hxxps://www[.]mediafire[.]com/file/lpvwoosgyfvh0w7/BootsStrapperV3[.]zip/file

Analysis

max time kernel
210s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10-08-2024 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/file/lpvwoosgyfvh0w7/BootsStrapperV3.zip/file

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2396	msedge.exe
2396	msedge.exe
720	msedge.exe
720	msedge.exe
3224	identity_helper.exe
3224	identity_helper.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 720 wrote to memory of 2916	720	msedge.exe	84
PID 720 wrote to memory of 2916	720	msedge.exe	84
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2624	720	msedge.exe	85
PID 720 wrote to memory of 2396	720	msedge.exe	86
PID 720 wrote to memory of 2396	720	msedge.exe	86
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87
PID 720 wrote to memory of 1760	720	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/file/lpvwoosgyfvh0w7/BootsStrapperV3.zip/file
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa198346f8,0x7ffa19834708,0x7ffa19834718
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
  2⤵
  PID:2900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7164 /prefetch:8
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7316 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:5508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,4305490528756190729,17109920651708995630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2704

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
20KB

MD5
631c4ff7d6e4024e5bdf8eb9fc2a2bcb

SHA1
c59d67b2bb027b438d05bd7c3ad9214393ef51c6

SHA256
27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82

SHA512
12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e71d96f0ed43b4df91dfbe50892022e9

SHA1
44fdf7ea47bb5f1ae553b2f6f549d0745ab69632

SHA256
4d9c15f5b007ae65f6de1e573f7f824513137e3908f9514c25dfa3c0a0edcc16

SHA512
3f2425aed6ec92dc8d5ebc3c435a4d46323741ab57857b5d86538a38643b67af6ac149d5b8ea99bed6bb8f74d656beda19f84dd98734c7623446da14667cbb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
578a356b427575091795ca846c6d15ee

SHA1
c91ca2654243c1c458be9e20f0e327518ae37b9c

SHA256
6c7b6eeaf46170f01d1018999f7d07e829ee2111741b0d906434ed0458f57919

SHA512
f8108aedb219df9b55966f06238d510a59124b7bc8bf0938bd17e0bc73da5d6e7ecfbf5c8042f3507a5ec5e2f0a0d3eca22126445ae4cdee65d7a65404eb0a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d5d742120e08dc7e587e5a97b5913f50

SHA1
e576511b437b65c3391bfde5e587c7787a66f5fc

SHA256
765b6f000c2cd079d5c714907eca3e132f040263aead8d3c15fee8281cfa8bc7

SHA512
ebe9acfae27d73c90e0d004bed7572ab0c78a1d1e58910f9c8fd9e5fbe26119bdfd9bf7cefb7ce93643bf05a94b1edbdeccdb8de1a0cecad1a86db4a4e9a50c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a91847b96ecb5bbcb5ed318e862bb0b3

SHA1
3af51ba4835f2f6b5538103433879f6f8bbce14f

SHA256
b8860872f28a002bcc662370db5c1b8bdecde73fb7976bed57725b85545121b5

SHA512
775ed83832c4cfafc9ad4fa281897f0e12645bbed3f28ed723e3d089dc61e32b7d448d7a2869c9679da6d1d07a85e0423ecb47926ec686fe0039ff8c54fa64e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
1651a57ac79be196f9ce7718fa2b3c2e

SHA1
02214e4300e3403ee82ac913440c730cb39930b9

SHA256
4599d9bd092c3ea46fee0892d3961c8a00be17a395f59eb0360130529bb6702f

SHA512
0da18e142f69baa31dbb7db0f4f6493a22a894bc516abd8e9e442b5d69776e882d85b5ae5d498b475f06a8d100d94d50fa7863c63ab9dd1fd0db081734987b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
10eb0779adafee289f16186c4426cf86

SHA1
cd69d103a2b3f719787a4c6527d10ff68bf644e5

SHA256
4f7ddec7f2269a44f071be33e80a7aa84ee2084d03f09254bb614f01e2098f0c

SHA512
945cac30eb6d0c69daef90fbbe0a9d5cefc460568de834f83748bc2284d46a418a9a1d78c2c32bb22d754ece4661a74d8f0ea63f97bcce117e7b2324cd048f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d69206d6e8b8a993e2d9faf9d39c60d4

SHA1
c26b04e6ae2463d8f696448766cfe30e5f4454ea

SHA256
d3b69fdff27587408d116e5a7065d78c2907f67acd785d7e2dcf7c8fe9488b88

SHA512
3009521129246fd0918bace094918b6bc33d4daac1c8736a2030bfb3cb2f20d7288b061ddee70b49343b27de3b81d16d965bc3adaf687c1438ca07ca9e21b0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a175e240327b875081718b92a39eb904

SHA1
700cdd4b584c6b761c3c50f81f8e218aa7fa8422

SHA256
903f09d75541130e7312d804ab70511c6ed91ceb12062f5fc114da8375f688cc

SHA512
9bf04e0e49bcb19aca4f56b85f2dd3254a2338a7198ca1b2ea2351e391bc18ff97e164d9d124ab82299b1a0bfaadcdcc0cec9eb7e258cbd85b124d7531d33d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
19351ed2aa717badcabb1f1cd5718d08

SHA1
9bc5b5888856a86f7dba541851adce49005ce609

SHA256
f1fa955fba46ec4b9f3b872cb3226503e43f370e4832f404768408df66d72f99

SHA512
4bb2c516a1aa43e81133fa77886972a8fdca7b8beb923ef1eb55bca55b401a53a664f4f1379c04fa8467cdb8561a8da1db8a44aae5628acde57b8cd897a9353a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
10a677e9d956c4b6f0e8241f410771a4

SHA1
a639fbb4122dab2968fe43aa9b667e1c396f4b5a

SHA256
c595675b60aab666f9b8aa9c0f14b9b5632e8941b4e7bbf122cba56515a70e36

SHA512
f2f8ab4ac9c9a577eeb4b4805afb40116964421ac9ef6f934e93a7e998a6ae436a1381b31df6849a844d75cc0956e5c996f88dcbbb089ecd739d6a80c700fc05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
0c4961eea5d4a2934c27d7b4def056ae

SHA1
911499c1003a2b097990879875240d068d234eef

SHA256
2535e47b4db5724c7c466153317ae72a6a8be8e95fea5a2a4c4c081edb950f3f

SHA512
8772ea54c700e88e5fe82c7da9dcda2cf9dff9dffc04d7c35afd978181ddb5a75ee9f31887632def5cf8e8ea8d9fcc576ee54843b54ec7d58424f3c7fc7d9f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe592ce2.TMP

Filesize
538B

MD5
76e62bae3cb8bb701d398cac874232ae

SHA1
a4727e2c7c89b88b324de96a006174b9fabddc77

SHA256
e3007c6859edc61b9ac39b6f13d765943319d201531507cc81fec376f0a5dbb4

SHA512
11570f9af6125b1e53bb5eb59b960b6547e45f554d5ba1ef2e39ea266eaadb0ad056accd84c4d99390eeec34fcd2fc9f878a42e191c57cf1b2b21b6f232f9d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50b28cb88e6a8bdb593796b6998f7444

SHA1
76ff22f03d244a8f3dce4e6efd5bf30ebc0cad2a

SHA256
6127c6ce38c9dd084e9c87d770b10f63de59a92d580b53795384202b083545d5

SHA512
5231ec318bfd25914b25c6751f337ec67c870d3a004ce12c7a18d32992fa6bf539dbe02d7c952c051f6d77ac61f987395e365ed04fc91dde4d885c352513c433

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
27fa382fe73fbf353195ca55858a49c5

SHA1
60a5aab6aeb5a4268b7958b65f14ddbf3569d67c

SHA256
5600c31e04dcd182e1a3994801c50a0bf996b4e90446de95b10e31d54211f730

SHA512
20511e31ab37f9ce4d49977dc1e3f4dfc4d9533f6f1605148a67e94df7cac5e2f7d497ee606b02d4bdf17c055d9f150e5cb8fe304f08f5fee43f05c5897ba225

Download Submit