hxxps://veruscheats[.]site/

Resubmissions

20-10-2024 16:40

241020-t6n8vszhmr 3

20-10-2024 16:40

241020-t6jndazhmk 3

20-10-2024 16:35

241020-t3l94azgjq 10

19-10-2024 23:15

241019-28pamsxapp 10

Analysis

max time kernel
1791s
max time network
1793s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-10-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://veruscheats.site/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4832	msedge.exe
4832	msedge.exe
4044	msedge.exe
4044	msedge.exe
3108	identity_helper.exe
3108	identity_helper.exe
1888	msedge.exe
1888	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe
4084	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 2316	4044	msedge.exe	76
PID 4044 wrote to memory of 2316	4044	msedge.exe	76
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 3720	4044	msedge.exe	77
PID 4044 wrote to memory of 4832	4044	msedge.exe	78
PID 4044 wrote to memory of 4832	4044	msedge.exe	78
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79
PID 4044 wrote to memory of 2568	4044	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://veruscheats.site/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffec3a53cb8,0x7ffec3a53cc8,0x7ffec3a53cd8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5900 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2600 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2372 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1796,14084358858507654036,1475809896821088459,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
003b92b33b2eb97e6c1a0929121829b8

SHA1
6f18e96c7a2e07fb5a80acb3c9916748fd48827a

SHA256
8001f251d5932a62bfe17b0ba3686ce255ecf9adb95a06ecb954faa096be3e54

SHA512
18005c6c07475e6dd1ec310fe511353381cf0f15d086cf20dc6ed8825c872944185c767f80306e56fec9380804933aa37a8f12c720398b4b3b42cb216b41cf77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
051a939f60dced99602add88b5b71f58

SHA1
a71acd61be911ff6ff7e5a9e5965597c8c7c0765

SHA256
2cff121889a0a77f49cdc4564bdd1320cf588c9dcd36012dbc3669cf73015d10

SHA512
a9c72ed43b895089a9e036aba6da96213fedd2f05f0a69ae8d1fa07851ac8263e58af86c7103ce4b4f9cfe92f9c9d0a46085c066a54ce825ef53505fdb988d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dca0c278350d74bd_0

Filesize
20KB

MD5
2c8a39df7867309710d40c33f1a09d33

SHA1
7b6c304d1e963a4f114f9f43dd61d3e0727acb9e

SHA256
64cdc50c58a98f0ca111bb68c15733a32023d8474abf58f910bf61e8a528434c

SHA512
1c213728427d71b6eae5fb70ce1e3951bb35b264006b071667d986283992a7539375727a22229f643e39f9d122a63db01c81519f2ac2e41b654c1a53dc94c9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
6d457746514707796d0b002e23ca314a

SHA1
e2dbd945fb2ff6480e44477d4c78f098cacba234

SHA256
5afe3841eea343e9521dbe60faf1ffd81302689946d1e9c23a8f1ee485b7edee

SHA512
f56e468587f7c24f8eb38d371095e7521c58612a49c83156640f2d0c67f9b0077c77e1a85cb45e12ebb5f2d95159c6a99234566a09b75dd82d5fa206ef2ac180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
47c431d44a2b4ece18121ebac737c06a

SHA1
7f402c5a7e828419b9ed1905968ec229737cedfe

SHA256
ba53c99db3f188aeccad9befc88eea1e4b188f870acf43dc4cbdea8a5bdad162

SHA512
9eaf8fc7761791c9dc093ee94b956a462ef340418f5bd7a6e8e6f40eb8fb24032e74eaec55252674663a1acd140172e1a848449a523dfd8c294ca51e408096d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
72aa8c26ddd572fe33acc8293d721559

SHA1
3dcd1ac232a6c235b67f63643d586488ecec492f

SHA256
2ff61d33f68b8550c502dc40bda04ff94952d9c0b94b221b0a4bcbc841759c0c

SHA512
62369c34506343cee65ababaaec6a80c9be33f0d592a8bab411ba738a960b79cc0017b89be90cdbdaacd3cc3b13634b5f8c6ff4aba1cc047c30046fcb266499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
416f341eeabcda35e670293a90d39b65

SHA1
6ef545b5057a543236d869dfc20081393a542761

SHA256
8cd9b2820807ea3bcecfaee1d771f60a351a147247122165e3192905c57a0dd9

SHA512
9540e6329e8cff179fe008152615da546851b93f9a2a12a3ea1dcd538f3c0522292f01a730995e6308afe108f503634adf91eaff0020ff47e4bcbe1b3f1758d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
3c40b7a78d5f6a2008207acd4a579854

SHA1
1833d60b181876ae304d852e7b41ae459de7ddd4

SHA256
618052bd76003239659f5e3d9ff07936ee65bd5b6df1e7425824a16e7afcbf13

SHA512
3db6a3a7d69d6a2c9cc4415c688b61c3d9c0db595464e981deb55e2e7959fb20c8693c1972fd91f3ca51a879f2c0f72dc6917135f10bcfffa47945b1fd7306fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
cf18852bf5d7c0040909d6787b203f9c

SHA1
5e145068f9d95c811b6c931a7f1eb687de1fec1a

SHA256
d34e719b5b4eabb7bd462cca292ed4cf6d0014b2e334fc60f9fd6c6915c404e0

SHA512
d846f92d6b6381e20f236fb2586f153e36c7a7267f77e8f3e688eab13e5206ae2073dda892f20d910f4aaa9ab2e857124959bf8f392009ca1b616a7434dffa9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
2df1b2f5624aadb85d3f9c05f1586f57

SHA1
afb5570132d52acbeab62fb27d3035ff3ab85ecc

SHA256
965bd916567683d084e682fa3f48a9e621b907e7904688825d84710a4b94ae0b

SHA512
6f632a645aa527dac56087ae9be0829867b894f476dd4ac1f901b8158f99b60697ebb35fb0c63ccd8b10bf32cd5cf34d5c91d41b601f174b706052febdb4c6a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
24882128e28631ee4e4228f10f79803b

SHA1
9d6b00f90ef4d7c0224f4a5e8b52203daad49020

SHA256
4d4e0dea08b56d29c268af15d3f43c925d5d229abf3ee4c3fdff21a06e99e869

SHA512
4b70a24f217aea026525a73cabacc9795fbfd35ba67bafa0e9ca43d2960f6ef554871acc91fa86acf8cb724fd570312bac1a538b36bdf52b03ce9732f536df79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
2c7647474c8490491a3a4d7a730350e5

SHA1
665fda923b96dacfcf09a0d86627bbc1dfa11d39

SHA256
c7548bf1bf36e9f6ed3d2e78fa8ea047f637aad742c461f132fc93784f7a7411

SHA512
5d10bf3619c000d16fdb7a0125548ed56fe2e6710bc11268002a468ea530c0a15c56cde8df2371b31900d9da8ffaa769341f9fb53d0d9ef8fe40296bac9fe6ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
576B

MD5
db9c09e1f3447f62a9d469dfb7692fd6

SHA1
c3b7cdfa61dc9772957d85dadaffea6eaab46597

SHA256
65ff4344ccf2bfd3c76356f14b71678bec08dcb2b8693fa7e5ce3bdf2bb7ed0c

SHA512
947d13e6a22967766fec274e995438db2f28569288585df3c93e907f9fbc0c66d3109e7a2babd924449ae9b2e72e8b32cd3affe5e25af92788bce80813a0c337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
672B

MD5
8afd53db4c112242774d351bcbb741da

SHA1
23a2bf032cc8cb936628824494c36912d7a84069

SHA256
e29b95e3ba89ee1d227adeee14cd3fba0a6e58efc80664eca0adf1ef54612ddc

SHA512
c1f83b72f07130c5d79d13e769a696272c5e30f79c94f6159e45dd1192323f990f473d61d5e1b5c9e88479b0d3de488cf876513ef6b07724f3974016087bdf3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
1798d7072cd40f4021ae32e98427d887

SHA1
0b3502d757410b76fc3e5069607467b747ef7c3f

SHA256
ea353d6e122ada1fded6ce5ba7782cadd838ba15f073c88ee5a228ac2f005116

SHA512
c139724bb91275ab15dde9979984f122a55a215f3aba7f03b9d9f66c78756cd2dbaa359c73d2a3cf66a1ebc382f1c533f2ea5038f30f93c74df6a4e3d2f4546e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
0bf9caa56aff61c434d7e414050114ff

SHA1
fef86b95412a8bbead90173cc2f599d15523d3d4

SHA256
c9fd675e54b1878e3fe6569f451a210c2c3224e343d73ae5e45a327c3dbdae74

SHA512
09d3d629349c4db307dd697d42f5f602092e55fed543e95c7273c2415303cacdbb77488a9821f4b8ff96256333187a2f7cb3de42d937bcedfaad51e7100f76b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d0fff88c3678209ce60504a82ea0dea9

SHA1
f9938d0d7b0d1de90284f434476bfb4b6ea48452

SHA256
fbdd0b1b2062746834704e9ce8bdbae963d343661012120ce619d8bc946d3723

SHA512
35b479e439b2757f08056945c9ec105325921f11febcb82f8c0fb89bd3bb8565d95d0aeb78a1580392ea57da82a0078ed811cd3fe3ed790c5b75902a66a754c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
525B

MD5
d12ca5ff08f4f0a089645c71767123d0

SHA1
9cdb764eb046085962016f1b99d4a0dce8a1f4be

SHA256
cb01048d545de3fb0e479a7aa5d963bbb1c4ed1f95d1418559715f85b8db4740

SHA512
8a9355364614d412f25b00e4e2ddac6d4d3cf3987351b3f24da4ac7562d3f2f4d0a6af2c77eb639c785161613b11e5a42b4d286b4be23aaaa060782e3c631f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
682B

MD5
2552ec7487d7ee77ad9a88b6d4e4f7f0

SHA1
71bf96a329ef6dc59d65b7629baf458321bed617

SHA256
f19ed4974a9429542124c2af01109b3805d4c83a8c9be379858973f14d767a14

SHA512
6be098b1e587acc0f04fe67c6a5b5c40779068c19ca518d093ddcb7e687fbba0bb3a9c20aec4e15adba090560cf3b475fac3ec2460c640de6c86b4134cf2ad7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
b7aecd09c5de5e6f6c9e465f108d74ce

SHA1
fd9bfa63d8808bce04c951a01502adca6b4104a7

SHA256
7f45e10a17a10adc168ce862cf4c1a45126931a3d8748b7fe2c1a1abf3a56049

SHA512
d6aa4d31bae5534173fa8f0c33381ffdce25b4abbcb8a1985709138123449a37b8901388767f9a9a5ae03692d93c5a01a3b6491d81d7a80dc8af07a3e3cd4165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
139c5ac9ed0697fb123bdcf3704c1968

SHA1
a458108d30a9eeaf38f913895d1fcdfd9b9baa74

SHA256
11739c498b6989509aff8208619d030c1768eca3c7cbfc15c0a90376c8328f48

SHA512
7093670831ec4de6309102b743c35dea6d677b0e3d1519a959953b65d9db9888b9385548c42497d9aed78e680db1656add5948a25ba0645702991e0d456f7cc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
464add8b5f43fb81166fbd42db1bc393

SHA1
2035bf3b0e2b097f8fcbe18a6893c4eeefdde826

SHA256
e49c9ee42a053f0507e1161078fc4d02e84631270b63c03daf26919415c5fd20

SHA512
16b58535ef8f2feeed8f2606a0b3bc274cffab2b4b7f96787bbe5f35727101abd8bfc6def28e09489afd56ef762eea5ba1bbfc93e0288673e6e652991a58f3f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
f22fbefbd468cfc8ae5a302ce32f0242

SHA1
40d58d59ab0c3db30c168b8a7134c93680b7859e

SHA256
0c2e1db3357f6e6b1d1ce4664f66796c0c6963fccee67c76a2b047365cc8414e

SHA512
a505ea7e61b75fc74309a33e8fc6a9e0b80a3cf6e9b658903c73d6f8f522c3f7a6cb5a76f886a05685e046bb063f0b16bff0250373c3033f29ad2eeffa41ff1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
fde8a4163632900eda58adfbbf35fe2e

SHA1
ca347ce400b650fccab5d1a58519310776e3bf20

SHA256
f7ce0aaf7ebdf3c7c829d8be575adfc16f6dca77b336f278f3cb726c5d33b2e3

SHA512
f01d66e3c058bc64faa1e89dc4f15056b18d65dc28b57ee9a4b7a30d918c88e54c2fa810fbe2166a5fd75826652cea93fdf1a6f474aa98581efddac6c6b15b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
a1ad3b8551fb79dd5ccf628784870f79

SHA1
222fc6217af0510bb5ce866c4a28aba8e63e6ccb

SHA256
ed40ec5ef1c1a2d9a5581aed30434169bca13ea175d0b5f35fe8ea0e6390e57f

SHA512
20f8637182048da13c46d0a15a59cc591e02357d381075eabcc779f0552686a424ba2e7be96f0e84ab53f6cae4d78138d532137847c22b5de43a44f0a863f57d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
f1b0fc58aeb1454cfce3466ab52bfb05

SHA1
845eaf7d40a5002563053c4e00193ea8c31ce029

SHA256
cd9476a19cf78600bb0ecc2184f1c5d62128e76e901a9fd4e69a94a31fe64912

SHA512
c6ddee7a0106aee94a78fbddc461814ff6d70a420244cb07443fbf9b9bf563edced1cb53a693069a818d690395ba767c6705295ffedc63b7a3760f2803861a17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
0b225066b3f156945527074824066579

SHA1
155c129a1dbcab5327c06dc5018669de60d30c28

SHA256
f1b9babcbd4e75541300d237f829b16b84dee52441d5e62c7c12c4d48153dde6

SHA512
d34a0be86b9718011d4c3e05543d4fe5336146b5e77b5d0e7cac6cfadbd99ab1e51196e4e4443c9f4c35d945a5714bff3f907ad24d5d4c11b9d25a5c22ebcad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
88ec40fc3c804f3aa18dc364f70bf0e0

SHA1
f44f2f828db4df05df2409b02def942765a703c0

SHA256
ae000979fd9e7b162814b00b643b9e6597d259a735e1d79260c1eb573c0e3562

SHA512
67637a42a4d46bade78dacea65e06cf78ca3aef502ed069fa38d9e187f1ca0fffee921ce10d9b0cfb4bdc5fd6fca7b86e7db3af2d53384edcd3e8923aa4d4ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
f9c029e377b8453a1a67ecae82fb6d19

SHA1
4d4992872d097b79e4a2c43ebab1bded411659eb

SHA256
7bf99874a67060846f2c23c90049a620c4d9228ad579b814869f271b593c07b0

SHA512
67c7a13f923e04410bbe06d3d342145c37ab68b92e966c93d1880d323245cccea00fdb780b6193c1a16bbf9388e176c66e88b2ff5ddfc9f0df6327bb6e0e5321

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
c6586a1792c24e28f829bec629fefb9f

SHA1
72431dd00effc660efc6d64227735ba0bdc099d0

SHA256
51f146ce8fc91ad9ad217a871cfba227908ece95a59911e4518a169b4eb924c0

SHA512
9640a0794ba5c649d9b8321d881725a3ed35966f939617cd854f0773b3872927dd2dbcd04785aba3134281f0b57956f6a9f8dfd9cd6b6fbfe65d11a7cec5d7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
3b5bc6af15868c205a04ef69b7e8a9eb

SHA1
3185aa1362e9975447802b28bc5970180b28b570

SHA256
f6fc2da6f4ee3366de3f3fd2ced8445658089247e0b16e9f8c631954a61c3efb

SHA512
483e8f92fb10aceaf3ce47ae05cf9fe2c442fb370677740d52dd17b3bdb50d47e52967f2005582eaacdee96d5eee7b295d5ac7d270e8db0fe290aea9a5af00c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
556B

MD5
21ada8a8aa1624ec395b43911dc1dd78

SHA1
c86ff5edc1fba77a56d24807fb04b39e7e0ba059

SHA256
dde8d0f2448649a0a6bda95c0bdce1e1a5417f7c8b8316cfacad01cf0c716e33

SHA512
ccac2b7e140f011d76a28852ad2b1f6d255f2d51589e76c99b8523d7e347d888b2c4242276fe87fd6ba473d0a57bd3e50ee100650e4e1cd2578b491d04b870f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf2c76aa50226c53a0d831ed3140104e

SHA1
dee7ad772d04dd258977b52757187f7cb7be91ec

SHA256
21c99851e0a75a2d4e7e0dd3a1cf1cb6a8a0a0a4e82b7799424f464c5492a03e

SHA512
3d3575d48b52c027a1eb6fffa067946c64c9efc4a4442afb8f7acf061575c2739eb942fd39969ce43a8f12621ea74851072592c782bd3e97c277d83379d41306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fd1a6a42f058bdeeea2a8836add11d7

SHA1
e5309b53ac71f828897f662a37b8a1d073ddd7ea

SHA256
a7645d519b83c2674dd34bcef3a5f468515fe1f045e45a4f11ea69bd69d943e5

SHA512
cb5079f84a5e84d04b5d84aa9f3c0e9ca3c581711d1055cf524c0803f141c27aeed146f987deff23ec1652c8ef807f8ee94d10c87ffb70fb4b38bcac37fdaea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6525ca9f749ff27b6b1a2c05c8a5a950

SHA1
34133b37e1ab438a3c0770cc52f66b2d918d19e6

SHA256
342db6445377d5e7d4b4873866b0a70dced7de495a05b3fd74054fec76ecc291

SHA512
480daea1b186cfaf40954d3606ab33a6e78cb193fecca0cb90b7943c779e199d211b5ed91ba5819d52c4b86b8203844d2c1ee72062b17bf790dee1746f8918bd

Download Submit