hxxps://capcutpro[.]download/

Analysis

max time kernel
232s
max time network
234s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
18-01-2025 10:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://capcutpro.download/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\capcut-pro.apk:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3708	msedge.exe
3708	msedge.exe
2912	msedge.exe
2912	msedge.exe
2968	identity_helper.exe
2968	identity_helper.exe
3172	msedge.exe
3172	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
464	msedge.exe
236	msedge.exe
236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 3316	2912	msedge.exe	79
PID 2912 wrote to memory of 3316	2912	msedge.exe	79
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 2796	2912	msedge.exe	80
PID 2912 wrote to memory of 3708	2912	msedge.exe	81
PID 2912 wrote to memory of 3708	2912	msedge.exe	81
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82
PID 2912 wrote to memory of 1588	2912	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://capcutpro.download/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc687a3cb8,0x7ffc687a3cc8,0x7ffc687a3cd8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1760 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,5658131088913299849,10189544173657381929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
  2⤵
  PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aad1d98ca9748cc4c31aa3b5abfe0fed

SHA1
32e8d4d9447b13bc00ec3eb15a88c55c29489495

SHA256
2a07cac05ffcf140a9ad32e58ef51b32ecccf1e3ab5ef4e656770df813a8944e

SHA512
150ebf7e37d20f88b21ab7ea0793afe1d40b00611ed36f0cf1ac1371b656d26f11b08a84dbb958891c79776fae04c9c616e45e2e211d292988a5709857a3bf72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb557349d7af9d6754aed39b4ace5bee

SHA1
04de2ac30defbb36508a41872ddb475effe2d793

SHA256
cfc24ed7d1c2e2c6585f53db7b39aa2447bf9212487b0a3c8c2a7d8e7e5572ee

SHA512
f0cf51f42d975d720d613d09f201435bf98c6283ae5bc033207f4ada93b15e49743a235a1cfb1b761bde268e2f7f8561aa57619b99bff67a36820bc1a4d0ec4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5a56a445-cbdf-41f9-b67a-c7dffaa6c40d.tmp

Filesize
6KB

MD5
aed653b6b78c4cffd054fab92c07813f

SHA1
e665c54b820f55ddba440a195e12c05897005a7f

SHA256
b9f7e3d9e2516ff3f08a371e07de773d7bd42f19aa81737628250354719fe409

SHA512
ffe1e5b158d97b39b886a16a2221971705fca87817e7fcdb24a50755b8d8ab4e655eff68b52446193b07fdfe7fab3ac8cb9f022eda42db271c37ee18db7bf8ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
325110db81b1d8db0332448d05d5abc0

SHA1
ae75cd24b47ae49d38006f749eadd039f07ddd34

SHA256
278a8d60ba021f6885b63b945fddd9a42ad8654fe98da38f47ae55ece6aff6be

SHA512
3a79d18a7a23b817b16d96d4faf26951c25c3081ef83e36f889a5f937d385f92492b3f592dfff98829fe764fcd685f2b933a3c72937e3486cb7ff10c296e4542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b9de5aad530273907cfa76bcda38a805

SHA1
106fc5898aa89b48175eb318c8d34c80778f627f

SHA256
5c4e0bd4dee8de646970928e6cf68d8b382d6d5e74a70511ee277684f35934d2

SHA512
d390fc4ffe6d5497675a6eeb59e8abb8fc96cdb77b20f2710d87f78a2a73e16cfe2d96f9c78feb09e7a9829169b664699e4427d0ee2b9f5bd042978c45769c80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
987B

MD5
0c7a6931992257ee6b06b4a05f2fe46c

SHA1
5507d484fb210e48be2683538e913f4f84c33dbc

SHA256
d5307a8ee9c9c09add4099415085417bffc15d75459704685720a278d5486dbd

SHA512
a13216009e106167985d3d9227ff4cc2aa610b6b8846b9c18d0faee7f3ec5bdd3bf55b228fb24ea46114966aa9e5664ad7d8e529cc0859686619ddf9da3be57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
696B

MD5
6f34ea8227031aa900cfd6cf5dab1f2e

SHA1
221753240a3ea53d08d77f22bfa09edf7985fb03

SHA256
8360eb7616a34dcec9f47e7548e974bdf4147699ad3e27a802f5c2b0e514dd4b

SHA512
b844e87034f458ac4c4be8b70b6610113d1056296b310fc3b643304b4570e5c53a6fe52eed25e31dac7b4773b1ce9be79dbe9a26d6116585d21f986e167e6b19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c78d691141f1e701cb7a48c3185e7e1b

SHA1
9501bcbe7ef9f9bf59d13975dcd69e359ebab2ba

SHA256
fc4d3e6cf7381d21b6f13ad2f374cf53ef4b2532de1476a5e2d458ecc68c943f

SHA512
652ace380e2039f382f7943f63944c3d6e1be7c6f87fe88caa013f0bb8c4d890175fb3d0f36046e04e6b2da5b309957d06c049412fc60b3e8ca9b48fa96eac4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fb49be86fdd5736065cd1c8ca4a269b9

SHA1
1fe145542bd0b7e97bdc9903b1cb7b00b09b6fd6

SHA256
1b43ae459466fad28c0691f6a21929c7a0afb1ed6081b6f09b73370fcfe2d634

SHA512
580f356fdf75e3c3850ed5c9e543e6c13e66023fc8ebbee0d9bae1fca68edb3a16ec9c9c3abb275672e66e20f23be028516161efc641423388f850ba4fee5c23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3537375f44cb4b5064f4f4bee313d59d

SHA1
b45ceb8744160fc2652856f034edd2b691530be8

SHA256
824a5255233c6e9e1c3b23315227562a1a55a10271f449c912bd4232e2898f3a

SHA512
8e75fe9f7c0c4e8fd21676d9aff1ba411ba4ab59ea2da41de58a8c24cf62dbf52103688d7fbde79fe3b26e0a48ce2c966366676ed5c2212fa8995e7e01889ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
be62d0d0d0e0129a54fb467e5689c97d

SHA1
3b71dd8c709873e29254ff521c78207ab28e1a86

SHA256
d81dc19cf2dac465b7d0a05947436982d5c024ea04d6456785ad6c394fb8bea8

SHA512
0e60ccfca9ce63ff9fe3ea34d8b37b75f042bd510dee3062b3f07ecacdd67948fa7c724dae3f014b2f622b841404aff827402df09aeec724811f09fd7b33d7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c55c8cddab4968e062f076242fa83b8a

SHA1
7c10b3389578472a3cded34dc311d3f4236dc704

SHA256
e44e8d08f40433b6432eea369e4eb599848d9b0e31244d2ab66b90e9a5c3adb9

SHA512
81c3d5007332aa6b53a3d5bd08aa87e8383725b972ce5584a3185bfdc6ffe9b37626b785f830ceceb617abed7e32af099f7201a7ba2e580301ad448cea313481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d188a0e6cab892c8a4ad985fe170798c

SHA1
97b520d4f548d6cd17266ce4f2b98abe630677da

SHA256
13ef6cea50e5475be84a52901937e18686ac034cab6816ab9772962fdcde575e

SHA512
19928336d8ba66ad94cff5452e3bf72986da4eb7879fe1215c62add451268f1f44866305f0d66ee1bfe752dc0a47f90653d333b62c983ec991268a6943a716e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5b25f3.TMP

Filesize
204B

MD5
9f9103819fb8ad3de6b79ea9e9fb7d1b

SHA1
3ba27f4dbd66cf12a4cd9e06c824f34ab5f47289

SHA256
470602ffe290ec2f0f63a75a941a8c71000bc7886b866c1a064f1db9861e8a1c

SHA512
7147dbffde3a8e4f57fe81287eef04458aba0986f8a62bc4c859ca43bcc05d8ad072798595cc090cdaf2d016d922eb1982c3bc07a7ecc973bba39ebc61193666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
99a66d8faf738f5eec9ec3eac0a8d0c3

SHA1
28d893cae11094e91bca66805e1ce7242e594293

SHA256
dcecb962e53c55072b1b8679c2877d95c7375c1b4f6a3cbc11852158f6db0813

SHA512
b43d3f53dfbef5b4a8e1e7cac22eb9f09acab1fdf2c1d127d3be259dab355b5e7a8ae68dc7332e6d952cc372f40e3f97f0820ff3db65553076f0e412e0126e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4747d21e5f70e04ae569d86aa49759ca

SHA1
526b51bfe737da16229f526db2377a4c4466d48a

SHA256
d571d8945a3eb2f10f21e3d1bf788f90a14e8984a700f47e700c5975b17b1698

SHA512
d3532add24a786ad25eef84a6645e0e336f2525ad6370d4af68dd3a89cf30b1647b599c0ef762395d03797a8fa79bbcbbd638152cebc34a4ba7d7668750a0e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4f81ffc3bfbe9a2fc3a5fa73ab9b3ea0

SHA1
f0849057e878bfc6130045cd3c528d7129d0ac93

SHA256
53c50fb4f6ea4be0cd42ca3bfbf74fade2c7002c200f973f2661b71340482616

SHA512
38a993f232f3ce4ac08891d19ac8f3e03889487dba1a1dc239e7f2d3822e71475600ca3b7d99fbbd159ad861efd7c29ced8cffa297995ca9d4d8d1f0d45c265b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4603a040a35ca6f1a84c305d139ca59

SHA1
cce9e797302a469232c0e4abc5308f46fa9198ce

SHA256
1bf193d14ecff9749d97ab4564146feb9d1274ddc515982048ee63c5168ecd3c

SHA512
cce76eacfeba752a07d4304b22019430af936fcac77d7d430d0550683ed269762082d905255b7c1c085d8d0cad73b43b0c22d421de462fd1d238ad8fd82b276f

Download Submit
C:\Users\Admin\Downloads\capcut-pro.apk:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit