hxxp://instagram[.]com

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
25/08/2024, 20:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

http://instagram.com

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-786284298-625481688-3210388970-1000\{2CD489E1-8413-4EAF-9AA8-516A69423379}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
3904	msedge.exe
3904	msedge.exe
4580	identity_helper.exe
4580	identity_helper.exe
740	msedge.exe
740	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 2328	3904	msedge.exe	85
PID 3904 wrote to memory of 2328	3904	msedge.exe	85
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 2016	3904	msedge.exe	86
PID 3904 wrote to memory of 4516	3904	msedge.exe	87
PID 3904 wrote to memory of 4516	3904	msedge.exe	87
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88
PID 3904 wrote to memory of 1788	3904	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://instagram.com
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5f9846f8,0x7ffe5f984708,0x7ffe5f984718
  2⤵
  PID:2328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2036 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2468 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2512 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,2870666762314275802,2241662594091050913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7114a6cd851f9bf56cf771c37d664a2

SHA1
769c5d04fd83e583f15ab1ef659de8f883ecab8a

SHA256
d2c75c7d68c474d4b8847b4ba6cfd09fe90717f46dd398c86483d825a66e977e

SHA512
33bdae2305ae98e7c0de576de5a6600bd70a425e7b891d745cba9de992036df1b3d1df9572edb0f89f320e50962d06532dae9491985b6b57fd37d5f46f7a2ff8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
719923124ee00fb57378e0ebcbe894f7

SHA1
cc356a7d27b8b27dc33f21bd4990f286ee13a9f9

SHA256
aa22ab845fa08c786bd3366ec39f733d5be80e9ac933ed115ff048ff30090808

SHA512
a207b6646500d0d504cf70ee10f57948e58dab7f214ad2e7c4af0e7ca23ce1d37c8c745873137e6c55bdcf0f527031a66d9cc54805a0eac3678be6dd497a5bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000034

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
ce0019b3ca47a20976d7c6d1a3d7a6fa

SHA1
338dac912a881562739839329eeba8fa3464e295

SHA256
6acc3bbeed4bb05b3b897119dc635240b03ba0229c4a551d48c486001fee278d

SHA512
9ca589f60cd5094b986a544870f808bed560a60d2e3bd9ffcdb965210d9f3151dc4e631de1185778840b820d74055843154f8b75dfed34c95de898101806fd0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2a2806f095fde7ff4c9ef0a1fc375bcd

SHA1
aa6503594a3e266d4feae156dbfcdd608bb653e6

SHA256
103c2e9b703ffc9c5696ec4bb938ad02cc04aed66839adfef31c26c6a97874c1

SHA512
598433a71e44addb4aa51df85d9696acdf2db15fd44c29ffae46688114cd735021bfbc54d614113c0bd7c729ae9bc25308e4e64e028ae7c286ffb0b31623f513

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b0e68381610e6846f77c62b74d021d82

SHA1
985d662fad59ed0cda7b74c0cb8fc5338eb993ad

SHA256
b88587f2deabb46bd72a9800df96e0e9f86590435656b951892ce741caec905c

SHA512
ef6968fe9afce856e193a093ebb0bb75aa00dad67f962abff596fd29ec573795c4286c77df81a5feceb02551244ea3fdcdf1b4699d9382767e638dfdb472ab49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
485B

MD5
beadfe427d4d255fe29839c670cd5941

SHA1
4e0804f227dd625830aae70b42aef2ea7d06e377

SHA256
73d3226d4eca91429b9623ff4ad1234ed10a80b2fcfc84b0747ffecfd35841b9

SHA512
051c7a5d5d838ba4a18b3db2fe64ca227b10c671cf31eb6ba434372a3bf8c2940a1f2562a2edfd60b1025d5cdf70de3a6ec18ae7671e7cb213dea0062c7eecea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19459873c07ed9b6bfabf62f79c9dd91

SHA1
f9b65816d8f1c219338647df81d3d445eb8d2fd3

SHA256
f6709802266019bb0f239eca7eba6b2f3d0f598bec42cff2d08b6b556836c1d9

SHA512
ba1f08e340620b007f873280abed2543dbcf506205b5a81b70f55812e7d330d91848129facac2bfc6591ad7ab9ae70da5b080ec801e0653b7502065aab3bc71a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75238f6d1059bc4ce5f3ac51ea0a3d18

SHA1
8821cfcda9ddb418f6685dc5cf4825efea2291fc

SHA256
05fbf2ff2a907f0f931a3c25bb348bc146fadc1fcc1b402d7de889d0c2c5c7ac

SHA512
78e406d42c0ae9675ca042b0f3db11332640e28c976e5e564463398f2d2b2e0c91aded0f5be2670375cd7066cea4bdbb07a7ef9a569036f326e06fe48c58a86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
523fe07f68335b0a8effaf0c7ba0e600

SHA1
8a477db8ac964b0f0bc6f1b097030fcf2e693c03

SHA256
c946fbeb01a4348cae8f571fc3f7f90b63fd40c401d45d8660866dd99a4b9f2d

SHA512
d790e847b41de324f10391446d197964bc5de7cb3359f3ee4520d5a2911ae13afa47198ef921649a1366787b040909f0e76aee737dc895f104b668e470cce5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9a4f5cd4f2ace045ee039f7333068745

SHA1
933de1b80e6a99683cb31ab947ff9edc2b183d7a

SHA256
e4509d51fe53ed0d0bf7369c52690bb7070505b1692a5c19766ef9b94a9a2d30

SHA512
e0ebcc086def7447dd189b85c91f4030aaa3f2faf58236151053c5eb173d5971d517fcdf1f655055b845da4448d2e72c655851becb6cb38f6063678c8ddd05d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c813d0068cecd94939b203a5ee26c3e

SHA1
66959d126534fb9511940f26f347d53fb5c1b8a7

SHA256
dc095e25eae0209522b57107862dc6de8c424d640817377cf0b7eea1e7b4de62

SHA512
6d9aaa64397dcc360f8d1bb2c5d75c4d9ac6906651bcc31ee9a28175f88506a67f37d7d69ca3e4b369acf1eca82fa2794eb5d93a8ef6190e984620ce77083110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
cc6405fda9f60caa2c53bd5a318c88ab

SHA1
6d8f68727d4396e12eff67b192061ea21e80c865

SHA256
18daeb3589892b2544f35a640fa5a0d7322233973cd308977267acd10d74d0a2

SHA512
504ed8219dab81444dbeba9046b7d86e3f48101d128ed42a117262a817bc31d4e6ab6a50101749b4eb9b1fed54d7bc0bd9893a720abe17e3f75b61b154077459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
304a963bcb72a3ae4a8a5255f7be4522

SHA1
b22846840ae828e5d569ec12f8889aeca5da4fb7

SHA256
96fe5e9b332446e671777556480927838d86af279534f39bd3272b3fb8c9dea2

SHA512
c1b127069ffa302c746501f390e5637fb0cb7644ec8402bdc9d65fd1703fea0215f5860f5e25976011fc0934e98320402a1293fab157cae4ba85b96fc7f29548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c7f9e70ab8e0c971f516e5a54c4077b6

SHA1
46677664fc0ef567af183f1d10ccf95e0cf88191

SHA256
063149e69f4d4d587496d7fc4cf1489d83c2fbbfaacf2b95649ca88443d973b8

SHA512
0372981d6a5675393a6bf4ebf8d9f66543d8a0af8e65c6cb5827fbc1450a0ba5f0140007256987c9a9055b97afd8a45adc3a7d48a832afe25edea08ee774fd26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6f96c87bd8e7f1190c3ad187938859b4

SHA1
d876c2388267842ed0c117224e0a78d55ca9c648

SHA256
96d4c7707252db7a21ed41058e11460ce776d1fa559853f7950341226ea71af8

SHA512
5ba8938221ad99169f686b25fd9f1efc6c39b5f72456b8436d8151461cc1b6aeb22c6860e38cb2856945c5e0c36ba1dc28b29648b497609ec119c05b0d05ee33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bafe6617d63f0cdacf8800f93fa6b4f0

SHA1
0c3241883a64064f658cf26f619562b83dd3f745

SHA256
f4b51991bbadcd16962c20b0fd0b8b29ef518e20e5d0c057ef1caad5765e7218

SHA512
034e1646238a7d65f5b65f4fd4ba27fab946e4e76c7bead0c3fb5d872cb3224bbd992e06d0ae1a10e86c37343b7d2b61b24edfe18f47fcfad3c0b76642a29991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5ffeabaf977886f29e70caa67504e6d7

SHA1
34ad2e01642a682467540c05427acdfc16728120

SHA256
890ecea69e67491d64803ff48c9c65b53274ee955ff6ec1c7ad5395adad36c90

SHA512
d02c8c8fc759f08a0bf22ea77d8e28362190de8e41071099398e29fb07b06a2aab8121097e8d028c0aa4892dfef1ed6a54355b4023d3efeee4e23165c874069d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
73a1a14091f6aa4aacf8aaf32b707e35

SHA1
7b0b19ce0832f32ba60d3c8033e1fd3e2086c32f

SHA256
99413ffbaf378b7698f7c4af0fc0d80b8967b288c1f07af30c6d5013b5a22c3f

SHA512
a42390bae41cabc9c0414c83ae6a74ba4278bb85ee4533d5891d2a9c027231ea4ada6fac21093fa14cf11efbd358b04267fa9c74e21eaab106d4079edfcf1f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
905098ea98561d7cb75d1078586097b4

SHA1
d3bfd384e10acb4e3bafe47224716168fab1ce7e

SHA256
11a34ec4d64530f18aa09e7c72218d99666f1cefaf09923a8ef0b6a766047c45

SHA512
b1f2fe5e1a3f6e3eeec30cedd0c56f9ee6ece409cbd07fc845e68d2829c6d9f136bfb153a852e42bf84de0d4557ac1353ba33e0d0a7cac8eb513bb4878c2ddd7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58142f.TMP

Filesize
873B

MD5
b6d4d86c2eec88d1b64b18c358e586f5

SHA1
c8cdf40f20c410f118540669b54bb0ae90a0fbe6

SHA256
aa31b4413841e1ccae77b5e11ecc85a1cb8244b84b2d975682524f3c8b31f9ac

SHA512
5cc66119d3d93ebba78de25d13c915ee41e47e2516be86fe74398a69ec5058ea32cc4abdc9ade21d7fd9be77c4c6e1f79e6dda4ccfd37ef08470a98e679bf092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6fd9a930f25070f3ce1ef2fff9ec09f7

SHA1
1c65f8eee31b62773045a7e0f5df76aff98d20a3

SHA256
1d510331c9d7cdf2a3012072281b96a7702a9bedf47e43eecb5d482db0078d2b

SHA512
449cba570bd2d08cf02640cfc665843095e790bfa5ca2799012b8108a398d04a8756737c125f44b5cc819d80315c13c2654fbc9885077d5c6c4621827d883d71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit