hxxps://codex[.]lol/android

Analysis

max time kernel
319s
max time network
323s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
12/08/2024, 09:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://codex.lol/android

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
5820	msedge.exe
5820	msedge.exe
3192	msedge.exe
3192	msedge.exe
2812	msedge.exe
2812	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe
4180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 2528	3192	msedge.exe	81
PID 3192 wrote to memory of 2528	3192	msedge.exe	81
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5320	3192	msedge.exe	82
PID 3192 wrote to memory of 5820	3192	msedge.exe	83
PID 3192 wrote to memory of 5820	3192	msedge.exe	83
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84
PID 3192 wrote to memory of 2596	3192	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://codex.lol/android
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffda48f3cb8,0x7ffda48f3cc8,0x7ffda48f3cd8
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1844 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6364 /prefetch:8
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6564 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7272 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,16361555848292578335,4613978582421965267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:6056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004CC
1⤵
PID:1860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
20KB

MD5
af076fce47d859d009c16f2192bc94b3

SHA1
2f56c334cd6338b69a0f39c3edd6ea0a5b21bbd8

SHA256
d36457358687310d026665a3aca628637697a703adde698287a3ea25ed49497e

SHA512
d89b829f8292c2ce770b54c86eeeacb0f59e251134c17fba214649b132a10b99adf120b45b6c3c939b1846ada1626b683cabcd6313748c6fe62e1e72086f1a2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
60f5f3dea908c6682b348bf1fa566131

SHA1
9ad7e2d399e116f3c802d1d4512ba3b2c2032a56

SHA256
3fc2bddb8390a3cd1b361474c325cded76ff286a0a806a32356776d9cf32d35b

SHA512
f550bd07ded8dfef0ecd84c9e657aed02789f8d3a48ae428f376b8bf706c6258de57a2e4956a26489b6866b0df09651208d9e171a680993850a4133d1b579b1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
47564efa54d1614bf87084db0e218de6

SHA1
4017de5201cdc770a290cb5cd8202d79b94e51dd

SHA256
6f0ca219ab17d312ad8fdf738159a43fbbfb34ce359a7eb44c43822d0cde3cad

SHA512
e8436dc1498a8398931235479e3dc95439ac7398d17f190781078b90d7dc73c96cfc4bd002fc8ce5d25dbed8c5cc737807c8ea645b40422c7d1ff287540b141a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
41b963e9c3902f351d198c7f04e2fa04

SHA1
78408cb0ae77903f9b52e96aadc3e0a6b67eb3ba

SHA256
c7a8826b5cb7f618d2e169013f4d0abd66ddec53846a23ecee336a2dd465e420

SHA512
95e218cb0a4ccfcb2a26d086ae248804a95a972cb8d11b3a4f0015dbc25529d2c6cea61fc331c880d1ec84866c034ee3205d95b3dc5f471a4ef945a0e6757192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
045a7f9f5a7e783833f9a77d13da56f4

SHA1
bd64ca9cc89eada4ba79b7e3e5222bf395c1feca

SHA256
daf867ce50ea6a7a70fc4a5348680ba251cb7e72c75c4b5720e6109130154028

SHA512
560401178af224c3988dafe20c4ccdfa5c79980781ea1cd5ab7a55dbdaf8a0cc753255f6302d1f09e03a23a0000a42d311784821456f3c2a860399b37adf3208

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0b875c8fb2495b4232dca4f8364bb5ce

SHA1
39a1c4c2725e6d405afc1f1492a338776076e548

SHA256
e55e6a03a3fee82a8d6695e1bbbb718ec84e0004446f25de4e8c3e10af0e237d

SHA512
d16e8aef28eef7221f09e3b2b9f4bd180b57145e1986cb254f878204da225e535a05f5291db43035afaffefc49da037e7136ff9ca25836ce4df053bed84af285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
8123a2009ac3656d65b99e51f67547ae

SHA1
cd036aca60df82d08e271a86f261915b28bae9f4

SHA256
4b906d7453db4ff918376b92002322a6ee780344fd70f0177c37e3a761ac58d1

SHA512
c31c96549d4b5eda6b3d6344529ff28d55ec7cdcad00a80842e5c8291c47078af11106b8201960423d082e46fb5baf2741d446c780cad89bb4f0a9d9900cf93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
9bc2bd51dc9eb75306584d428e5de4fa

SHA1
e513034685b5e008bda9ea0060d74820f4e79fc5

SHA256
bf8995634f29c10e4c2d12989ec048e5b29d74f20ddb5119ef1051fc5213b9f1

SHA512
cc936eb78fbb119b5a0e71c710501d81c51a2b57400849bdeb7caa4ddbec4e77fe3e72406c5a50180f323896bfc9259e51e86968defb9529455697f661e1c17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d88361f603efe5128213e8f895690a2e

SHA1
3487da769a7c2d4a21f9560ca59ede8756c66e54

SHA256
4e92a4e39f06573130f88261126514687db730f82fe3b4e4e7b35368ab933e68

SHA512
5d3e6c6e9544f1e33da7764545818c91c9057bd1f910a46863afecbdaacce688e73bf45ffcd392610d0f18053b86aacc098e8faf1558b213df45e956d385d252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7432289366f274b95e7213968c9b6ca7

SHA1
18a50aab7ddd4c676ca0b28590bc40ba8d44f709

SHA256
c2e72bd9142991b56b8616d3bfdb0fb10575f1b26b032a171281cedd6760fcc3

SHA512
b16e780e4160eb749ed6241f4d313b17b7432b2a84fb9eac130e5febe036bfc3c0133209024a928de189b6cb7fad4761bbfe395142acda9a7f17d0976082aa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
a7877af6462c523c2677ec371470367a

SHA1
72bfe5e0559797c095214b5ffd2b15ffada09769

SHA256
f6b10eba19649bbe5ae609278d1bb39a3a9dbd01b69ce98229e32a3f00ceb99b

SHA512
dadb9124d3f71c691c591d60ae80317268d94550b6efa064594a2a7ad7d71a824b56adbadb63e5b5d0d646d01b55a0e3a8c498c85876b6cc64428d0c600591ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e17c183445adf44d508195f95d8ed783

SHA1
5b23014a457a61fc618c6c5f1645994edb79dd0c

SHA256
d9d3183cbe5f0c11cf5271646f4f7f2f632fc9f7c06b89682d6f591d8db0c174

SHA512
8b99b05e58467687c5f199a70a2fd52e08aabc14442e729b67cd158519afd7a20f29a23402b714b2a27beb682b8b93ae8802bbc89e350a6c6d564a9fb8e083c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d5913c27c36b04a5c3c71d34e366649

SHA1
20543fb7d91e7efa7c5f6a2514cd846adeb978ff

SHA256
e673705acb53c30fe34f4e4d4f54d937017370ba6ef679b0def914f8955b5229

SHA512
6f8e37fee94f28cb230e1943f488645067bbdcbc9f4ab4ec666e72af908b849e64606fb8fbefbff25bf4bec077289657a22b65ff0bc37306c9e9fe257c79978d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a7f2b4bb5e12082498c546260ad073bd

SHA1
afac1e288cbdf0ef8a5e4aab06c4efd0f9dde25f

SHA256
55077b1c54ea1272e519203e0db85b49da6405be0cf99b668c4c4576533ed482

SHA512
1d9a07124fb0d811a29c1727eb9fa8be45009624801431936f04ce3dff761f7e56d546b7d3a9fcea8b71e1ca1a5aade998145e63c78eaa0d3d3b86285b288237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
cff08d9596db9b0ac76cb51073ffaae5

SHA1
ef6ed56da939b70d9956cf0e233f2812ec8726ba

SHA256
004d25eab6e7c667873eab4d6cb0f660943d986b6e35209ef757ea8fb2417ec4

SHA512
fed703816b7656f318f5529d5a135befbf70a7a6ff749eb0d193062aaf616e06ca5a363bbf23c67087203b5da7dda800d351b9ff7305e5cbcbfec5efa59ac071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
0058babf9f5600f032195bdbd6542528

SHA1
69c89e915a2b4ba6bea7a78488c9d3aa78b77f17

SHA256
e589d36698a5efc1837c84f164e7f23876c5f28579e00e4854f843e496232358

SHA512
00cb7992b748237e794feb64895e187cda99f7d260a17a4fd61978e386981702bb7890008e6654c0035a4c98a56395b58e1599a3c5fd5cac615cd2326c9b6529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a0d836c71176cfa0d3dcb17f8b5f1572

SHA1
2f63297ff82c9e408f8653200fbf81f4a11279cc

SHA256
e1739ac2bae1306e02f4b7ca0658b0783a220076e2e3185b5371ff46c5a6b03b

SHA512
cf3db5a663e943e43b94963d73dbf31db555d9126573d488f2c55a7703eb149d8dd92822aff0cd1ad504d6d568bde85737fbd014543f353ef70dbe42ff994449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f5b04ca3bedc91cf7699990a244a10c2

SHA1
43bc19967895b6c767a84da21de8848e78819a39

SHA256
71d3843e8baf700f030482761a27f532bde7ceec554bc03f7edb47eba7444030

SHA512
1d1075fc144facb4b2b45fccb981ce5ec5931640c7cd44d29f05f46d7675ca42bdc615539f3583a375275fe4a3dad997e9d372e93baf0904a7051c03e16d461c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
871B

MD5
405abf50d051a5e495ccf44f4909c994

SHA1
6cef951f2a7143f7dd0dcd594874dde085352729

SHA256
656713ba2e72751c76fee71cd40e1860dffec144ec38882de4ff68b6004e63c7

SHA512
108204bd745db058073e0f666468a10ba0f9d48f274b608f5ce022ab212932a6e33d35f7a3ad1e5f55caaff609593b9dad88bfd5bdfd7ae999e9f600ad1702d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58dcce.TMP

Filesize
369B

MD5
1c5888865eec01d71624ca05c0068570

SHA1
c9ed23de735875bdf75b8c739db0de4add6b3684

SHA256
fe5affe22e1a5d72be0a86fc03e5c633e0c97cf5f47909a5b83e29cc8bdee052

SHA512
c26215ea570c3fb67c600feb60aa32c3b2aeeeee66340afca4e90f67a14929d7979b8571e037595cdb15e2f6c5451930903e1edc076e5d8248f4afb0151db133

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c2dc6ea3f822d421d7a52740d8ace5fe

SHA1
5f0738eb9812144dc2ef0d16d6be00779f9e8efc

SHA256
26d778e231b24fba862b32edcb08438ce25a4868a4ca5e8d94666d6868d44d1a

SHA512
7a0f4ceb4b54d019fd9cc8e7cf2146040b323643d130e25443adcfc0eddbac884d97652eb0b996e3acb5183532f421a337673c5b1f49bd96a8b6576eacfd5422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f75ce9a057f0fa0329d47449f526f8a3

SHA1
723c60979bf9cf10e44420a31b75f54dca359204

SHA256
6e5406dd365a907fc882bd65edcdd37549d97de940ade7cec04f43a915474396

SHA512
0bb62d5388907c50e1f279d6d085e296e66a75cb542d27869a78d9cdf570024df360469fc919858ab357b35ad76b444f00152f043a80c730b17a97f873e0d861

Download Submit