46f8,0x7ffe667e4708,0x7ffe667e4718
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4120 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7068 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3044 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2008,14724170185592696957,502158597555614023,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1604

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
d0b96fc06cd2aa75425924787a407f49

SHA1
11753593f83118832feb4c47c06079952b234904

SHA256
ce76f5de10f179aa2ba40018cb3d4eb72b6948396f9a37bf86b3fa4c7681fe78

SHA512
146346525ca7447cff3555a965b73b6cb474d8563b77625bd83ce66d7d198dac092561dba55957c46a161c3db2d6a56458d69f55e031e7a68760e2bae338d823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
111e1d84f8a885b15683d87a0a429909

SHA1
598cb4b01b76c14c6293373788df4cc49249574e

SHA256
97641b2006ac5d1ba81ab0b96a1a13447aa9ac8aa47595ef2c24e278522b870a

SHA512
d6dbbc44aef4044dbf16c6d5ed4818d2624cea24f0e4d2ca8cedaa57fd4d161bd978d79f39b9f9fb8169e3e0db9a7af0320bbe4a91b9b1bf2ac23d9a1ee71812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
3ef60a5b12df0d827eccf83753ca189a

SHA1
786548c75ab33d747fa55fa5b733256233fa0f3c

SHA256
58a6f21668501f1acd12a173d3ce7b81a758449033b7394a133deea5e1f1fb24

SHA512
e22c709ea2d20d254728051aa2fe1ab7926930484874bab1f692230642ee33b8527cb531352ff2b223c9220f66b928278f54c7e304b4fa4628f4c6d3780de1f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d87cce1c55bab2bc1bfe9c4824f9cc55

SHA1
688723e0c490e912fa190c976ae00359a7676ebe

SHA256
a4d94be31c1ece66dca8395297e2d74c14082522629d82d0a47adfbf243e63bf

SHA512
8972a6796c3d025efed9c094e1b64b4782d1cd7d123fdb8686de6cf09cf48c93d8c3b9f4f8597c771c405833e49e75131d8a27a717a2f8dbd639116b5b2425ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8bdf8c45e7a3983f60c0e0dcd6695ebd

SHA1
2b185c1fe1f4d2b20f8ff2b25348d49b0eaaa42f

SHA256
084d91c3f6bad169f27343ac4f5e96b3264b1d048cab252d7dca21a32ff45516

SHA512
c8579ab0e94786ee607e82817de86422cf88cdc782c8db8540d4f766864eee539aa0dcb21c29b56610f4ad4807b98e7e1dc02f02001b641a13d5fb90f2ea97d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
869B

MD5
966523bb96d564ae623633173334fe48

SHA1
74c562cd37e7fe839cbf7a5b5bae02630ef53bb7

SHA256
25cceace47aa621c457e6130ad92e20f8cfb87fa3835a2d039927c3216e2513a

SHA512
a12463d083ce51fb2ee4ea9bd74a957b71b6e078db1c07cf7415538d0ca3180999c29319fd1485ab1f4eab8c817d255a4fba3c88566c6ec281ab1fd9b1fa5b8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
bbda55e7e153db20b4690f4e32d8b7be

SHA1
571a8f654aff3d8ad398ea3cab4a5ee090e682d1

SHA256
3ec99a366a63fd3d0748853c8163d8af96c35c61c307bbd45b794d90b8aad31a

SHA512
4c783068bab43335166a84a9d99c1cfb33be2dec95a39aae56e653b7807e449bcb25272ea3fdd3545c21efd6afd1abe8a42133b8d56ab04de0ad5e6774856b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
84ef8f375a4c857171bed5c57d5ab15d

SHA1
2b93aa2369308d1dc0d87cf98897a8430bda35de

SHA256
3fa570300530ce018291c7d1f7e93c8fe46085b014381fa7dbc0883b8c4e4dd9

SHA512
1da474c2dafaa5a13a22ea7809bad6c001147753a760a563f4b7d892f5d30a817604ee7003c7f5d6837697abeef9c26cbec80f60a868154f97f96e0a120d7dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b006bf6b2e1a68aef07de3049b6c40e

SHA1
0a8e2d79a5e05ff2f1baf4fa15541c4cf592b5e1

SHA256
24791eae59f079877e721d511b57058d79b1d055eaebb7454629a4aeb3e64020

SHA512
d5768b7600cc3a2e2779d7bc44c721ad3bc8988429cd88402189e373e85f8bb76d483a742bd366bf6790c56d6db623ed5e96957b3fb0f221fb93a684ea400846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
849312f93717de1bfe7f355298aded37

SHA1
2c90f0deb6f4ce59a2bc1d49cb5a878fdbf81daa

SHA256
f2a438a362b5cdd2c3db30ba8cf4a71d4863f6bf085f9114a1aeb2c92105a7db

SHA512
a3cd4079593a785db9ec38ed4e9fd676488fb14952e425f4d2026b6b1e58785aae1815b54503b7bfb6daeed1ec3415e63f11b5a1e6f5154f8c85733c7d8bba91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68581b75135481ffc91282105387c5b7

SHA1
a05c46b82532b309c976604ab0f688fcea3ae899

SHA256
2338a96b66ed865999dee06144cf931dbf1c464eed5766e88505d5566d88f4c5

SHA512
2157348b84c76f1c3e6a149fc50d436fb360a20938091733183b13b794f9b23922ae265bb4ca61e27547672d717f714f1ea1e81cb08d190b64874e616d0eb48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7a4959b6d8848e265616a31537984c9

SHA1
a202511256e044c058bd17ed1b3536472eb4ef0e

SHA256
1ca6c2a0fe7cbf2598941292e5d452ec3cdae39609e1d3bd5692062e1a6bb857

SHA512
1d8ab747fe7a538b13d57a46c10c19bb9d0e32aa66ca2f6f3fb3e487a657848dfd4aaed6165a31f062e47578af7b87dde3eebae3950153aaeac5570427960846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
201bedb00b2cf5fcdb375ad612fcace9

SHA1
6ef567e314ebe4473d39117e91c471091aacc983

SHA256
88b75fe85a9c7450ad260c257a0dfa573820c7e32d4123cba405e344b8e65519

SHA512
c0bc245986d0c59c9834c0b9be80c49ae1d26689e28263dbf77ed82f6c9e08f334d501a45d01b30f03b03e61f2ce4ca540da1f98231963dc9f17b9bcff7b450e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
beb705cddf2709bade8c16dcdbdc0ec5

SHA1
9f4710dc97b247dae1749b74c90b592401947a38

SHA256
93c3d955956cd3cd567e6aa01ed814240a87272bc90b93dfddb8479711491636

SHA512
e883bc537c927cf4b47deab79a90e77e363608dd47c5a4fbd5e5752eeffd92236b3b77d6c585c3d9d20b2ef6b141e3e3e5f0598a59c119bb9765da5f3a4d7a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c05bdb3e81e2ef6d1352155bf5cc99de

SHA1
7c1119bd87ab6820685870613f9acb6aeb289762

SHA256
f2aab8a1dd877ffd6e80590e1fb1274cade890677eadd2167b766d32f010453f

SHA512
50155d6f509f61aa31ed297e168811c32b4fc5b9a7ba98ce12d1391a4d0f9d2fabc1837fecf3bcccc85d638677dee10460cef7f217442e2fcf8654b4b88ef238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0a2eec8d2285167418c4d3a9db9e137e

SHA1
6e7b849e986f1bc7bfc0e59f61b406c2311c14c9

SHA256
e60aa68b4205243b6dfe760b661c070bc4f5fa9e37a2d1c79e44a09ea14721c4

SHA512
c2e7bb74d62223bd8e03c46ba81345da3464815feceb86266bceb592802c11580544b145de76d8df6518e5eb4051f08ef95b7926fd7263d5323a165a6491c0f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
12777c48ca63614ab83437976f95498b

SHA1
3caa0a8b32728f39d50f9db4609bf5fa56f283db

SHA256
46882279b59e74726f9ff4375f1c3cb9699226e22fac96f336aba2fb5206376b

SHA512
26c5c1a791b669fa021defcc08da7942845d805922affdb2e6e6d6495c37e110765f25b8e657fba934b9c8b669c88d2f133a3b1732b60e6187cdec1b60a52516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
50d1380a32011f6a0fc717edb26489ef

SHA1
ca93d9647014ac68b3ce356d3afd23f5bdd84b6b

SHA256
c6ca48e20a998b0b5c4a310bbb5a2ec936d872b0a95360591679586bdfb8c0d0

SHA512
a973b27d493ad61895c87930a6eeadbda3530ac251e8cc060ad4cf92319ee9ce9d38165b36a75c48ee5ace6d1083588787f464c08d3f0eb90b2e32f5099eb2f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
28c56ac1c68fd586e7f7aa8da6d69a3c

SHA1
2de73951c6bf4a693cd4012bb9d00dabba3e5636

SHA256
aaa70887bdea741807734f9e85843140acc7012b1ad9c5a564fa2a6e8bc872be

SHA512
18b963a7f07a08496558631bda7449659ab95db1e08d367281c35998760c3c9f160b5833828ead4ee9263c886991ad220273f7cf725996b83580ec128e82b221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5830cf.TMP

Filesize
872B

MD5
b3bc1ba92e1edcd1da2c046072e9663b

SHA1
6b1e61289acc7fb26e18b7403d7eeda05dce4031

SHA256
c4ad8414287c916e01ed009b4adb4289402dee0f719ed0ba8a686d3381ab692f

SHA512
9c8a4a131be79172b0bb2b41727433bb33328be7e48a3b4a86dfc3d4ccbe6f7ab6a1f25b3cb3eaf63c5170b6bde079e5e594956433dda2768809fc62914e1707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b4118272-5570-4639-b6de-9dba45fb1c93.tmp

Filesize
6KB

MD5
0cc34d883e79ea5c8a6993d8780f5113

SHA1
9070b84ead0a9fbec99f700a4a7c476da2c9f300

SHA256
15ad24b4e5970a217637600282abafe6050f662825d49b378de8f8f883911914

SHA512
a2f7891116d68b9fddf6fb24377daa84c178dd3b8d0703273fae5c1a9d4abf31fa8860e92eafae0c7a3ca25d6ad80f4b1ad41c769952c040b20880c06a781849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a7a141fe49827c97da504a4e0b26b4b5

SHA1
11332759da1df8b1c3d5ac8c3e84236c4bcc3629

SHA256
ad69404c195041f1d20ae16754438a6875daee4b07d27e885d840d5d1d17bcb6

SHA512
fadc8e73ff49518b076130835f97ff01586457868a31372e6161bde20b08b75e1a1d11fbf9f49e0463d4af5b49c10e81bf577384d46fbef530b305cf433836ca

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
83bea0cee55dee2ffaa76b8830f0bc30

SHA1
976b2bd8f043dc076adf3dc6c3737b581f028f9f

SHA256
113311f93e14343d2604212fe52ede0101f762fcd5efa9bb7047e394e8c0214f

SHA512
ab1ab4bf9d977ea01968104fd814a67dd48c27a836c2e298d960db2f567b0d15b62789544e75fceb69c08242a7adb76c9b68e5b166d1d17b37e952b3e03cb0c7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
590da7c0f5cac38d5ea8e4b04057a4dd

SHA1
d0b779b6e14b3d2db66c956e2fc5e519ddf3ceb1

SHA256
6a27bf38a8ff7c677dfa36b451f3b5e9fda2901ab3a36df8ca77238cc301668e

SHA512
372b85acf72ac7485bbe2c9ad27c478b4e960e7a5a0081b47fcbf16f3d5ff45a6e6ffe2c9a8597857629e466915b5242658c30eb2631ee2aedda5f17bb4dc499

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
938ca45d444e1c991d52f44f935bc723

SHA1
b13feb8d1ef3988c904a152d659a78e0a91d21d8

SHA256
55a00aa6ab9de202523d27b14a4402287e01053b687a7b5fbd3ec58a19825312

SHA512
2fe9ae3ef45a071806b40ceefe88ff1ca2d565e6969eff12af62e4105f6cf0ac07df41348943d26031458358a33bb17a04faa5a01103fad3a2fb46813baa8abd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
128c683b5753d52fa251fb985629c51f

SHA1
60d6d70f7b5aa089bd9e58c35424a3acb3dac989

SHA256
906a25e57f7c8482063f0fbbb7fae2508a291c0f72655e79200de2ad745a2280

SHA512
eecc7e2ce52ac4c439d0766b0537732d3b85c44b06357cff5abe9bfd01834d93048030e0872b97e004e5f106b2af15d42a557ec6065a0de97f09bf3d46998277

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
b86bacb75b20492e6fc1a7a84ee8a07e

SHA1
28df607ffd137fd40e827e6576ade1b1e4af71c8

SHA256
8f4ce5ac2e2dfbbce5382d5258b370d176e7b56a3e16c8dc248a0c9e64e8c389

SHA512
7de309cac64e9afbb089bc1eec0601d720f7b619a0eefa44412741d1b6cbfd86127821a9f71ac69d1d02b92b201a2ac70b92bba6c5a466647601ff024b223a8e

Download Submit