Analysis
-
max time kernel
900s -
max time network
1172s -
platform
windows11-21h2_x64 -
resource
win11-20240221-en -
resource tags
arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system -
submitted
21-02-2024 18:15
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://file.io/fgXDCar918Wx
Resource
win10v2004-20240221-en
Behavioral task
behavioral2
Sample
https://file.io/fgXDCar918Wx
Resource
win11-20240221-en
General
-
Target
https://file.io/fgXDCar918Wx
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 1816 msedge.exe 1816 msedge.exe 1184 msedge.exe 1184 msedge.exe 3340 msedge.exe 3340 msedge.exe 3108 identity_helper.exe 3108 identity_helper.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe 2808 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs
Processes:
msedge.exepid Process 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid Process 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
Processes:
msedge.exepid Process 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe 1184 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 1184 wrote to memory of 884 1184 msedge.exe 38 PID 1184 wrote to memory of 884 1184 msedge.exe 38 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 3960 1184 msedge.exe 81 PID 1184 wrote to memory of 1816 1184 msedge.exe 79 PID 1184 wrote to memory of 1816 1184 msedge.exe 79 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80 PID 1184 wrote to memory of 872 1184 msedge.exe 80
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://file.io/fgXDCar918Wx1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x10c,0x110,0x114,0xdc,0x118,0x7ffb48523cb8,0x7ffb48523cc8,0x7ffb48523cd82⤵PID:884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:82⤵PID:872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:22⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:2080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:1648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:3840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:2428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵PID:2920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5760 /prefetch:82⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵PID:2984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:2236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:12⤵PID:2940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6172 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:3168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:12⤵PID:680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3680 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:2584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵PID:1956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8276 /prefetch:12⤵PID:3536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7996 /prefetch:12⤵PID:4804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:12⤵PID:1900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7716 /prefetch:12⤵PID:2484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:12⤵PID:2696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:12⤵PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7296 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:1080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7024 /prefetch:12⤵PID:1820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8956 /prefetch:12⤵PID:4260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:5544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:12⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:6104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:12⤵PID:6140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,16558111507949053837,1205387864019489431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:12⤵PID:1640
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2032
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2948
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004D81⤵PID:2360
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d459a8c16562fb3f4b1d7cadaca620aa
SHA17810bf83e8c362e0c69298e8c16964ed48a90d3a
SHA256fa31bc49a2f9af06d325871104e36dd69bfe3847cd521059b62461a92912331a
SHA51235cb00c21908e1332c3439af1ec9867c81befcc4792248ee392080b455b1f5ce2b0c0c2415e344d91537469b5eb72f330b79feb7e8a86eeb6cf41ec5be5dfd2f
-
Filesize
152B
MD5656bb397c72d15efa159441f116440a6
SHA15b57747d6fdd99160af6d3e580114dbbd351921f
SHA256770ed0fcd22783f60407cdc55b5998b08e37b3e06efb3d1168ffed8768751fab
SHA5125923db1d102f99d0b29d60916b183b92e6be12cc55733998d3da36d796d6158c76e385cef320ec0e9afa242a42bfb596f7233b60b548f719f7d41cb8f404e73c
-
Filesize
224KB
MD5b66e21656d418ceb8ab7256950187aed
SHA12715141ac20347e5058f038b27f7037b85224cd2
SHA256fdb45e13ba6f1166b1de2a61265add2f465d750ca30b922a07c723aae41ceb4a
SHA5125411a869efee611ff320258dd9eb835ac85f3c155c2b83cb6b7927f196e008771a82640dbb6761a622b44ef045dc4443b7f0246bd8636f584d83be717ed765eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD59370e3361f237ae72952ef2246490fdf
SHA1f737a1586d975168daf0bfd1c301218293ba675a
SHA256af181c2d64a3f9180b6e9a7d41c711c0b453a83ed59da4502f91eb35a7dc1608
SHA512607101c851312603ccd9ca99c53b6eb79e3f70bdf0d88fc1554bcbebe815c3bdbff400c646dc06097f88940266b0032bc99c770cdf6fb4a01199306e42f4dcd1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1008B
MD5cdc325eea604229f0a54456a82f6b24b
SHA16ce24b9f956ee8c6d64b78932393c61a979b4329
SHA2563ae87c356ac20c04d1e57e2f5d7120e6839ab9329418760424e578844fd03ce0
SHA5126b50bd674c5223ed3cc28d41411a87cfc7e17ba1eaa6e8b57f3ca8af18a7de6edaa4f675d9ae415e865d2fd6aee17f3fabeacf227ab19867b6e2f6e21fdf3689
-
Filesize
5KB
MD50faafac5995c78aa7c6af639a3e9f128
SHA14ea1a39c58697b4b831cda8fb47d11536032300e
SHA256b1fb32a51921f4f55ba8adb42925f5202bc99bc0d2ade2f10fab6b42a4cd6d95
SHA512f62377c23dd392b127726696e66f5696095335849cca91e41ecafe45dde1ade438086f7df45cfd11f0a60dc807cbe68f3727ec23ca0204d141b50eb7bf1c66d4
-
Filesize
10KB
MD51595298b9a246623bd1a47bb2353f1a7
SHA11147b965139a48cb776153baee11c6b65517c77b
SHA25618221a0e4057c9ff3f11616c465c26c5bdb7f321070dc7811171911642f29761
SHA512cc6e9d47587c521fedd78f9ecdc380321e19744f6db372947066e53df492445bdbb45feabe5d17b9854bd9b99928f4cf4b91d9466e754b15482a2a02d393fff8
-
Filesize
5KB
MD59a7f4c792dfe551122b8289db226c759
SHA1cade65b5a6aa62032130cfbbddd6753615b59530
SHA25670c9a5a2c0a907ed6e606a768987cab63f2b4366f0907a1a92b8c5d825bb8275
SHA5125bb44fa96cafb9ed1fc99bd072e6afa1085cc9bf2e006fe9f1b1f98528e65ca0719c1881826a70d698367283f1aa5114b88a0310c7271f1c257f2cb87575440e
-
Filesize
14KB
MD56f890f88fddadde1e410eb27c99394fd
SHA196530557db40b627fa8df921d712fcea6316bf74
SHA2565c590fff976ace0508f73010df69ffbd715dcf44ece8a66211b3436690f63f03
SHA512c21d820f08a5a0b1e9bc116ad4ca8d7bdeac1cfe202397ebca045584b9c46517da3202310febd3a2b544be59cdc25de7e2ca21871be6b94afb81bc5e81aa1450
-
Filesize
7KB
MD5dc1f3723b5c6e970c72a6b3e5b70c007
SHA1227efb4a8819b1abcb1972b988e3c847bda5b5fb
SHA256252a5bbb7fbad4314bedc8cd56b2149421ffd156415d93b20c68ccae73a360d0
SHA5124e270cf4fc35b1ee72ad1471dc137d03abf1480c4b18a17eec02ed5eb4cefa7f89ec56ac8515669845f2f11bc9fba83d0708aabadf6b67ce0f05ae8cce71f871
-
Filesize
2KB
MD5fa141e43f854767cbc339f63dc766155
SHA1935db1494402d5433141237e5d2f3e6d47c1616b
SHA256de58dd350c9afd957b41f781358563c1d94f385b55d87f8f03927823130c467c
SHA512bc1a3bd4b8b72c801c0f4a0a9a1bc8ff422f13574c45118e5be21d5e160f8a5765a0967207b9d30f7be89a0f8ef7e595f8bc49bf0b04d3cf02974534aebb0c7a
-
Filesize
871B
MD5e5c0019f987263102120d9c3d77724f3
SHA1d8bd475d7398f97c80d6d3b735cd656cb03223dd
SHA256dd287e6b68884c0d064ed82d438ac059edae7bb17f7204ad7eb9ed808b7e78c8
SHA512bbfaf07ff723da1663e49859487964423bd5aaa11898e2931adadeb5178fd0ab3c5683dafa27ef902d7ac4b31c3be0057112f6231664829c1117ae1a58c7e9f7
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD508681c3d4d811903e723bd38be014ffa
SHA143007e047b83ef40590a34f4a73e80f312e71b3d
SHA2561bdae2235df60e3681a0786a47d60c07672f62dd0bb84d6ac5f7277181944827
SHA5124b7c7cc5009d8f124f250a951b39e5fddc7b79328bec3d8186274ee1a1f904232fb85f4975f8d74bb4d331873b4eb242642a3687c3ba6fd58bd7fecc2e2fdd12
-
Filesize
12KB
MD5d4d1e8ad458878dbbfe31fb472d1b29e
SHA15b0d93cd5f5377b8afe207a14756bc93c8e1c89a
SHA25642f302a7b632f58bfbf59b11fdfb16cc499829beb66fdcb47feb447846aea697
SHA5121862bc6116c73b24bfc19819ea7af9b632dc605fec0fb5109f44f6a6814b93210bab0c0f99680640593dcff06cf4e736181a69fa1824b9615e66ae1ddbb50689
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e