Resubmissions
13-02-2024 10:28
240213-mhx3jagh36 112-02-2024 18:14
240212-wvp25ace39 112-02-2024 18:07
240212-wqp7bsag9z 112-02-2024 17:59
240212-wkpnlsag8v 1Analysis
-
max time kernel
151s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
13-02-2024 10:28
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
Resource
win10v2004-20231215-en
General
-
Target
https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#010130
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exetaskmgr.exepid process 4808 msedge.exe 4808 msedge.exe 5048 msedge.exe 5048 msedge.exe 4704 identity_helper.exe 4704 identity_helper.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
taskmgr.exedescription pid process Token: SeDebugPrivilege 4440 taskmgr.exe Token: SeSystemProfilePrivilege 4440 taskmgr.exe Token: SeCreateGlobalPrivilege 4440 taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
msedge.exetaskmgr.exepid process 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 5048 msedge.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe 4440 taskmgr.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 5048 wrote to memory of 3616 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3616 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3900 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 4808 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 4808 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe PID 5048 wrote to memory of 3712 5048 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://doaughartifies.co.in/#010130/"msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#0101301⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc3ad246f8,0x7ffc3ad24708,0x7ffc3ad247182⤵PID:3616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:22⤵PID:3900
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4808 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:82⤵PID:3712
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:4920
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:12⤵PID:3956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:4644
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:4068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,13171197874842627392,426995201670053529,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5848 /prefetch:82⤵PID:4920
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1056
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1380
-
C:\Windows\system32\notepad.exe"C:\Windows\system32\notepad.exe"1⤵PID:4496
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --notification-launch-id=0|0|Default|MSEdge|0|https://doaughartifies.co.in/|p#https://doaughartifies.co.in/#0101301⤵
- Enumerates system info in registry
PID:1084 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x11c,0x12c,0x7ffc3ad246f8,0x7ffc3ad24708,0x7ffc3ad247182⤵PID:1912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2468 /prefetch:82⤵PID:1964
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,6924829933027558052,8300739064059829088,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:3904
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2268
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4048
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fa1ac6a519d0d69cb2abd698e150006d
SHA17513611b9306aff448423476e0894c5a75edf1c8
SHA256a71cc573f62f34f4fd4461bce25204a15df79bbc965546af7d598dd06ae1db4b
SHA5121d1a7148f066f19071c93d21f541c035d215b492ea956ffef1359bc3f8df2502a34ca900a1cbbdc10e30145939bedc25fcbbdde9b066df50dacc928d810233c4
-
Filesize
152B
MD5011193d03a2492ca44f9a78bdfb8caa5
SHA171c9ead344657b55b635898851385b5de45c7604
SHA256d21f642fdbc0f194081ffdd6a3d51b2781daef229ae6ba54c336156825b247a0
SHA512239c7d603721c694b7902996ba576c9d56acddca4e2e7bbe500039d26d0c6edafbbdc2d9f326f01d71e162872d6ff3247366481828e0659703507878ed3dd210
-
Filesize
322B
MD57bfd55dae5bbae5e71ec4a4b9fd15d9a
SHA17d5949d6a2b636f279a458cb1141520ec70c276f
SHA256c1356fc3363d34e6088e52f3a8906d6d7618d6090cc529d84c0c0ba0997a5628
SHA512bd4cad09503184be3d34f0ce53900a5039ef5a86237eb7ffe495fc11261e70891858e54add18d98f1d1147ae8443beddcc65b4813dfc5aa756480ac3b1a48cf9
-
Filesize
124KB
MD58f3d468df79f84bdc6b4f2b960802686
SHA1345019ece82fe0dd742164e76f11f8411bf3c1d0
SHA2569b247d36d6bfcf89a347ae1103b1faac9203035c49828f86c2aa9baaa562cad5
SHA5120628eceb48aefeabb57dd536c1739478db7567af95fb383deec3946d2015b2b66ed2f79d6cd947e4fcd1b6a60a3506b46ab44ad20b160002561cf7a2fbfb500a
-
Filesize
334B
MD5e4800c6134f6ea49ad37c505144f69b3
SHA16c6f9915e65c138cfa352a9295f4ba4ac44653b3
SHA2560f145f5b1f57aba3b96b298ab4bba0495db1ac7c642f460b92a88c2bdbba5551
SHA5125a2df376027dd328c81244e3b33c0efe00d9b7f479f265dfc660ca591778456016a947ab8aad63d30ab73a714c76f591fa9c1945020c955c318bc1b80a2d2c82
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD59371e06fe7e69c7aa8c597ced98f89b0
SHA19f04b63c1cc87c5f109b442cf0f94ea09056fe42
SHA256b4ad7367dc653a00e1242180272038c4a12c7a75d4430950e6cfc0221568080d
SHA51270c7465f0cc9932d16c5a4832abd5df17a067126aa87dc7ef9cc7d7b0ba210ef86e4b222a7922b4ae2e40fdfc85d95b0711e6731954b952a7f8e0b0da1269b55
-
Filesize
6KB
MD50818f3f3c6b69bf19ede500de6159ae2
SHA1c082d079c2be38861087009e5cca28cdad55fb6a
SHA256b63708c195dce4876530c38990b26f9aec0b4a5a881a7816a31fc7b69066b6cb
SHA512264c5f2d4bd186e0cf3f81dbceddb479837a5acae9d882376b565ce08480f242cf6cf95e63299c94f23627778cb3e31d4027875e8a7193f02c912ab6b0a14e1d
-
Filesize
5KB
MD52f836302d3ce823534d4c2e54217e819
SHA1d3a53c2470f4875fd9cf632274070ea272c67219
SHA25603515dd58ec253756db3c4006af61d5b8f88ecc51a35dd3e21f8fb66723283fd
SHA51266c80cb92faf1c9a415d8db1b890ef22719eacb54329f4d9bf85fab8f6d9004cee08ce4e3dd0a63d00150d5fe7bf6a24625152a8a559dfc8cae9f636a5665a21
-
Filesize
6KB
MD5b6d4442144961261f62d9a8ef0d78546
SHA1f559d44aff58995f74a8b1b5b27a11a9005f4fb8
SHA25616ba441e3146598a0eef935f80fef3d57d328ace46a60ce769420ad99aaebc94
SHA5120f4d76db3829fbdc31e45ffb0a4e70a20420ea2fcc8667d61e6a0b3c62d36137c35f62b1230131aa9f090336250ada2a86bef032c58ff07c56efa0398642d940
-
Filesize
5KB
MD57ced27da0e241817aeeef269a1f274b0
SHA133e2445a273e60d64d7af58e26e95ab4a6e47ed3
SHA256929251f2ef017335b064cda89bb98fbe33d92ed689c07d00195c13ea2bfd1d3e
SHA512a0bfcd557c1163e57b2b92e1b404f5c20c9e746c3e2eaf86b1af68561ae8e6be9c6dcc4c63742987e2151402f3f68cd3722aa04d8ab813a9ad86cdc7dd364714
-
Filesize
5KB
MD56694b505a1086ca30bfafe7e3456ad9a
SHA1ae2f9a8ba08e6595ad369ecadbf86e7ebb9f3646
SHA25610f741ef3cd49b49e8560063caf7eeefb31a3aaa09e2af894728b7bf710617ad
SHA512b7151705f9a9354e16642a3dcd16e4ccf04a210545ae760171be4deb917525ce00e76161ae30a79fe4f3a98383a4cb5599ceea1cebce4499fa59fe7641fb700b
-
Filesize
24KB
MD59bb64859bede102545b202b497210b37
SHA18555671fcde5057deff312971e153f3b34597e6e
SHA25622294f3f648106db3ed092455205fa25ca748f4d8c41645666e0136418d49a0b
SHA512090be310ee8f0602ed03aef2d45af0d541d02ae5a392a8c45a41f7ecabbba0f3591afcb17a553011a06de319aa2ddca59f844a86ad89e7c22494ebd09bc62131
-
Filesize
24KB
MD5f5b764fa779a5880b1fbe26496fe2448
SHA1aa46339e9208e7218fb66b15e62324eb1c0722e8
SHA25697de05bd79a3fd624c0d06f4cb63c244b20a035308ab249a5ef3e503a9338f3d
SHA5125bfc27e6164bcd0e42cd9aec04ba6bf3a82113ba4ad85aa5d34a550266e20ea6a6e55550ae669af4c2091319e505e1309d27b7c50269c157da0f004d246fe745
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize112B
MD5620d969524aeba5974bc75507c7a79f6
SHA19b0f9343a3ee74be92ee36cd6d4c4b437994e978
SHA2564fb5a0fdaca7b20d52c5130d4fdef7f4a8282f391027330cde8acdbceb798501
SHA512cff9a7b4e5a5c5a536987e85867bc842c57163c53c320ffa43f9673ccba2c8a75356fb8666b97341f94fed37f343a0eb78c276d6e0c39b32303a06ad9330fb32
-
Filesize
350B
MD5ad5bed48edc3e990ea6c23ad38251089
SHA1a4cb1c661d2cfde6b62fd766c41eec76e6af342b
SHA256a108c17626a51765451bf5049c6559608d14e078e7556923f6345f57a391b5e3
SHA51249e5ac3d5f38bb600fb6fee4c93ab7b957ad39c7dea6f3750d48f85869c95e6e37be9d4c5ef5663542fe5b967d7d984b5ef1f0fc517cde81014726902cd01c27
-
Filesize
326B
MD55a4eb60a225780b179704f5f8ca64157
SHA1bbee7ae9b1dbb083a8adaaa40c5c13cd0c5ad6a6
SHA256bc03d4ef85414b2af2bda933e06a60954909493c733601940f7af71b10d09dfa
SHA512bb79ac9fe44194c44f023e8cc64e1a8f19722ea7cb186d06e4e6273d22f4bf486ab5c9e6d8cd23660e056f83a134f93de566a3bfed6b409fc0bca5d89b1b1547
-
Filesize
128KB
MD53cc963b9b5c0ad666c157cd2d9ea62d0
SHA1362daccbcd3d4c077d2e7df3ee9fd18bc03603d1
SHA256e7ba5f5e040e7a3810d17e3232530607c0e52d79496cb1373620f797d02ef6d5
SHA5121f024fb293e225b29c56bddbda043afb1cc8436dd225e50a211132b35d8c770abbb82abebcb529bcac6ac26dc90010f0ec7062e21d14ba629b85d5b0af270560
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
44KB
MD5428077b67de355ea5578b9f77150ac7e
SHA12de9bad985d2f36f2f29b9f50ae314c749bd8912
SHA256bf97c8b107bd354e82a66e86deed9714b2d1a926a2e8c4e64f144f8fcafffed1
SHA512210d2e19feb9b41fb44ea3335bd5fc47608004b617559108386caa21860431ef99433aa113ddd8ba059b2e05f45d6d7fe467bc271e2295593b254c205008c75f
-
Filesize
264KB
MD5fde6f50884d36b9fb4082c47f2a67a41
SHA1f4f98be485288cc30c8a445b0d57b2f082644fa1
SHA2566fd54581572bdfaa6c26ed901d6e6de8e67097fe1c3506baadb845ce0f0aa7a3
SHA51239f3099d579623453095e05d4a4163356c56fbb74c66e4d20081f12e0cc6c17d6418a1852901addf0fa244bf0f300667bc2064aab6834960d6896de4550a88d3
-
Filesize
1.4MB
MD5087069aa14fe94842352ae21c8c82638
SHA1f644fbdbfbf71cf20f882b8deb524ba96ca2f56e
SHA256caace8c52ee8aa827ad1e140e7735090419e061eb4323b25eac3b3449d528651
SHA51293a09a863020777b286615fe5579013ff71aae893cf493250a90874f7037e475a37f548273e1a28b931a7f7e9fce9c5ff2ebb4f47b6316319ba21b7ee1cd06e0
-
Filesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
Filesize
10KB
MD530f4138f9b22632cac97d7a04d484ba4
SHA184705992846e0714b4d1327fcaaa4069b7d04674
SHA2560016f35cbf3d6ebefc6d8c822306aa392c281810a39602709d7afff13c1a182e
SHA512ec0d641b8ef38afe9feb0b3001991490e64e93dd4c6cdbcb50a812eb847ef71b41ca4aba470121d7c6a2f3a91b54342306250000e477dfaabb2c56a9fd98579d
-
Filesize
10KB
MD51c7fbaf8862e21d714551f8a06116918
SHA1a4ac5e3f0b8f8119862c5f176f6b39a2860f96ff
SHA256794ff47b066c0e107f2203f4205d206500f13bc215fbe9a716e455f339446802
SHA512e2a778b21607fd794fc5adf0037dae5c71321d1468d14cbada825ffd2886d2e25c4b464855af7ca446ea2acce645c7bf93f4089244495db74060da02aaf0ba60
-
Filesize
10KB
MD5ccb6af172baf548a1645eec04c322796
SHA19bf0bcfb1c698e77c8daa2b55e1e05ae0bb68972
SHA256337a4898fc9aa190d40070902d32233a303ef427adcebf8afda48a007704075e
SHA512f97c82ba3236e81664b9410c36cfd37f4fc9a973d4ce455e3ddc25ed51aa3d4aa49ace6d41b54fa2b7143d9485038a6a97da8f6b9442ae8f356c8119721a031d
-
Filesize
264KB
MD52ae696171723ee2637de0614a68d6f24
SHA12f3b605dadd8b14da3b344cb725593b45acd1e9a
SHA256c401bfe721ae383f59633867eb902c548af24a7d215d480fa8f6980bc6760e36
SHA51221006d50d0c73688610f491dcd63b692f8b2e51e01abdaa3d79738f46ea3826f2a465a201d6e7d5603b830afc262410979d0f7b670e8a43faed64211232ae40d
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize4KB
MD57cf3b9763205d75bdd9f4d9ccf7cc1ce
SHA1ec58a93ac2c30cecf7faee2fd769d85965a2b13f
SHA256e8a5804c166002657557dc66760932a06781387c81e3ef75522f0025b72ff25e
SHA51234887976f36b7941de318ad6a871a6889b4cdac05ac37179455acac53b30751dda193b22dae563e4739232c7a5979eadcf35893a574de9af5eddba7e27110240
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e