hxxps://fusionhacks[.]pro/cheat/fivem[.]html

Resubmissions

24/08/2024, 20:08

240824-yw2tesyejm 5

24/08/2024, 20:06

240824-yvemhaydmq 3

Analysis

max time kernel
150s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
24/08/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fusionhacks.pro/cheat/fivem.html

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1964	msedge.exe
1964	msedge.exe
3900	msedge.exe
3900	msedge.exe
3612	identity_helper.exe
3612	identity_helper.exe
4796	msedge.exe
4796	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe
4148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 2752	3900	msedge.exe	81
PID 3900 wrote to memory of 2752	3900	msedge.exe	81
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 4892	3900	msedge.exe	82
PID 3900 wrote to memory of 1964	3900	msedge.exe	83
PID 3900 wrote to memory of 1964	3900	msedge.exe	83
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84
PID 3900 wrote to memory of 4528	3900	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fusionhacks.pro/cheat/fivem.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe4,0x104,0x108,0xb8,0x10c,0x7ffba6eb3cb8,0x7ffba6eb3cc8,0x7ffba6eb3cd8
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1820 /prefetch:2
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6924 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:1088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6672 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1704,15501472972031432579,8521142727379735940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:1
  2⤵
  PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8276eab0f8f0c0bb325b5b8c329f64f

SHA1
8ce681e4056936ca8ccd6f487e7cd7cccbae538b

SHA256
847f60e288d327496b72dbe1e7aa1470a99bf27c0a07548b6a386a6188cd72da

SHA512
42f91bf90e92220d0731fa4279cc5773d5e9057a9587f311bee0b3f7f266ddceca367bd0ee7f1438c3606598553a2372316258c05e506315e4e11760c8f13918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
058032c530b52781582253cb245aa731

SHA1
7ca26280e1bfefe40e53e64345a0d795b5303fab

SHA256
1c3a7192c514ef0d2a8cf9115cfb44137ca98ec6daa4f68595e2be695c7ed67e

SHA512
77fa3cdcd53255e7213bb99980049e11d6a2160f8130c84bd16b35ba9e821a4e51716371526ec799a5b4927234af99e0958283d78c0799777ab4dfda031f874f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\143d0035-5b06-4f3a-8a5e-e955de3dfe7b.tmp

Filesize
10KB

MD5
97071a082074cca3cd649b1b49792a47

SHA1
d16d1a575b5cae9519ec1c9af8da99bcd3f085b4

SHA256
9e23a5f5a384526732ffba9dd0c2d0018eab22128de71cc417a9f62871e9756b

SHA512
e0fb4068616a221b211ff74de54471d2a320619905403d18dd09f2b343b62a3d78f508aac5524566c8fcc0966fc9ed7e2ba107dda9f1ac3ebed3c753e6a8199e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
20KB

MD5
8266eb9d769b0040c61f9107b9233d0d

SHA1
7d84098b0f5a6b1fb73333838e071558086938da

SHA256
389603813af8808ae7ec8ca4f2bc326b15e4c2ad5d86eeabfb271ac4d170b923

SHA512
82854e09e38363bf682d1426cd72d2efe770a58531f8b006c80c32718229cd9699c6db6ae4afe0a5ba64504a08b16568e53ec8fdf2702b5abc41ef7711f011b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
62KB

MD5
f79882e12fe87d482fe216d30ef3c93a

SHA1
e3031f2d694529705d8634b397815cd907fec24d

SHA256
c95d79ddd197080d143fdbaf458ce6d653621088f2d16827b3037f4417a32f61

SHA512
075f20268aa1b46fd322da5220b1705e42076d6ee681417bc95d5e900c6ed9929eca102796757e5db387db56ed2e97937e074b5af75840e55b018623c0a845c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11edd1eb0976fec5776980de6ecb4268

SHA1
d7df4cec67e2327d9b6832e178c928d70b3a930e

SHA256
5f7f52985c913d2108161e5002b6047f94f012a9b1a9d076b171405e963281c7

SHA512
d3efda95fcf0d97daad17d4cff4918509759b97fc83e54fa4311fa531f6bd9aa914776770414cd67a6b1c04c097724f315f74c9c2f23a1d148200440feddc810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
3e5a69d97d36d4bd3569d55e61299d0f

SHA1
d20908a15c9472d7b6c981b530a277b9bb8f58f8

SHA256
c0f219019993b5b2aeb00808b7c5dcea4147749a96db41af5f30283cef3c4e3f

SHA512
b7bf53f82f188bef7deacea742f6021b88967bf70aa8043e735aee7dc00592f8f904788a7d5d9b69e679a693910bf2d7363cc605056eac4bcfcc99d86356c2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e97543256327849514f6894170395932

SHA1
0a041a1ae1e0610076e8f4fc9a29f2107a8d62be

SHA256
203590fb4c608ba1f42b846ace8125d684f11db7fd9e00b4904df79ee1281955

SHA512
0d9fc9c64d86a1f35b6670b0cdb68b49ea49328837e1d750d35f17b69dae89ee31134f70e4c4ef284514ed10304c2d7775e280150ae84112859596516bbeae23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
b4e3148611e883d293f50515726ff040

SHA1
8b8a5e372dac3d7b49b3794d9ef3f505b7c6a3df

SHA256
8ee78b69b330a4e74a49958155aef66331f99c6706a00e118bf824b3a33d554c

SHA512
32749458c9895530b2c31f173c13a531aea52a2dcdb4fdcfea09aeec26100e337f893083b8411c4d49862750d106fc46d9b927f18aec64b36788cebd2b4b0c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
9KB

MD5
e24d1f602bb43d6249fd604cdd02dd72

SHA1
a15acbae72263e172252751283a0c8459e62f525

SHA256
2c9657134b5bb1cdb55a4d16a45f097024f0878f23210d2d3bcba138b493ca7f

SHA512
eb96a6aa04076253aa16102d99537a00e442ba854b6c2eccf3f690cd61aa185f22db35204368e4d79082610e28e1ee3667201486c2d60fabdc432f14432494fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f0e88af6bc1c43b2faef2f28e496ec2e

SHA1
758e89c3873bf8f589e5defdebc51c46368a8e17

SHA256
e1b90216f52f7383f0ea6caffc8d3574f2750cca41a2046fbfe412dd861a5882

SHA512
ab25240e2795b66441458436b91c1332f142c6890ab005be12c88c107a2a424337f8514d27a149fcd5a497c32ed2f4ce8fbb7117ea98ca29904f63da964a1498

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
315cb712adaeb3d67ebbbbd7f95356f2

SHA1
6e21c836d4f4190ac7f60c37fefba56ea1c056a9

SHA256
1fcdcf81afd6e58787cbb01133953ac9d758221cbceb20f0ef83ab5027c2109c

SHA512
336e80b42598bbd304bc4fbe9d46f38c332582079d995f165fdaf04c1714cf50abdc23b96f1b67312908c78880f0c9adf6cf876e735ebe68dbf0b5568ac62d33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2ce0dd439ba843722f47993b3488daec

SHA1
eaac44a4e66a200264b9a54051ae8484f7099fbe

SHA256
8463a82b6137bab6519bce52d5253d9314b5b144fc96ebf6907caeb8da10d617

SHA512
7d945a01e4e3fc7748faf0881921be283dbebc2d548e72cb82c029a23671f55509acf22943a57bd2ce2c0747315e2e3db2c9d4a4af85ed87f4c3060fa1e0d93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d134d6c0926660393ea1c729e4b5384d

SHA1
b2c91a67483ccc12191f6e70a25a6e4ec80a1189

SHA256
ea630ce0518d11b92aa7e2fd603cd3b0b375d821e13d4ee9a4517a6dd7439f42

SHA512
f6617bc53055e2d8125e27c5708cc586429bb4661a0b6fbe0988cd2775719f9b57baccaf30e14d5e2e4592f70d027bb474457343c78d2519eadc8cb810563a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
44eb55b039beb459f2fc63848f06cc33

SHA1
eb22ac9b9ff824b6cc67f359a773dc5d6f41e70f

SHA256
9b6635580d319479db888939d3c73579b5931804164f09e322fdd74492ea1f8e

SHA512
f7f94d26669a57af6ee5a7bbc5f070b2514d92b2880d0d55aff90e9004f9f659f1409bb14dc2e9db26faff12e274cf78b8c58fae77b3fbe951d908f956c80bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
fecd748ccc3cc4e7e5ec9195760e55b2

SHA1
90498cfccc73a32eb1ed5b173772adedfb14c272

SHA256
9331b7fefdd3b93da1e39365601a71afa1d7b625a2b11308af68f7362d04b9e2

SHA512
5fa08b1d6d6c43c579d3f861ae82c8432eeb140b6481b6336a18189c3b099c6cec990bf104a399423f8b908542e9efe3bf995e018f9ef2f9011ef0864c00385a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5823b0.TMP

Filesize
2KB

MD5
93712784e48db55679172e93fa6db003

SHA1
e37fddcf0c2c2dc41bc527f688b6fc72424413a8

SHA256
715f8bd2a1240a84a0e56e3f7000b7ca364a4255e192f1fcf96724a2648c9f88

SHA512
279af6822be1a2302f019afd8cfc88ad694ac7dcb45e0b0abad5b04f7bdd4ef0a6a4c53eea05f9c261b676b5ddfad33de47337bf8c4c26b35a2aca4d88084a3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d0af7f55dcf50053aac1b9f33122ec2c

SHA1
020430ac51be8a0caccd227e9ca0a16c44b04b2c

SHA256
8f3713e0b25f16912c0cca09031880ef46cba241c63cce15226ef6b3c8b5670f

SHA512
54603fab9f8ade535c96c877718ec4600baec2f6f18866f81a2fa01ce23b16f82a232eedda7b3389dfea713524058da8c7442e66e527076f77e7594c83a0fe34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4584cdb94c712ceb8891e05d581b2041

SHA1
632ce4c9473075bde9670753f1c5812446449c49

SHA256
0e8c4ed75810c6b003029828036e9744591b99ec91973706a010621c97b9ccd4

SHA512
0dc36394aa6f4dd9f9847b6727a862de1c13829e54240eb22770468b541ff16149f99c7da3d606eeea07a1479a81305d899b89f51b4b1de34d616fdc3e85f9d7

Download Submit