Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-02-2024 02:00
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://download2300.mediafire.com/0nw18boq4rqgJoXAsJzW5mLp2mFVyY_8rKUnx_uKTiqbeSpTgCYh7TJVMnDZxYkdLvzSNm9XAuv0BzgcRshm-1i1HNwDfifTFZ2M48fI0ixqmfAlN7ky-r__cRQLdJ9QMmfGpL4gX4R1U0ftJzdP2NDO8sNkM4hX1AX8hKw2tFQ/lij1ktcpy9uhez3/CheatMenu.rar
Resource
win10v2004-20240221-en
General
Malware Config
Extracted
lumma
https://technologyenterdo.shop/api
https://detectordiscusser.shop/api
https://turkeyunlikelyofw.shop/api
https://associationokeo.shop/api
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
Launcher.exeLauncher.exepid process 1204 Launcher.exe 1464 Launcher.exe -
Suspicious use of SetThreadContext 2 IoCs
Processes:
Launcher.exeLauncher.exedescription pid process target process PID 1204 set thread context of 4112 1204 Launcher.exe RegAsm.exe PID 1464 set thread context of 2860 1464 Launcher.exe RegAsm.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1414748551-1520717498-2956787782-1000_Classes\Local Settings msedge.exe -
Opens file in notepad (likely ransom note) 1 IoCs
Processes:
NOTEPAD.EXEpid process 5044 NOTEPAD.EXE -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 3784 msedge.exe 3784 msedge.exe 3068 msedge.exe 3068 msedge.exe 2268 identity_helper.exe 2268 identity_helper.exe 1020 msedge.exe 1020 msedge.exe 5736 msedge.exe 5736 msedge.exe 5736 msedge.exe 5736 msedge.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
7zFM.exepid process 2864 7zFM.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
Processes:
msedge.exepid process 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
Processes:
7zFM.exedescription pid process Token: SeRestorePrivilege 2864 7zFM.exe Token: 35 2864 7zFM.exe Token: SeSecurityPrivilege 2864 7zFM.exe -
Suspicious use of FindShellTrayWindow 53 IoCs
Processes:
msedge.exe7zFM.exepid process 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 2864 7zFM.exe 2864 7zFM.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe 3068 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3068 wrote to memory of 4272 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 4272 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2264 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 3784 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 3784 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe PID 3068 wrote to memory of 2848 3068 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download2300.mediafire.com/0nw18boq4rqgJoXAsJzW5mLp2mFVyY_8rKUnx_uKTiqbeSpTgCYh7TJVMnDZxYkdLvzSNm9XAuv0BzgcRshm-1i1HNwDfifTFZ2M48fI0ixqmfAlN7ky-r__cRQLdJ9QMmfGpL4gX4R1U0ftJzdP2NDO8sNkM4hX1AX8hKw2tFQ/lij1ktcpy9uhez3/CheatMenu.rar1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3068 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff98ebb46f8,0x7ff98ebb4708,0x7ff98ebb47182⤵PID:4272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:22⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:82⤵PID:2848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵PID:1600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵PID:4856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3468 /prefetch:82⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1020
-
-
C:\Program Files\7-Zip\7zFM.exe"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\CheatMenu.rar"2⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,11756451874732166654,7293016339171244241,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3740 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5736
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1944
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4548
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3132
-
C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1204 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:4112
-
-
C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"C:\Users\Admin\Desktop\CheatMenu\Launcher.exe"1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
PID:1464 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"2⤵PID:2860
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\CheatMenu\manual\Manual.txt1⤵
- Opens file in notepad (likely ransom note)
PID:5044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault29aa3f06hf2d7h4dbeh9782h6e1584093c781⤵PID:3384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff98ebb46f8,0x7ff98ebb4708,0x7ff98ebb47182⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,14400262699752227296,3850594056670847425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:22⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,14400262699752227296,3850594056670847425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵PID:5380
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
Filesize
152B
MD51f6d41bf10dc1ec1ca4e14d350bbc0b1
SHA17a62b23dc3c19e16930b5108d209c4ec937d7dfb
SHA25635947f71e9cd4bda79e78d028d025dff5fe99c07ea9c767e487ca45d33a5c770
SHA512046d6c2193a89f4b1b7f932730a0fc72e9fc95fbdb5514435a3e2a73415a105e4f6fa7d536ae6b24638a6aa97beb5c8777e03f597bb4bc928fa8b364b7192a13
-
Filesize
152B
MD505fcaf23077596c738b88e0ca049ecf2
SHA14777f932ed60ff5a054ac709c3c65795e0db3e67
SHA2562096b116004202b14bcc71dc3c8ba2b242a63cc4be476f80f75099134edbb918
SHA512d1bb07e1f833c4becf9960d4c32d0b3219389a0e9d4755f3a3187c6a72271c41704a04accdaf17924f916fbce9647ba970ebcd5a9d8e964d9c68fc421a477152
-
Filesize
152B
MD54254f7a8438af12de575e00b22651d6c
SHA1a3c7bde09221129451a7bb42c1707f64b178e573
SHA2567f55f63c6b77511999eee973415c1f313f81bc0533a36b041820dd4e84f9879b
SHA512e6a3244139cd6e09cef7dab531bff674847c7ca77218bd1f971aa9bf733a253ac311571b8d6a3fe13e13da4f506fec413f3b345a3429e09d7ceb821a7017ec70
-
Filesize
6KB
MD5ee7f4643d7a1f69cc21426e2315a3788
SHA1830da0287b34888a3a9d9c7b0a0451b7ac78c87f
SHA25645d7ed5b73cc26b63023036de704f9aeadc77f5ebc1cec7f700b3529eefc853e
SHA51242a9a3fbd62b5906231bd1c35507af411c92ef60b001363ded4ee3c8863ea447e0a4d5da5a6f271c2296ee116e79498e2364f2ebc74e0891cf99c4da450a0d51
-
Filesize
6KB
MD5e46607001c3879604d9489882a6dac76
SHA1fd7f8dc837e4679ac75aa7526313d18f4ca71e0f
SHA256ef1cfd344d6d4988fdb198507b8a345c594295bdc5114cf3a10b5300b99fb743
SHA5127564e6216f74606da63b3a5640b555f2da0118ee34cd662f86be469bfd2161e574126dc97e18a7c69a6cbb8bf4d59a3959b5bb3810551ada1aa51eda74f9466b
-
Filesize
6KB
MD5e8cd371c82f5a7bab9f8b47f0e051947
SHA13f8e542c84f25f4de80ed238a6175d4a350ff4e1
SHA256a0b8823d2be5ea136c98621758c0c971174a9adce717b9a7cedc5d120af9366e
SHA512e56e452230c1aa0ec11ffba9b7b35f4edb7777e24ad3680fc4f24b8c1a195c1910c0ea74c5592aa14f0d4720572baaac8fe9a7cb6833bf6f02e146d4dd713ca5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5b3a2f50524375a2ed5a0ab420c22e60c
SHA16509ef4ca22f5e2c5d09ea09a965983619309269
SHA256dcf6ae701c6cd39af2333e8a542d5af3203ea648948655842fba3a3d0147a7fb
SHA5120c0c69a6f52461bd45b6b0ed0f7acb7b2fb03ee3bcca2490d56a94eca1b8eddf7726b276172a008f5fcae3d52da02163a28d370e08d1761b718276ec9c2c7ec2
-
Filesize
11KB
MD5ae4fd28f5a7d8dab49691e0da1c946df
SHA1adb59dd620b0cf88d66258e4990ba6780051c4ce
SHA25660cb6a3bc5efa1a8ac8830ca94467892a34330acd81e951889b07e0aa5762da4
SHA512c8790aec7bb8fd51614928d183dffe4654890603d93a9775397a39f86d23c9268f495ba9280849a07a60906ab20f03abe7af4a0eeb6257614d203c8cd0bddecc
-
Filesize
12KB
MD5699befbeb8df1894574f99ebaaca2b1a
SHA1bd9f2cc4287c3f38e1806deb419dd74e474e0c15
SHA256a9839344de7a5686acdcd0a67565cff1c56ad083367325d58ffdb4e6d1110e75
SHA512ccf19e4794ee75741f157e75563b7ae82f49bfbb9fddd487e22fb61e64bc12e9de0ec4dfaf6f7bf44075179264b16d53e3dbc0394b9937093af0ce003b96be11
-
Filesize
11KB
MD5d37ba05938c258dfb5ca25e76b17c649
SHA1d0cb8e05c5b5d54d288f8754872b4fdefd82cd0a
SHA2565e58a4fc28bad5b3d870406f91ad8da6b2bc036994a18f096aa36ab16e3ad607
SHA5122fe239bd58aa0d8870d26381e8ef15d65d14ec3e847c0b2807da6b0ab28fa60e30474a19e968fec24774704b0d2c236d8e11669ffc7a1dff10e13343729930da
-
Filesize
314KB
MD59d6ad238f0d3dc1873722d2cc0d61df3
SHA19401a18d3e419cae7201971740f96e58b6fc062e
SHA25658ae6cf58fe8ceceb74e88134682706e6eb9f2912b5cae02dedd86b5b979314d
SHA5126abdb7f2b50623ed75764b095fe364cb6558fb41bd072cc2c0e1d057e3f59d6fea380742818f01e2f77444c420f085d3ab4b3fdc3857b2febffd28fda910706e
-
Filesize
296B
MD58f86cd0535008c5dc6ad253798ff1d57
SHA1d257dd0abd1b3c3af84c47760766bb7e0e73b1e9
SHA256ce8d11c2c3359a92f740909d30e6e8b89f734ba4be98a8f14c8575b3f67153d5
SHA512bbb1080a8f0dbaa3ab3e2cc856499cb673c5b119529643cf338dfab0b2d3e4ab68d9443885137a08041b5097d7c017e900c403df9f3e901a9cb0d9982929cb79
-
Filesize
5.8MB
MD5005493eb4f0a3cc4f60f40a439a2bc88
SHA195215978b89153ebd36551e1efdf92b9f44fc3ee
SHA25659a1d975139553085bbf053015398692030428e58e58962f470edc96a5485fa1
SHA512479ce68de5e749ca28f0198faac9c358f4f068ec4d0b04c695bf71a4e137e1fcae1aaeab52ba21b101a262731fca783e07ef8126834225cc2402955841457f90
-
Filesize
13.4MB
MD5888f255f1f5e42df16de5de0c3638e61
SHA13e83a47ea5b7d99730ac40872a7ab01f384c0b6f
SHA25660f151bcbbbd53d59255d1b221d9e2ef2f08f53fa147fc8cf601364f367e5693
SHA512e25333a36729d40ccdca511d91aa8b2100b075f16ed1bc9e3d3a381be247256269294e4026978f9aa438036326c0081d536241e1dae5f660913259498a90099a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e