Analysis
-
max time kernel
296s -
max time network
299s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
03-05-2024 10:27
Static task
static1
Behavioral task
behavioral1
Sample
phish_alert_sp2_2.0.0.0 (11) 3rd may.eml
Resource
win10v2004-20240426-en
General
-
Target
email-html-1.html
-
Size
23KB
-
MD5
9abefa7e54e4b3579f30176b369564d7
-
SHA1
d898d1dd4a72424c5b8a8b37a237f0bf1580bb83
-
SHA256
627164b9cfa758a3bdb0f4efb7b8d3bfcb3f7af769c7623c08aec2b68034dba4
-
SHA512
053412c36d992de78f75505be6b67553bf7d589798cf8342bda79a0989ce402087ff9bc1981f322f92f1fec36003bc268a8188c78ee2c9b3d4d1b708bb8419f2
-
SSDEEP
384:MHrAVjfzAJimux3qE6dOlNU2yFwhh9l58VuPpmlRhnEJi5ET:MHrA6i7IEkIjyFu558VipmlRaJio
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2904 msedge.exe 2904 msedge.exe 336 msedge.exe 336 msedge.exe 2276 identity_helper.exe 2276 identity_helper.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe 1848 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe 336 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 336 wrote to memory of 3836 336 msedge.exe 82 PID 336 wrote to memory of 3836 336 msedge.exe 82 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 3488 336 msedge.exe 83 PID 336 wrote to memory of 2904 336 msedge.exe 84 PID 336 wrote to memory of 2904 336 msedge.exe 84 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85 PID 336 wrote to memory of 3452 336 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\email-html-1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:336 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a9847182⤵PID:3836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:22⤵PID:3488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:82⤵PID:3452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:12⤵PID:4324
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:3428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵PID:1564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵PID:3772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:12⤵PID:2892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵PID:2872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1888 /prefetch:12⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:2692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:12⤵PID:4532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵PID:2272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:764
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4772 /prefetch:82⤵PID:3776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7028 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,6089435721171834588,9192788289336203040,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:12⤵PID:1644
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4652
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3600
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
Filesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0bc8ce56-c44f-47ad-9de2-a5d23f506781.tmp
Filesize1KB
MD5dfe2a3be29aa50d91e211f61c0ef0059
SHA1f56d85926ac0465d28bfe9a94fd87dace928461a
SHA256a19bf9793c80c26252ebb1b5dddaf186b7371ffa58bf03966837142d9a428ea0
SHA5123976ecbcc7cf6abaaaa8319d7e6fc73eb03b1d2a4aa9c48a761b18c32abf5eca0100d03792c28edc56ad5fffe83f81cac0e625c9926fea7bed0db4f105399804
-
Filesize
79KB
MD5e51f388b62281af5b4a9193cce419941
SHA1364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA5121755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e
-
Filesize
35KB
MD55009982b60a0f93eac4c1728e5ca17e2
SHA1c0f932d333b91a4b971a52ce88bc96320745064f
SHA2562ffc0ec332938cbce14008ab246c3d918800189aece932e92bedd8adb8332fe8
SHA512401dd0a45c177130628787b92a17642783d27b1a977833af4110d81cbf2572a159a371beb473baa07ad38ac8297551aadadd2ebb80401a73acd580fdc03964aa
-
Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
Filesize
22KB
MD59196e81f8ed7f223d765423c1f9bc8a7
SHA188f9d5c2a6908cf36b8daae803578ca9e1fd2929
SHA256a4e2bcf7ef3c6c614c2142d3c1fd44caac4eafa86a1779ac31cba164e2d89cbe
SHA512e7d23866fcac017762d2e2f18597124e9147f458d30038f78ba9f3a2bcbe479fe4792573894370ce2d6f93a00401231d9f01955fde351ff982a82ba87a8241f8
-
Filesize
1KB
MD5fa57a86d87208fc496cf314fbebcd6a5
SHA112f496d18cd81099f946e2a6c917abad4011a6f2
SHA2566c85a158f35e06d19b7cefd5ea34e28d1d31ba781c3fdf690fbe714a23f96309
SHA512ecfbb8ebcc42b2c93484c677529b6eb3d70b96ec895e9576d31c525feb6fa5a1eb7fd1f058f26fc29a027156c0d6d9d0049992a4f38bc38351168d4af95bbc2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5844e7a5d5d67ae3e88e704d96889af1f
SHA1076ab9a1bcb90433586f37982cd70c1d941e5f64
SHA25699d6c201895116db74e851c53ca0e44ad96ecad4b331807f243708a4ca021729
SHA512bc4066a181872825e85bbea6621e67797c437e00ad70dd3a2e3a6ecb56ced01b0267655ff4903c323d5470bc58cfc5275cd1a2695127eb60fb8f445d9254e10a
-
Filesize
2KB
MD5545badec6317ace04d058cd0746b5f88
SHA15da9b9bf0c3a8d5ae3f963df533577f2f2ceb040
SHA2567a9aee8b4ff34f845c635560ed540d260ee3c03ca1b19aae2c9be0b736c7dd44
SHA51215abb0d0a2ef49aa0273a073db2a92a751f57b6be35024cd88070b29472a21da46e291d218340a5d67caec12595b616933bfc5ceab127a8f0750d7dd39ce530b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD5cc1af711db0b72e66a4b8a1488753a0b
SHA1687a042aad94d407647c93af4d4e100593d30215
SHA256b0c2d5422a3e801ac3e84041cdad4f259ded643cd4a87a4165fd27b55c568a0f
SHA512013c927e04634d31057a2ddea8dbe540a810aa02379193cc1eef4f2ccb333b822b36558d0f95b1d238ac3cd3d69f7c6c0c8b59d7cf1cdad710481cfae5a2ca33
-
Filesize
2KB
MD55aa440950996d667802e9afcf363ccb1
SHA11845dbc20f78a40e8aa2808e50a388aac7742351
SHA2565c014a501a1e61f91bd5dee20831140ef1fe8482fe26b6abae9a96387bf80e78
SHA5124697d94726b21f6a55950df363faec28b480493b24d106a008f5f9f10c4b8a78161e2b35b19e0a325a1033beb432e7d9bd9d557db4b9ad1e347dd5d98c9a06b4
-
Filesize
6KB
MD5c98ece8aaa381b4062d57cd8a0096981
SHA1e1f5ed71feedb02704c60c8d6d7fee2d7fa9a448
SHA256e48234e641208e04daa95b46894d63c95d2fab5ed1e546e2695877aeb333dac0
SHA5121450f81282b763503c4b78bb11230a6625008031455cd04955832d9f2bcb3bbeb3977a2b241199969240593026107eb7a49cf9de31afcdbbb53781e1dfec6187
-
Filesize
6KB
MD57edc2b05b5a6ba659a6d60b1801ae025
SHA14fe8349c6de24068a6d1a18bb5030e19a59e890e
SHA2563cea9dcbe4f7fb41bc4d54026fd48680ff95d1154d8226659a6d9288fe52097e
SHA51266a9ff0681bbf58b5743b37e3b62e7a113ec1b0254a9fb9694b44cd76ff6886051b5f79ba22a009c0353db61e26ae366c93176857bc8bc6f977681200ee0ae59
-
Filesize
7KB
MD56b24adabcbc842e53af59a955609d376
SHA1b2f1fe9414fe576b4470647fb553ca3fc9eef1aa
SHA256f051e62d62055a67f5a6ba2ac458ca095ade438c7dc329e9a0a968c8346dd651
SHA5121c0a477a23ef6fc9de04fe334a0bc45528de5c146760335307b0ab57a0e67bf511112dba6f392668768ccef1dc94ceaabbdc8aff68080c360ab8130a81c2aa27
-
Filesize
6KB
MD5fc7ed8dffaf525319e04ee17ff51e3c0
SHA1c228ef462dd8d104023c5b28b7e8acf7b610254c
SHA256b66dd2bcca400f2ef9af3b5900748375bfaf87fb5300b2ac2e601b8ca2822fa6
SHA512ec0c797cdc9db69a01c822b256cca5307e0307416d0d8c72afaa10b7e9d92241bd95042f061dda680ea3467a1a31fd3d43215b42955682c0ed351f5dcf79648c
-
Filesize
7KB
MD509c02c2b44fedb6fde903180437424b0
SHA1d157fbf7bcb2f0411f3f401c4abbe972c02f683f
SHA2561534cf86ca4f6d8401bd59bf1765ac6f83ef47b2cbb6d6c61f671bb88e815571
SHA512cea77f6777d28b29861b2fea412e0236ddb8e5ac50e8467e9985abce00d1d8a09c6c054692fff780cb27a1bb9bed0a751fef510fae28dae3df2d6d699677d3e5
-
Filesize
7KB
MD5f55e6fb92126f8c8f94e5b3372345d51
SHA1f8a8dd53091d388fd0e962818c0fc7dc733682ab
SHA256c92f3e4cd89dd7696da4e9763e7fd5a9ea9a8f30cc98f96273f5210525ab0a31
SHA5127e3672bb1e9ae2dc8b266ab0dc98a47f8d6bb3b1b01d47117aea27f6f3d5f01722eec5012a18f456af04c4373d1c704ed9b94624ab740fda5e996d8da7053870
-
Filesize
1KB
MD5bf551e9d78af9d426fd6807a0434d618
SHA15e54f1f9b188f80b510a5a7e411ac80d039ca709
SHA25687d6e029a748ae9cd86d865720abf3e69d19f62d58d60258ed187cf3e0cf7d65
SHA512201f8b92fdff16bfc0fdb621a0ff67aeebf0e5a8f20cb5bb6ee942f1299a0b6ca1309e80171e9b7f684449c54ef152c2a0c74f49cd08a478906ac365cf991a43
-
Filesize
1KB
MD5ae540529207b0b13b71f99a5654d5bd1
SHA13de89c68be0dfc7169204923749b87cac66f144e
SHA2565f58b158e65c0cf207e5401c4c3b6c7f9d3c94fe9bbe5dd6032397dc2785d57c
SHA51219c8f9dbae9fef6691de5e688d0f1b17499845f3990f1ee9416b9d8c579da21859ca8df087792edcc487272903c1c3b9138a0bf6b09fdfb7aa5f3116503841eb
-
Filesize
1KB
MD56e7f9bf6c3819eee850305a77a0f493f
SHA11901d8a067d534e5ccaa3bddffe1e782d48b94cd
SHA25690a30b34ee903a4a23fd6749d8a3c5b5285ee28fabab59ffefd489109889fa46
SHA5126a7705a8afd70ca986faa7999ac2ce3a2908d8c9a150aa97b796facab8f0fd3429d59265ce2d43b31ccbc4963271fc532ec25e8a0661d6ab95ab5a6b3519bfaa
-
Filesize
871B
MD5922253c8b5761e16721e6e43b6853b13
SHA16020d9d8a1d1e337eb3b5130eb4eafd8fd1355d5
SHA256f6b277d2c02a420b1f759bfd7a9c29aeeb18ead20619ff9b16e7a950f76ff942
SHA512ff9c842bf33e4e7fbd78fb96340fef8951b39c3f74dadd0a918f826987c8dfc05541013ff018e58abd1f6325d314c38b7031aaea82c2e2294b92b9f8805aff01
-
Filesize
1KB
MD57e20824859c483d12e5505fce610c12c
SHA107518027a9f82b03d27548e84b5ffe35c6904d30
SHA2568114a559fd9a8d5961f8130f6ad06a7c96ced502c3dc70b7f5572667d73f56b2
SHA5128e577ac61832b63bfaf0671a84a29671b79de7409f306c7ce22881346422d7753436c34297318d74dbc6a5ea9c42e47c3d414647f9eb42521123af271f675d42
-
Filesize
1KB
MD57d100d69cf16a0254669789ecee3bed3
SHA1448273363874b1248c5b1077d53be2e2fca87f2b
SHA2564111a4baced680e2592c9b75615db5e57e7f1a3e77ca16debaeb716044d53970
SHA512345667d9d07e6fadda75e72173f40995eed24b1e127389fb7c057346b74bb461820eba61eafbd22110524827854fbbf80c57da7eb7095556a38dd1f02041b3bc
-
Filesize
539B
MD5e35d03bb93d5740ebe9f91f93bdcbc07
SHA15dd5ec35a7188764ea27719fccecfa29f7991aa7
SHA256bcbed179261e5867eb473c1f4ffc885dc44d246a40b63a22c1eb4c63c6b5cd96
SHA5124742a010048203b4d20db6a289a0a8faeb994b86fa0e1e8cbf44f763b89f77c2e5f069695eaf16ad68e24d5e1e06a89592b77e9d3bd3730b0e5e0722ef57d844
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD5a531a23c0274c9295b95781826858734
SHA16bab238cf7557a5f2f834e30ea6ffbe936f901c5
SHA2565507015319744474b9f3c6ee95380f36bfec943a568a0481a821aaf3eaa5de1d
SHA512adf93547078be13d56f01f1649e2bb7272362d1ae667fcda3b03004cf109e267033dec362ebcdec95436b4242ed06e45006692020883ddb38d28b47350cd475e