hxxps://is[.]gd/HDwxOD

Analysis

max time kernel
216s
max time network
217s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-01-2025 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://is.gd/HDwxOD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2136	msedge.exe
2136	msedge.exe
3252	msedge.exe
3252	msedge.exe
2212	identity_helper.exe
2212	identity_helper.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe
1792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3252 wrote to memory of 1668	3252	msedge.exe	83
PID 3252 wrote to memory of 1668	3252	msedge.exe	83
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 864	3252	msedge.exe	84
PID 3252 wrote to memory of 2136	3252	msedge.exe	85
PID 3252 wrote to memory of 2136	3252	msedge.exe	85
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86
PID 3252 wrote to memory of 5000	3252	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://is.gd/HDwxOD
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa470446f8,0x7ffa47044708,0x7ffa47044718
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5268 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4016 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5004 /prefetch:8
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,17934469554287978880,3767286100316475046,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
7781dadfff643bd97ecd380887733a65

SHA1
7c12b16aca430fe0026cac416944586c7a4ddb9a

SHA256
9e250c1677f2468320eca25b0b041f8984aec4a47c8bd9a83a7c1e269b2964a0

SHA512
362518dc83ff9d3936e13f3d7257f818404280842d5e2741f879e52b363771af24e35ea57c2d1d527c389d2073a3412f1383763f011667e4f5934799bca9cfd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0d16a9d6de361624b4b91541e05ee111

SHA1
3e3ae2b4af422ea3ed68b3bc987763cc84cb90f7

SHA256
8ed76a89c24517281b0941478334dc917507189998816a7aca84e5d59d5a0593

SHA512
530c946301c70bbb50ffaa382ae67eb3cb84dff8dc5979bdb65e9a3481d17d78abea05ccb8060b4f0d912b2dfafd87bda6389227c0466bb28c4e02504a3e46ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
51555db8594293789535daa180da9475

SHA1
9ad3bd9d346fa665beaa3ba4b867e28ccac48630

SHA256
03893d6d0b630a42b50dc07bf1f17a05a7e05dc84da3261ab609961610bcca66

SHA512
d3179bd6ecf6da799adc685df13a69f0be357e8c038c067570050a56200182227ddbbcb0b72d4fcd3ed835f585978eb87701b73e265380bdd8e96b86e82819b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
ae9e4b1d12570c58bc90b436211c3e25

SHA1
13c13f038d8686c0fcdf9dccf84a7060bf28754f

SHA256
23f6b15ecd5fd0ddbd37394980ae0af60f3d34c9af892e191a5666038db015ff

SHA512
91eab38809e4ab619f82f0952432629728e9623f55aec70fdfd4994df34925bc65617ad3a929acecebfe038e1b9d34718acdd62b12f1e7ae71965b3bc5975566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c923d9699065fe61b2c891921be81804

SHA1
f4d388ca7febcf73c69fa3b0eb2db2cdd3723fed

SHA256
e422b1ab1e40dd80176047a8e79d2c12025c184638d09e0e33c160d84deaad2a

SHA512
1fc5b64deb3382cac496ef9b0450a71a274322276e4977b432ca9d94c00b58ff24984aef8d5c2050a5d58deb5bae787e2b515ee7eb941403fc5a73d59f0a63ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c2c79e78a4d5ea9ffc1b2daeaff026b5

SHA1
14af59418a43272a628ca32769c76dc186bbb60d

SHA256
7427c8efa7130897fcc63b9caa13a5f7cded1563f732613283e9a39f2f90906a

SHA512
fbadd14645a49d7346c7dd9957239b00a0795d9632f790de3807517561d2032318f1fc9a0ad6dd45c24b6cb41d9ed5e03832b82b112340e8eef1a12231488d64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d5c003a22eeab9d99f70002ace1cbd47

SHA1
158d3fdd599972cea11bd61552100a10b940ba8e

SHA256
56df90daf6f316c4d6fffda23a421226a0c7681002d14dce64251465a0becc28

SHA512
047b62a75cef6a4d60b037699561b5f75ae5ee9db00bf06756dfd629cbae134aaf078b3ec3322b30aff8a21e15bed3cc3bcb4bdd1d0a78f7e4d1543f8f711690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4ddc77b9912ef1b0cb37bc4e7b005704

SHA1
0dff982e718c4c788cdcb88346c35cca4d9f0fcb

SHA256
18dd06f362682472a9883664b44ce5a1c9fc4dee4ef593265d493bd32fe24e30

SHA512
b06b0b843d2981abe943b949225a5452381b571a2e7b6aa0bb35ffc349c436f3fec14bb3d4e4c9f2456682ce73d12ecefa39ca8e2dda4777a6d5fbebb52447e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1bf456aa31a0b116bb8d0a109715312

SHA1
91b430cc2589b81035ed9dfbc0ee4dd304784e2e

SHA256
fcf34bbea9a0e34a4fa3d8cb26705b7ff2eaef02f62bb321e949bb3d1bf1d04a

SHA512
442b4e8b206ae00588bcc29c6d78a98ad222ab07f4751376b34a037917810384c0f2bce9b5598fa8f88bafa4af73eed2ccef0cf361017ca6b96a37efafee57cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8607c19404d48a40a3d0bb5815c23da0

SHA1
b9e8d8e342a5ad64236aefcb3d900927ad9ace63

SHA256
791164159978f28f2e9c3182f79bb5cfa75dcad62e3464243356feaa2ab36c6e

SHA512
f33a8c2fd18a5463bc3745e7def23111cd1a82dcdbe51e53c12dab8149db982eccd0080f52de4ef5358c08f92af08511ad9bae244cfa0bfbed74df1e2de39206

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5d2411a839b6f35fb80716f571b7229

SHA1
f5862f008facd2c37adc8310ef6be04364afd404

SHA256
ec093d06bbfc1b64c8015dcf0046c1e238e696145705a832e1f31fa80ef289de

SHA512
942d6ed9d29d394092ab85c938c68b22e86b91268eac5e44ec2783062eff15854fe3bb1e6a6023b96da14796e7cc3ef1d59fd807b95f3bafcba94ab4fae31d9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b766c99f66f86716f5bffb66901caea6

SHA1
843ae3e07a78478b32bd495a838e6f0f82828f96

SHA256
f7c98bac93343a45a2c3e5b7622e7801a47ff375b74d8056806cfa2241d7f293

SHA512
2321c2013e2ed12bf6f0079a4509a7a1e9e69ead5c2fb0f288c9259e853f299b45602a9ef59deddc72168d232a166dc1e8bfafd6575806a3df19e4b0343afff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
714ece582ba5a93d0904c56a3bb44f1e

SHA1
6bcdc9a04c8aacff2398cbba797b653c8cadc407

SHA256
3c79ce9d45edc4c1f775586491bdf014a3cdf1748f9b59a3282f0ac4768ee161

SHA512
eb4849b993898bd87fdea67e17b8b788eb3c56ba438b08df4e69a58279a6d71725650e2c86bd647709294d23cceff41dc748668436cd581cfe3e7a4f895ac93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c49c6d93ff4d81a69262183e97e6d762

SHA1
57beb061e15d69f152b7ae58e8b6fb6dc4b5bf04

SHA256
6938aa5531671158f9dea4d1680d851bf957b754c805035a0d167b1aff92ca22

SHA512
d35caa15254258733346b4e99093cd8dccfa4b028044baa7b5846d983be1984f7a7371b6dea0d61bfabb0a431a880960a13763d4aef86e4597b52362f6f774d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
599c53a00c8237c3b10ea8de20127f03

SHA1
87c6b5b1b6b4138814859123b2632696be36f33e

SHA256
e525a01ec3c183626aead944f23f5f4eef8956f21385037fece03968674dc87d

SHA512
8418d4e64ef39e97bbdff791061f6476f6f51fce8223d36310c2e14e1428724b370cf1af160ec5b0511f9a115e7815a6fd4bdba5aaaba18ceeab50bb04da649c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
63d9d76eedc7c51c0248b4df23b8b7a6

SHA1
ad4b6aeb8c4856c2a20a37758bff4b312155c241

SHA256
809a29e8c36fedbd1cd5e6d0a7044df4bfe24f40b1153c6002de3eabc8c4081b

SHA512
6f1638b3d2897d83270693390663fe0d3814db9edef84352f45167b4079d64ac80271315e56fef1de0973e07e8bd0e8c81b25b9f597fa0ffd2347ffee85ac0f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5807db.TMP

Filesize
1KB

MD5
5f884604b4156a5d55ff09a6e64498bd

SHA1
1f01da5b146617098d899a1c6d9f33310cabdc45

SHA256
849da580d84a97923efc1a1e863801fbc23ec0d34be47d907374c9d168e77972

SHA512
370a46fde384b2a8f9b6c1361f7f8563db71ce638be7ba2e041d97c53a7313e3bddd31420dc85b5ed9eeb250345854b78180bde950625d85c11c1937203ab9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
330b2af0fa4080cecb3b19e1a0fc74c7

SHA1
3eb9a1f7247a840962562865e13f9d878a18ac31

SHA256
47a1056b41cc405ca729fcce963a67fc4704711fb7087df436ecc745827ec841

SHA512
291f3f73d201d19ada8fb5991e2e455d870813d88525f4a2ad7cdbc3038e759ac6dc5d0108ea7171e58c95a77b788ca13c05670765b6f3a801082b974c98f7fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6bed9a1405dbf6b2f54734624cca9f62

SHA1
49f34c3a5839a6f2d4f0f93eef5a1ef347e13acc

SHA256
74b3a121971bf976a9496cb1b0a948858ba7103a5198a0df29c9050bc2db1e2b

SHA512
6a46ce0958ec49bcbcc083982e90376aaf1fec855b84aa62e8942e1591874f2051ebac7bcd2084633732c56a1966c16a9f7746cea5b2ce466f2b0595cf547c58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit