Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
05/03/2024, 18:53
Behavioral task
behavioral1
Sample
Lofy Cloner & Casa Cloner.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Lofy Cloner & Casa Cloner.exe
Resource
win10v2004-20240226-en
General
-
Target
Lofy Cloner & Casa Cloner.exe
-
Size
8.3MB
-
MD5
66e6140ba9e19c29529dceb265b17b41
-
SHA1
fefdb348596c3160bac45888d56e6e940a452907
-
SHA256
bded5cf8faf4c7ff8a7582538cd325da029adcae50b14f38ed4dc6adabc5673b
-
SHA512
b0a26c3d34e1f1043e06ca759d645d10c7b1ab6f05a1d5e1788714b0d568c27f2763450f2af608cf01c7947dc7f55cc403dfa3355d51c45227f2951e4d5a6944
-
SSDEEP
196608:GJi56vBAoiL2Vmd6+DNnNgwQ+dtLZ7k30szjad0tNNlezM:GIL2Vmd6mZNjd7NszjJle
Malware Config
Signatures
-
Loads dropped DLL 21 IoCs
pid Process 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe 3660 Lofy Cloner & Casa Cloner.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 211 discord.com 212 discord.com 213 discord.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-983155329-280873152-1838004294-1000\{08D24CE4-869E-451B-856C-F80D255829E2} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 1480 msedge.exe 1480 msedge.exe 4504 msedge.exe 4504 msedge.exe 4520 identity_helper.exe 4520 identity_helper.exe 2536 msedge.exe 2536 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3660 Lofy Cloner & Casa Cloner.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe 4504 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4756 wrote to memory of 3660 4756 Lofy Cloner & Casa Cloner.exe 90 PID 4756 wrote to memory of 3660 4756 Lofy Cloner & Casa Cloner.exe 90 PID 3660 wrote to memory of 3340 3660 Lofy Cloner & Casa Cloner.exe 91 PID 3660 wrote to memory of 3340 3660 Lofy Cloner & Casa Cloner.exe 91 PID 3660 wrote to memory of 1096 3660 Lofy Cloner & Casa Cloner.exe 92 PID 3660 wrote to memory of 1096 3660 Lofy Cloner & Casa Cloner.exe 92 PID 3660 wrote to memory of 1092 3660 Lofy Cloner & Casa Cloner.exe 94 PID 3660 wrote to memory of 1092 3660 Lofy Cloner & Casa Cloner.exe 94 PID 3660 wrote to memory of 1704 3660 Lofy Cloner & Casa Cloner.exe 105 PID 3660 wrote to memory of 1704 3660 Lofy Cloner & Casa Cloner.exe 105 PID 4504 wrote to memory of 4392 4504 msedge.exe 113 PID 4504 wrote to memory of 4392 4504 msedge.exe 113 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 4992 4504 msedge.exe 114 PID 4504 wrote to memory of 1480 4504 msedge.exe 115 PID 4504 wrote to memory of 1480 4504 msedge.exe 115 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116 PID 4504 wrote to memory of 2460 4504 msedge.exe 116
Processes
-
C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4756 -
C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"C:\Users\Admin\AppData\Local\Temp\Lofy Cloner & Casa Cloner.exe"2⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Casa Cloner - Developed by Noritem#66663⤵PID:3340
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:1096
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:1092
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c cls3⤵PID:1704
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca6ce46f8,0x7ffca6ce4708,0x7ffca6ce47182⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:82⤵PID:2460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:4540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵PID:2908
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5328 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:12⤵PID:4900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:12⤵PID:3800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:5324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:12⤵PID:5880
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:5888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5052 /prefetch:82⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5908 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:12⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:12⤵PID:5452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:5680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:12⤵PID:6016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,10239162595095742130,7138987525866351601,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:12⤵PID:5892
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:704
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2956
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59f44d6f922f830d04d7463189045a5a3
SHA12e9ae7188ab8f88078e83ba7f42a11a2c421cb1c
SHA2560ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a
SHA5127c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d
-
Filesize
152B
MD57740a919423ddc469647f8fdd981324d
SHA1c1bc3f834507e4940a0b7594e34c4b83bbea7cda
SHA256bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221
SHA5127ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7
-
Filesize
4KB
MD57bcd788e7994b67b77c211aae56aa1a0
SHA125235dc1952c78a479dd63a68f496ed3001f21b3
SHA256b195664a776889aba3adfbba5d3dade5ba63df4fabceedd95692f3907c49cc6e
SHA512fc32de0be6a50834ce6ee7d5e1cf1e51a9bc503482b144c861a28a216527b5fe69fef4be1eac5d8c5393c2638fbbb2b4f0a65003f8edb50699a5cd3c96e32365
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD57b1d999a6a65d59aaaaf9735157b2a1e
SHA1518b91f045ee7a87634ceff5e11f0ec101be891d
SHA256a82cd693dadf012d2b9bd79ba20c2ea3c9fc8fbea73de2fd4c1c42c62e2cc38a
SHA512bdbfe411ebd18e9df9062a9938fda62d558924f07e4b621fc2699ec3ec495fccadeffee023e7ce9c478874c6bde207c269b83eeb246660a7aed2348322b328b5
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5306968e534a89c235118a833f1328429
SHA17ce990ee9f5327397ca06395db6ceb797be4d058
SHA2568a145a5f047187d5043bce892885e4520d405256ddc33ed07bcff88cd1f3120c
SHA512bd62c40be6d4dad5d563622db17b587ba0ee85218b4166dc32cbe5ea31ed33d83f5bbf46ade2b8b200594ae3b47718bb5261dd8f5c2a83a331699c78ae5b0762
-
Filesize
6KB
MD53d1b926c0ecafc69f8db889e4b2da562
SHA1510e0038ad6d4019b128810a0315fd3a8ecd1aad
SHA2562ed4a79dff81089bb1579ee534179b6c6408ab35a58114ddb0c72699df22948a
SHA512760825bd8287173c458248d3863d921cdb15350ec7b8118e8b35b6bba508bd4fc2076686a941a944dacf7a3172104de714deca8bb089f56b219821c744ef25b3
-
Filesize
7KB
MD58649d7777a4fa2cc0b4e711e6e13f16e
SHA18c1a993539595e280c70cacb50590d342504af29
SHA256c21b66be775e38b0690160494581f2cf6bcf7c21d2a9d62590e70c7b6f7bb75b
SHA5125c1744b193efd70e63c29d5ac42fac93ce74b775be50ebcf536219d57a963cfa7c1f426bfd6569b76ebcce102a86ed2af24cc3f05c8bd33c72ef1e4dae9d5e8f
-
Filesize
1KB
MD574e471978cb33e85c51d1c73cdd82367
SHA151d222cfc5b063d1e1839daecbff18402473c473
SHA2564bc4d007a3c8f9b1ebfadc3363f2d29083a8e68583de3b1094267707742e3b58
SHA512b18b399b3d7bfeabce4eb8a2fc9f3d73b1a621062eee1fc172b5368a5f902c685cbcd4697a7a7b41fca786ca1f74a7ee22d3442dc14098a5b820bfb2ac9bd214
-
Filesize
2KB
MD50efdac7e61e250c488288387506ca1d2
SHA14d51e0c83b396f3e510ff97d3236c042714a5194
SHA256782ca12b35d63083f2e8a72d06dc4e05e7a61ac83e3512cb6df8d72c7e294ec9
SHA512c78161a1d86217bf884da55bf348eec29f5ef0c4ddd30a43b9cbfeada1adf4d20fbb2bf35dbcf59a9fa0c9981ab457bc325d6c011c87b27e62867bbbe807653f
-
Filesize
2KB
MD574ea4cb0f7cca24ab9c9b0af019b28c2
SHA1776b4883dc6d2af8fb310e16779953dc2f9d1124
SHA2567bdfe2cf7869fc96f828359e49b08032224ca0f7655859a13170815e1df0e32c
SHA5124933b188a5b12bf6c55382a49af31ee422a1dcde883f9fbf602c2aaad867c61bca0594081356f9b96b197a28c73361bd8ef0e8ec601b70dcc059dcc76578ab1c
-
Filesize
1KB
MD50108c49a976d2da73f70a6863dcccfca
SHA1422beaa7f581ad95506f126fef4d08b450c4d8ed
SHA256fce1271f32337c748ad3e7646449b0c38d39fd08d258b8903897ece87308eabc
SHA51206b1f2f55d7d8b4dfb7146c4cc1b9c918234d122815971ca7f6ad0fd7a195dc2e69fc4dc48d443d05d9f89d8b7ecec366d3145754cf6537102fd62bed8c049f3
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD53dac1c1f772ce0ef6b4d7c4d8849a470
SHA1d0226c4ec7566ea5da49955ff3fcb2acd17283d6
SHA25656179161aa1d893fb3cfcb4f5233db75e8bea37bb9078bd60861495e1d4c60ba
SHA512ceb0cf405ecfd0463b104140115787c47cc1ac29623e208e60f8c0b2c99f6cb915ca253b94f93b9bb370e3d356612772fa3328d4c8121f0b220f806c8506aa7e
-
Filesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
Filesize
59KB
MD5483bfc095eb82f33f46aefbb21d97012
SHA1def348a201c9d1434514ca9f5fc7385ca0bd2184
SHA2565e25e2823ed0571cfdbae0b1d1347ae035293f2b0ac454fb8b0388f3600fd4b6
SHA512fe38b3585fbfaf7465b31fbc124420cfbd1b719ea72a9ae9f24103d056c8fa9ae21c2a7dd3073810222405457beff89bbb688daeced3219351a30992a6721705
-
Filesize
77KB
MD5a1fbcfbd82de566a6c99d1a7ab2d8a69
SHA13e8ba4c925c07f17c7dffab8fbb7b8b8863cad76
SHA2560897e209676f5835f62e5985d7793c884fd91b0cfdfaff893fc05176f2f82095
SHA51255679427c041b2311cff4e97672102962f9d831e84f06f05600ecdc3826f6be5046aa541955f57f06e82ee72a4ee36f086da1f664f493fbe4cc0806e925afa04
-
Filesize
116KB
MD592276f41ff9c856f4dbfa6508614e96c
SHA15bc8c3555e3407a3c78385ff2657de3dec55988e
SHA2569ab1f8cbb50db3d9a00f74447a2275a89ec52d1139fc0a93010e59c412c2c850
SHA5129df63ef04ea890dd0d38a26ac64a92392cf0a8d0ad77929727238e9e456450518404c1b6bb40844522fca27761c4e864550aacb96e825c4e4b367a59892a09e7
-
Filesize
59KB
MD5ad6e31dba413be7e082fab3dbafb3ecc
SHA1f26886c841d1c61fb0da14e20e57e7202eefbacc
SHA2562e30544d07f1c55d741b03992ea57d1aa519edaaa121e889f301a5b8b6557fe4
SHA5126401664e5c942d98c6fa955cc2424dfa0c973bd0ac1e515f7640c975bba366af1b3e403ea50e753f837dcd82a04af2ce043e22b15fa9976af7cbb30b3ac80452
-
Filesize
150KB
MD5a6bee109071bbcf24e4d82498d376f82
SHA11babacdfaa60e39e21602908047219d111ed8657
SHA256ce72d59a0e96077c9ea3f1fd7b011287248dc8d80fd3c16916a1d9040a9a941f
SHA5128cb2dafd19f212e71fa32cb74dad303af68eaa77a63ccf6d3a6ae82e09ac988f71fe82f8f2858a9c616b06dc42023203fa9f7511fac32023be0bc8392272c336
-
Filesize
44KB
MD5bf3e86152b52d3f0e73d0767cde63f9f
SHA13863c480a2d9a24288d63f83fa2586664ec813a2
SHA25620c94846417ee3ca43daa5fae61595ad7e52645657fda5effe64800fe335ff0d
SHA5128643f94ece38246769ff9ba87a249b8afde137cf193ff4d452937197ce576816c1ce044c4ad2951bc5535cc3acf1b27e9f2be043b8175c5a2ca2190b05dc0235
-
Filesize
26KB
MD58dd33fe76645636520c5d976b8a2b6fc
SHA112988ddd52cbb0ce0f3b96ce19a1827b237ed5f7
SHA2568e7e758150ea066299a956f268c3eb04bc800e9f3395402cd407c486844a9595
SHA512e7b4b5662ebd8efb2e4b6f47eb2021afacd52b100db2df66331ca79a4fb2149cac621d5f18ab8ab9cfadbd677274db798ebad9b1d3e46e29f4c92828fd88c187
-
Filesize
73KB
MD5c5378bac8c03d7ef46305ee8394560f5
SHA12aa7bc90c0ec4d21113b8aa6709569d59fadd329
SHA256130de3506471878031aecc4c9d38355a4719edd3786f27262a724efc287a47b9
SHA5121ecb88c62a9daad93ec85f137440e782dcc40d7f1598b5809ab41bf86a5c97224e2361c0e738c1387c6376f2f24d284583fd001c4e1324d72d6989d0b84bf856
-
Filesize
152KB
MD59d810454bc451ff440ec95de36088909
SHA18c890b934a2d84c548a09461ca1e783810f075be
SHA2565a4c78adedf0bcb5fc422faac619b4c7b57e3d7ba4f2d47a98c1fb81a503b6b7
SHA5120800666f848faec976366dbfd2c65e7b7e1d8375d5d9e7d019bf364a1f480216c271c3bcf994dbab19290d336cf691cd8235e636f3dbc4d2a77f4760871c19ed
-
Filesize
20KB
MD56cfc03bc247a7b8c3c38f1841319f348
SHA1c28cf20c3e1839cff5dce35a9ffd20aa4ac2a2cf
SHA256b7fd172339478adaa5f4060eb760f905a2af55ce7e017b57de61ee09dcb09750
SHA512bd123566a104568e2ec407b35446cb07c660035a77a1e11a8d8d90518c1a83b6815bf694676fa003b074126dcd0594457195f835df7bc828df1195db6584d23b
-
Filesize
812KB
MD59425444153fe49d734503889ce8d1e20
SHA17676bc66117f1a65161c4f3da7cfb949e16ee812
SHA256da56060a8dc19c3c3b148efda5123de9ab7ef2bb568c1ca0ac1238d000ff5d09
SHA512ab890f7490acfa62be23989923ef430a0a26ad86bc65abcde0d2e4599ca659ab9933a87f99ead894025af202aeca89350f09099414f06e4570e3cef8aa1cef94
-
Filesize
3.3MB
MD5ab01c808bed8164133e5279595437d3d
SHA10f512756a8db22576ec2e20cf0cafec7786fb12b
SHA2569c0a0a11629cced6a064932e95a0158ee936739d75a56338702fed97cb0bad55
SHA5124043cda02f6950abdc47413cfd8a0ba5c462f16bcd4f339f9f5a690823f4d0916478cab5cae81a3d5b03a8a196e17a716b06afee3f92dec3102e3bbc674774f2
-
Filesize
32KB
MD5eef7981412be8ea459064d3090f4b3aa
SHA1c60da4830ce27afc234b3c3014c583f7f0a5a925
SHA256f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081
SHA512dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016
-
Filesize
682KB
MD5de72697933d7673279fb85fd48d1a4dd
SHA1085fd4c6fb6d89ffcc9b2741947b74f0766fc383
SHA256ed1c8769f5096afd000fc730a37b11177fcf90890345071ab7fbceac684d571f
SHA5120fd4678c65da181d7c27b19056d5ab0e5dd0e9714e9606e524cdad9e46ec4d0b35fe22d594282309f718b30e065f6896674d3edce6b3b0c8eb637a3680715c2c
-
Filesize
45KB
MD51b59c87f0871fed4ff2be93c5d9234ab
SHA17e5c8827a5b2dec5417800ab0a2001af46ab8924
SHA256b7151a6ffa3dc7436d09b1e35343801e11f423c6b391f1177254236ec47a3ad7
SHA5126092628a4c73ca2d29b6f6a0d1ed34627795363c89b2a45bfc75951f8148a288707231575183ef73d4fb24c022883ab3ab30da61c92664295fffd8a36e9200df
-
Filesize
67KB
MD56e04a1d41b0897878583702d398bdc88
SHA133f396728c57505b0b897b547c692a9cf8959a36
SHA256be9701a1c3e48599d8c22c2c371d5493e9a97fa5063022c110842ecb886214e3
SHA512f9fc5d2c480fb7edcad9490925b75007523adecdd0400adaaab888d12f1e67abfd614a142e38a93ba3b42de2e466f1aa0f48625e76bbe3868b9c308b0bdf4d66
-
Filesize
4.2MB
MD5a1185bef38fdba5e3fe6a71f93a9d142
SHA1e2b40f5e518ad000002b239a84c153fdc35df4eb
SHA2568d0bec69554317ccf1796c505d749d5c9f3be74ccbfce1d9e4d5fe64a536ae9e
SHA512cb9baea9b483b9153efe2f453d6ac0f0846b140e465d07244f651c946900bfcd768a6b4c0c335ecebb45810bf08b7324501ea22b40cc7061b2f2bb98ed7897f4
-
Filesize
25KB
MD563ede3c60ee921074647ec0278e6aa45
SHA1a02c42d3849ad8c03ce60f2fd1797b1901441f26
SHA256cb643556c2dcdb957137b25c8a33855067e0d07547e547587c9886238253bfe5
SHA512d0babc48b0e470abdafad6205cc0824eec66dbb5bff771cee6d99a0577373a2de2ffab93e86c42c7642e49999a03546f94e7630d3c58db2cff8f26debc67fcad
-
Filesize
1.1MB
MD5d67ac58da9e60e5b7ef3745fdda74f7d
SHA1092faa0a13f99fd05c63395ee8ee9aa2bb1ca478
SHA25609e1d1e9190160959696aeddb0324667fef39f338edc28f49b5f518b92f27f5f
SHA5129d510135e4106fef0640565e73d438b4398f7aa65a36e3ea21d8241f07fec7a23e721e8696b3605147e5ce5365684e84e8145001201a19d7537e8f61b20cf32c
-
Filesize
78KB
MD57e620bd4ba53daae5df632f2774b9788
SHA128ec3b998f376b59483ad4391a0c2df2c634f308
SHA25684c696ed1b5ba6a3819d73b6f27aee93bca72286b32307fe259e23dfc1cfacec
SHA512e2d012dd9a7959c0e06340de3728d6e800b56cc0bc8d525c38dd49d9874095d2edc3ae06862d1a21e873c0da0678e8ab3bc95a57777d746f0d6d8b0c6c08c202