Analysis
-
max time kernel
298s -
max time network
299s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
20/05/2024, 14:18
General
-
Target
https://uilever.com
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 45 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://uilever.com1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffcb7ba46f8,0x7ffcb7ba4708,0x7ffcb7ba47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6776 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2120 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,17337716519121744103,10229479945895794182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f8 0x4dc1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54b4f91fa1b362ba5341ecb2836438dea
SHA19561f5aabed742404d455da735259a2c6781fa07
SHA256d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c
SHA512fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac
-
Filesize
152B
MD5eaa3db555ab5bc0cb364826204aad3f0
SHA1a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca
SHA256ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b
SHA512e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4
-
Filesize
72KB
MD59383564d5ad795701daac68a7695a377
SHA149b3b9b155603fdd34f58cbe6966ef48aa18e8f9
SHA25661aabc2f7d38604f12e5d91559cee9e9cbf2122418a45464fd9d16982d20dca6
SHA512b091ef72a348601b4b4d18b7f05da3f79883e25b870f83b9d2dd10388cb493ccc05a46cc270b5d5ef24858dbe499909636fc94a2c44ccef97b0ee714268e247a
-
Filesize
72KB
MD5b903776d3e37caa358d2e7339350f6b6
SHA1f6b46a10d90ae20806ec326b1adf65f2247fae8f
SHA2561a08716af0d948bc412cc7d160abcbc47500c473132db28553fe5fed7b506838
SHA5126a7c5633d72561ba5ac37e5948c3b3136503688fe6e7db45c3b718e88b04c8bff369a0cfd309bafebdf30dedc53e133a6b663c92937222e15b1da69b7a2565c8
-
Filesize
32KB
MD5f48baec69cc4dc0852d118259eff2d56
SHA1e64c6e4423421da5b35700154810cb67160bc32b
SHA256463d99ca5448f815a05b2d946ddae9eed3e21c335c0f4cfe7a16944e3512f76c
SHA51206fdccb5d9536ab7c68355dbf49ac02ebccad5a4ea01cb62200fd67728a6d05c276403e588a5bdceacf5e671913fc65b63e8b92456ca5493dae5b5a70e4a8b37
-
Filesize
282B
MD56926e34035fc73af96972cb2e7d41399
SHA1e83df4ebbc249254db2f2b559e78d4118c43b281
SHA256f64f64fbc6ece6bc522cafb67225382b038404c960ed7e5426622ace40268309
SHA51240201d4840936a81ec240e0cd5e2580dfc13408b5bef39547528eaed06e2ff0e711472a45373c21dcce4772fe458d025409c4483b7f465d980952113c1ef0472
-
Filesize
168KB
MD5a37933fb6e336fb39f3fa1c3d40d3b4b
SHA1aaf24e8ef9032bc40c6c3f3f5c5593499cf7311f
SHA2561f6bfc9146e7a03b58fb3bf9690dad24f62ea01e3dce7f0d6ab927b975e7569b
SHA51223a6abfec1c4b96fdae586d42a4bebc757485e0f376fa51d3b0a0ffea3f9f10b7062d22906a71c06586f67aa1786c3512ebf51ffe3c2cee92bb67bf55f8f5ed0
-
Filesize
120B
MD50637f21e2cd47eaf4ea64b00ee190b6a
SHA194464d3cd646a7c810933ef0eee242ef449a36fd
SHA256dd5e71a7c127dae5a79a8f38cc1895b1e7ceea6925ef4903726b6df9edab176f
SHA512190ed6dfb093a983bb052e0bd7cf452a0da36dc2f46de6c50639ce1a5bd5c44b0f1847330fed5bbe77f25afb8eb015de14ff4c77865b07e8b9a9822b68053eb4
-
Filesize
264B
MD5a126ce6184e682c550ef0a2f71583116
SHA1113e88731a79da6b5992d3a23c189a564c75f49a
SHA25620cc4d2a71ea5aef43c77c804f03f6dbd5b3351d5343429df96d062b262a87f0
SHA5127e5bfdc8f01c2f390453cfe2044a74b8f4e5f30ade959b2bd289a4dfccd05f21fe6a766eac7036356fb45fa5753c008af5487ee06d0984bcca7db1158d2dab8a
-
Filesize
576B
MD5844b5713609c5635834c913daeca1e6e
SHA15194f7a5c8155d292f13931a3e3d09ed9edd1d94
SHA2567d021c63b2d6ef02622e838f4c55d1671f888c9073bd633c5c82b6ca21b75170
SHA51292cde66c6e449bdaeaf6d17953e6f0847b5ac36d875f861d5afed7f34c3e4d582c7aecc8b90fb266222a26e18a8065379565636bf46c35c856674136bf128628
-
Filesize
1KB
MD52a65da7543da1e62f31d641294ef9783
SHA1889cc1d4af073f6309d8bc660452edd941db13af
SHA2564c4f39b3e2c4ec82c576acb85dc7a06f424de63a166a211155958004392f9c07
SHA512480e78d93c941b1edc7e24cfd47c233726b99eb30daeb183e7aa11b02537979820ed08984d5c8461ec685200a982204b334c87dfd737866041fe37aeba430df8
-
Filesize
1KB
MD508aec48b4bc0adbbac06d2c66c0dceb1
SHA1aa553bd8f923841e110c825c5f9b535e8e58784a
SHA2566bb297b85efedfee242d63a7c9b0884fbc4bea3f4d0c43d1c7baf305967d03f5
SHA512c807058dfd188dc0008a309017bd8170de36c50ca2bf1d0764fe8f6245b5ec3abf0643bfa10481e47d9ac8360c7dd1995b5499f441efd11ce7971f4d5bd24f39
-
Filesize
3KB
MD5e7e3d638e5967a721df987579b832465
SHA13225183c018c2688e9098e6fc9f1f0e3c8706686
SHA256c4ff18e8f906275f71d71971ef04067ed214a69977dca4651f804ab53bda799e
SHA5124ec23fb8483aca3a4ee3d4681d1db5eea3e22437a6a4430e225d9f188422856d4d6ab8e7fea5a261fb1ec6d7b2dda2ca7b88a1ee2336958c4449375bdfde3162
-
Filesize
8KB
MD56865a799154311ddc1e381c07ac88cdd
SHA1d09cccd70ae803c4103e7e6fc7b2070dd938e6b7
SHA256dabb9819fc502f0afda1e93415709b04d31100a4fc7d51b6138d0e3b97cb245b
SHA51244f9b6d0c6b74be94d556c2808d7256f0bc560b2076223dad69b4e6322ed83754603f7109b1f16aea7952837a27f53d71ebc804fe20372bdc0c6e8f3c2112ef6
-
Filesize
5KB
MD505f130e54f44446d7d7cf8f942aa58ae
SHA13c3c1d2efb89b934ac5361adec156740d734165a
SHA256765b38412cc1b170836ea3ad1a37b566764f7b5a4365988d6a14be35a5204506
SHA512db195401a7ee52cd23a3c350488f3297bb8694f317b8d206b9edf52f6fd78394f6160655bedc2b770b21e73836f99ee92f717e5e9d46c2cbee28e1b469aff69c
-
Filesize
9KB
MD51a9418020af5178e98e3d41635ae28c0
SHA19133b3a7da12642df217848ecdcf2184e21fbccb
SHA256a99ae25bcc1143c618f52a769795a623999c0c67712b28b2d6740c1e40a75114
SHA512fe9851fd10f4343a82da6c9e87efd084de45695a213407d2b92bca8c57d9504f1eff3340acc0db7dba470aff8c0403ee9a45b39baa5849929632e17e4d165baa
-
Filesize
9KB
MD5339a9291e87f1886b6d90f1891d9abda
SHA193f05826da35b5eb2ad875ac1af1ca6bf2ff3823
SHA25667c0a400dc3e50668427d63d5cb4b123c8e62cf5a02676348a380963ee446889
SHA5120ca417f9509797c1bb279e363eaf888410e7f0789bb689e3c1413a7d04790ca36cbc6c76e27226960607c4887d5211b3980f9127a29368f1f70e2d0f5865ecfe
-
Filesize
9KB
MD576ab73534fb013f7d9d2c87fe7fc831b
SHA1c0fa88ed9d08fe72debdd270666dba95aaa6f35b
SHA256ec338c77ec969dd0f1c0528d9c641595493450e7d66bd8622d991cfff1890a41
SHA5125141bde9b205e78fe10b766e455d78d79d67b247d84f4813f35e93975f580b96c0fdb270e786950956af69859503c7eb80d14ac433bacf6ae8e035359b1a0671
-
Filesize
10KB
MD5a3edf1deb0fb52eed5c67a3ea22602f0
SHA151c0a39cf63cea9a398c34159cd7458834a1ce28
SHA256bea41bcd2fecc9fc672a13f022214baffb0a43c933f46c9bf547f841273dce5d
SHA5124b86849409d90dfe2cef6b73eb4f5b5ec4065ccd38dfd9719e4f5b2743adc111a4ff107572c0f5068b813e28e66b15b095ef9c28a80c71f8c590f59340ccde10
-
Filesize
10KB
MD589af5162d0b7e3fb906ca2977ec08d60
SHA1c257508fee4549254899dfe6c1736474e89c9045
SHA2567e330bd2756a012d1a52ec377be0f7c67826aec7b57f4c676845302626341ff5
SHA5128fc4fe22d6fcb52d62f56cd5ba75a1dcfba675e1f0897a0ec26918575c4511d31c04ccf06662204432b525cc689578d37c870cdf72f23ae1bb0f142a8fc0a094
-
Filesize
1KB
MD5e83a7b415b528ce88eab10efeedf96cd
SHA18fcc4bf863c2ec76ff790e4a1074051cca474f32
SHA25692a4b396fdb4f39783407afca3841e8a97ab353bafa3b5bcbc362d1109ac7600
SHA512df967e46ab492676261ec325ae1c081de931008446c3aea625f5051609d46b6f47aef22583536a27cb29ef9f08650a2dc0d84c6e772c014800f28783aa3cddfc
-
Filesize
1KB
MD53d78a76188b98cabf56700e8940b2907
SHA11bc5dd9a3d75ccabccd4a88e4661d9bf7d130b45
SHA256848598d0f03f307fe2a2c1cf23caa37147ab2eedd986516624156f5bc7c39f48
SHA512af00d63f7521cf79094ed92a86fb3ad4aae72e965ece9169bdce8da43730434f7d95b45c37c3495f832008caed967c8e2c403de4f27b983e73bdba2ce3f14f93
-
Filesize
10KB
MD5dfb9f9a33ef7c89e5779a7ba15123155
SHA188423e89a3da5cf32418304f8eb3488be0410f60
SHA25635d105085e6cc2e6406636862fa7d3ec2fa8b0e8fb0033fa8a1345e9ac15705a
SHA512d08ce4aab91fa6432898d346f12c0ce4945b1a5339b930535c45f44b173b468a17b6135b4bece1e6f99304005dd29d6bc9366245bb4aace0d0f072079c400dc5
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD547b215740b702e5bf2130ca1a3ab63fc
SHA1bb818985bcb851efae5ce1fc15bff423d24f3e66
SHA256fe069309c3d96298ff293669c84ed7e62ee65e990476f45de79a5f4244cee9e5
SHA5121a2be3c4f360248941800eb1d312971e20900389157b9f150fc5c4a93c2ecf2ec022f33d75ab5fa9312ca3648f62a1e81121dc2752f0d5ff19f593d5f41c638e
-
Filesize
10KB
MD5df442331fb19fb2b15eceeb4485405cc
SHA18d9dfde8eadfcd48398b9b11d5ba8db8c14c683f
SHA256259baab51d5ce1654a976bcfd4d203aa9209f6dad89fda502c2b062641ba6adf
SHA5122ce24fcdfb6defaa028c4cf7bc75b1f1ece513f18508229ba43ccbc899cf89ba9a01a65846cee0dcf36f0834c00d562456512f6849bbeede9cc8e53a23d67046
-
Filesize
10KB
MD5af24376a78b94e3321024cdc94ffe4c8
SHA1318d13b8b6f90e3ab34417dfde0965bfa07a85dd
SHA256eb108115ccebfe194420444a127aa8add1cbed6456a69f7ff1d4c94f01b7af2d
SHA5121d7bdc4698c583e77d133d1bf1489627b056b1596aa730f029dcfe5509f059c1e5955bad89c085d7185630319617a6d3986552cff5c339654932e516b55c6ddd
-
Filesize
10KB
MD5622848bd3cd574f0bc7b244c67a24f08
SHA16c0e246796050c3e64d9c013b4c8565a96c9a441
SHA2562b8358ac9b5c6779d79b65d7831eeed5f652b2e33e1c981fde92ac72b14427be
SHA51294ccd085d1c991f1e4d07aaf2f01cf7d6428a64569bde5a05bfe44fdca7c7159838c4490ce831ce88f4f5fff0899eea2a6b04b591391955399bdcc3e7b39f010