hxxps://github[.]com/Sn8ow/NoEscape[.]exe_Virus/releases/tag/1[.]0[.]0/NoEscape[.]exe[.]zip

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13-08-2024 17:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Sn8ow/NoEscape.exe_Virus/releases/tag/1.0.0/NoEscape.exe.zip

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{373CEEA2-F99D-40C8-9C51-0C438BEA2739}	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
1284	msedge.exe
1284	msedge.exe
3112	identity_helper.exe
3112	identity_helper.exe
3048	msedge.exe
3048	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of SendNotifyMessage 40 IoCs

pid	Process
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe
1284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 840	1284	msedge.exe	85
PID 1284 wrote to memory of 840	1284	msedge.exe	85
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 816	1284	msedge.exe	86
PID 1284 wrote to memory of 1144	1284	msedge.exe	87
PID 1284 wrote to memory of 1144	1284	msedge.exe	87
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88
PID 1284 wrote to memory of 3100	1284	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Sn8ow/NoEscape.exe_Virus/releases/tag/1.0.0/NoEscape.exe.zip
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8e0d346f8,0x7ff8e0d34708,0x7ff8e0d34718
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5608 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7140 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13999403894996661846,17064343588208920594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:3188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
41KB

MD5
c79d8ef4fd2431bf9ce5fdee0b7a44bf

SHA1
ac642399b6b3bf30fe09c17e55ecbbb5774029ff

SHA256
535e28032abf1bac763bffd0ba968561265026803eb688d3cb0550ad9af1a0e8

SHA512
6b35d8b0d3e7f1821bfaeae337364ed8186085fa50ee2b368d205489a004cb46879efb2c400caf24ba6856625fe7ee1a71c72d2598c18044813ecde431054fb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
43KB

MD5
d9b427d32109a7367b92e57dae471874

SHA1
ce04c8aeb6d89d0961f65b28a6f4a03381fc9c39

SHA256
9b02f8fe6810cacb76fbbcefdb708f590e22b1014dcae2732b43896a7ac060f3

SHA512
dcabc4223745b69039ea6a634b2c5922f0a603e5eeb339f42160adc41c33b74911bb5a3daa169cd01c197aeaca09c5e4a34e759b64f552d15f7a45816105fb07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
65029a1837abd21938a4b4adf179427a

SHA1
0cac3739fbcc36b49622b3a69250748f0d19bb4c

SHA256
9b7d5ce50b5ccb5217609e9d9008c81985942e0066691c22a99892038ae56a9c

SHA512
e82ea859914990072c859179c4986306bf234fc109205bec6123c49b6d6433def737dc5d7d57f12de21ecb54686dc3df148a662739a71e5bcee89dd5b2c4fc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
763ca9ad0c7cc5be5da2abf3477f6ad2

SHA1
6656cc9d7133fa59c628ebd0dca8c266cb4e0848

SHA256
2f4b5efb755b3ddb2bdd44d1968efb98c2f71a7877ca26221ecc87c90e8a7eb5

SHA512
13ba718444cf364bbb8d2d2d1d1c0a9e38c1360397953cd484e54e5169bc56b25ebd3fd06a2daa9f1e2425e8a3d4c90d63dc580a5816817f02792a3511f0ec27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
92ffee6090f4856ddc2611f1f1867485

SHA1
9c614e87f958bc1787b2b6a0f0f4addb6b8f16a3

SHA256
b13abd47b68f70888c3e53ba382bf792d8077a0e375972ec94dcc2be16f1b41a

SHA512
751a3e4a5a74701414307ae20afeb71977a84d3374dcc20edaafe20ba52167a11702b86720a05e23246e4416db101af41b58b8bf70f33cf0fe5ef7b56d777ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dee6d83b4d979c4c25db844eefea526b

SHA1
8d3a61ce872ed6c4dc9594f03cdfd51b6397a5ed

SHA256
0ffbfc9dc56646f49aba04dcc159fb47a3d13b97e7bba38ecce5ca6af652f883

SHA512
b9e2f84797b1d671dcc15759dcc9b498dc6a5427b16a1d99214f429cfc2cebb8f2b446f30f39c2b4fa43e3296ce11b2c68877b01f8e84c9df6e2ebe65d7dba0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
782B

MD5
1082445c2aacaf467ff831bff4a06e64

SHA1
f1a58c94e4120f1ef98f86aa0eb4bdaa5359f65d

SHA256
573ba04508476a1c3c91514ec99cc3dee52df311e72f67840c50f20a10fe1161

SHA512
5e8d78f942646ac64f9db9d99cd5b8026fd48139652e17d588236845462adb5266e0ca6a4d8d48a9dd77e94ccca6666501f490314850b3745fa320222c3796c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7505d30e64cfdb108906caa0a82cab75

SHA1
0e876482c3e15273fd75c0ba52c418d60a8bc2f8

SHA256
dd99c322e6da3e77a5c6959694b5bce51482c6f4d7ce68e44149e92b6ec341f2

SHA512
189b34b59bcc77790971a076d899764ff48eb37174a001d67764e0446e0a5dad00ad3577f6bd3546cbb33c69239738448e836d99d44f3b5f99fe1fee6c227be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e889fd474fa36a2b745f36a9d27363d

SHA1
a97db7cfa1a117880aea311a0fd9943724ffd12a

SHA256
9b09df37be252a1a3af37f12baa23f8afb71f8a331d987c4e945784483f8ebd0

SHA512
daefe4441c9d84a7f6fe6b1fa2a3e0b8b4ac4d3a0fe1967edd4463c99cf2339c9a22a3e5a6507f44bc8fd6d033137648db9066f1859dd121f1a0a7ad41e2d281

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
424f35c398d26eba0fae714b7ece183d

SHA1
f3e24a4bfe6c4faa2fbbdab9fa763e75021743da

SHA256
fb1070a5fd3abc9c1fe453a584e5a2641ddfc7983f2a572545019ac8c4082764

SHA512
6a220c1aca7897d434c7e61d48a44e844ad35f37a1d42c4f9004fe395c33b68766ef7a2621bea0aae9994a25ce8828c37ae4a7c3183404eabcc9e622752e781b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d04208ad0eb315f03df34044b04bc92

SHA1
56164a1271ae157174f8014602189eca2f49e700

SHA256
77cb6c35976df84ee74f9df10c8dd94279f608dc4b08c05308dd8efe75e71e3b

SHA512
e17533a8e3bd7b9bee695c919a144f2ca1cb5dd37c1e4e1082b5331dcb2fc8075f60133dfbefcdfdf710ecb9218719483c7434e2e1cfd0694502b08e21c1d625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3a632e5963dfc993fbe02453a92485ff

SHA1
53e5dc1268a4f38f1e94f2c2ad5be7311ca6d80f

SHA256
e4d7be0f04f238e33dac3f86580fc450002dd7676a33acecfba81ab87ac880ce

SHA512
ad978a8a6d5e042333f9f0d017c09f3c3d1e5d7c8036662ce60eb00278da4382b3c1fdee4cf2518948ff5406f00e99704fa99498cb06f944e3d413ff51d0007b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5a53bd77aa42640b0f6962f6d093d1bc

SHA1
77343db57e4e0a010549afd03a44581f5a156c99

SHA256
85369cd9a943f11ebeaccd929cb61650c0ce60d9c2d1ab191b83e75f1e0b40d5

SHA512
f6cca61ab169118c897c63bfc1d6178213131883d3b4f578fd5b185777e3a4ec43f7953d121c9ebda62bc13a7d18a8e7c1f29c5311b7798233657b43481d61f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01ffc6741554a0a5d3b0511f528dbcb8

SHA1
120e548ca034f380df2b42df53126ab8a6047ce7

SHA256
8d76ae3c5dc7201b29de85f3961e974d06502b29b35f71d75bda2c23fd88d80e

SHA512
db4ed64f9e75448de1a8bafe7c7f48ae26071c50a3fc5dca3016af8aff3832463d71369478d810433d5dc50c528fe0f1fa9f3a5fd35eac13502d504a78983759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8c265f67e7f63b7b5434210161e6d15c

SHA1
f16e8bb5d4aaa1fc0b5250e8436ebd6b39053ece

SHA256
9ed191b264ba5343c9aeeac752d281d31df2584ecba4f3601e11bfcfa705fbdf

SHA512
3c6cc83110a57d4521680530b7036ad8e972c88cc0002ce11d1ab31dea6e9c468f8517b3419e47fa8edd733699230b3e6562e3c16606cf2e5031fca1e109dad5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0aa77e9fe5b5e98b4817291703041e7

SHA1
130f1719bb3b2fc3d06cc1ae08b2c46639e7507a

SHA256
a7274fbc518abe9abcedc37a7963b58470d3ce8b88b190953a1ae5b1eaf6a61c

SHA512
87a1305001e03956482b55409e51b71c4c569e9e7272d9b6fcbf12de71314377cf5eceb639fe7f7b20d7e115075eb6f8baa04769bac80c0fd0b04ff9a2fe0a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
95562e2b61ae3eded7f0ae4ed91599ef

SHA1
86265882dc6ab10a61e078215bbd06bfe6df9d26

SHA256
d0b6ec40cece3e8def65cb5824f6204c0a77bd88d653cbc607f8f9d93c879cc7

SHA512
2444f19da418ecba41179ae5862610f2394b4c4a35bb376e078ce1da4eb8197208b824ce8486b21b4bcc250108846b868c95275d9d61930036bc16c2e2003cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f3f5.TMP

Filesize
872B

MD5
d06ad7aaaaf62ade569f360cdc28d4c0

SHA1
83a6b16b5ab621b6045c9d259df9b2426be97e3a

SHA256
eaf21deca631f3fecc72ea8971538e209f416fe48287db0b8b4b16dceb52f97a

SHA512
8f9f3e9dfd272082c1a04a1a57b5c4b7524f7885a85451a80522ee686d5fa32fb695912569f2f21e7d930ac39146721a80b080eeab1af973f34be334352178c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e631441497e239fc34a63e1fe71f129

SHA1
542a91ce0e6ee7caca1f1a872fc8d5d87747c381

SHA256
8cf58c4de43e255d1ab6123395b47bbf7a7d1f57bc71f26dea799062fd65c623

SHA512
2ef28fd303491fd89b594b71ea4acd5fe0bd72101c3061cb88fbc52a30e22f8f7fefa6bce03e4afc7343cd6d24904765784ce065fc89d0aed3f71d8a115ddcbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1f9bf472c66d33f3e6f122ec5921f809

SHA1
13795b3c84188ce54d6430fbd5935f099b174b39

SHA256
610a149cb16a7473f97ecc3980676ff4279db622bda8d85ec315ac3b1a6953df

SHA512
f2f1d0002a9fc1443fe0d77f893e66ed6342c19b95015ca391e28d0664eb7d8cd434a84d5c00a70ad8a1a5a13297f528f06d7be1d11ae756be1d8ee58d5c6d59

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8095ae50a1b1bdf20c9f2d5047b6f9ee

SHA1
68a7c2b6870e1f90ad6de8d5476d6aaf1aa02f48

SHA256
54ea758a7f9cfd7cb640b6da7e390df0dad496cd914da9b8d8aeabb7b53116bd

SHA512
f83e788fbb90d882981c2e08beea922a772b6c0d3ebce7ba4997158e8d39d4caf971c3a5a7aaf643707cd6ab27b60519c1079e2c9551e83867deff1df2ff6313

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e7119c3168264851c3e4d8a72b54d58f

SHA1
adf53c0b4b8405a080e161c7e0d4288600bf8d91

SHA256
881427a5b4d98a09e1a0bd43d5ebefade9cebad55854d03df7192e5a5a826c0d

SHA512
bb7d147f81e03a98b98d4ed1e19080c6c4340a6dd0625a1c72b38bfbb2580b89845348b70ae68a5ac3165afe4c495901feecf3c563fb9c5249128e1c29df67a0

Download Submit