Analysis
-
max time kernel
43s -
max time network
44s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
23-05-2024 02:16
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://pfps.gg/pfp/8567-aang-7#
Resource
win10v2004-20240426-en
General
-
Target
https://pfps.gg/pfp/8567-aang-7#
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 3564 msedge.exe 3564 msedge.exe 220 msedge.exe 220 msedge.exe 5088 msedge.exe 5088 msedge.exe 5708 identity_helper.exe 5708 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe 220 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 220 wrote to memory of 216 220 msedge.exe msedge.exe PID 220 wrote to memory of 216 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 4048 220 msedge.exe msedge.exe PID 220 wrote to memory of 3564 220 msedge.exe msedge.exe PID 220 wrote to memory of 3564 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe PID 220 wrote to memory of 2036 220 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://pfps.gg/pfp/8567-aang-7#1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aba546f8,0x7ff9aba54708,0x7ff9aba547182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5604 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5668 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5852 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6876 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7476 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7852 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8256 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8636 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8868 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8936 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9228 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8768 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9064 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7076 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,7583265384368936326,17548718714074652431,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x308 0x33c1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5c9c4c494f8fba32d95ba2125f00586a3
SHA18a600205528aef7953144f1cf6f7a5115e3611de
SHA256a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b
SHA5129d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54dc6fc5e708279a3310fe55d9c44743d
SHA1a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2
SHA256a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8
SHA5125874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD50e6d6d5e6f428c026e356172161dca90
SHA1425edd92e5d3d8dcd62292d3e301ac8d19f1a585
SHA256fce0753a4a612165d82248694f1314034716a9934829fae1459c72d7c42b67bc
SHA512af7a67ed17adc157a02c3b143db83274914cf362a49c45518c7f17aa4d22ff13a354407f2c04252e7d21e475c9366559064d217372e17a45f3fc6bad422b3080
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD573661c46e0fdce584f4b8f20cc56fd67
SHA1398eb8a091569955eae0f8e3419aed2a11d713a3
SHA25682eab7e0c1b6cec1cdccc9deb0504af7e1ed20bc063ff3dc23c30676b3765c5d
SHA512d3ed782e6b9c7c5cd71f2d4ac09ebdab5326375fa2429ab816e513d56c491bf2367b423b419402276e0544128bbd8b7a993200e21a7b385b6d8d12690048ce70
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
9KB
MD5ffeabdde848843121039ebdd58f7aed4
SHA1680adaa4c067462e3dd413594ee45416bbd6a838
SHA256d9e0f622591857d95d06354cee81a20310d104f4f1cf9e9743f52fedde5ed6ef
SHA51229b8e005e3a595f92af7852220f3bc4239a149d551607be6760bba0104d42132724e24369ff73df965406a45315cc229ca5efe3cadb1d79047198ade0e7e284d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57aa2a.TMPFilesize
2KB
MD53390bc9b218a3fffdc0456f12109afe9
SHA16c626f1691ba5d098067549db5f5f0c18cdf6447
SHA25664b4a2d310afd7fd9ad8ee10af3a9de81698e9c15e65ab7ae353cd3f59a48243
SHA51276b65435e1715b4528820f1ad5f26401d553054ed3a1e54fb7eacc9f3df6d93394cba60eb5345939e6b6f0b3af068adcbad1b3e44d80d889baeff8afcb77c7a4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a0e95aa7-5394-4b85-ba6c-2099e9e1f92b.tmpFilesize
4KB
MD56444e4944fd741cfb33a9c8cfd86f563
SHA19ff774e219c6720d2569b12f853f66b5c7d88e3a
SHA2563c804a7d0a35756a625376dd1b43e13cc89f45405b466e545e983a03202d5436
SHA512c9fa82a9ab956e19e97909e8c44babab65b0224ec3c9e9935f516b59270aad1a1acbac18a1fa17e8392d90860fcb7612656e311e890942e4212298f2b882e4da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58c4016c21027f71bce441813bee3f665
SHA16ba61462962c264418946e968f805cbf4a48c35b
SHA25654ef50f0876a0390f4e0cf1d8672ad3aeb97dad5b4dfc901fbc15413bc680f87
SHA5126b964dc2e144e1aa9bbad125b10dc693d4f59d3436377256d5d48c8d04f3bc9c8eb2f714f4a15c6dad28fb3e4125e28a17efde3fba8997fbb529b50a9f242daf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD52088fdf8990b8dada3a256a6187a966a
SHA1b0418b115ee1614c1b44d94f147ab6ceb453cd72
SHA256b7d51ba3e0a946ad8f47d5e1330c562c8689153b49f35a39fa2a21cd0e2465cf
SHA512f10c305d66d4485313910837932b120a95c1c44f1ca8cc08812dbf4de54244f52d59fbe4ea951f7606122d0c2b64218bf6de3673b46417a8c7c31f10e8ffe634
-
C:\Users\Admin\Downloads\8567-aang-7-pfpsgg.pngFilesize
11KB
MD57db69c392ccb034cb4f30acce61b1b53
SHA1c41d9bb64a821f429f111825cd116f766342f6f5
SHA2566e7be5d03ae5454d853a85a0072f63d1b407f3c90ef324b18c33b46311205eec
SHA512855207b1450a32b5b09b78166ed952a4767543c96566627dc94ff60bf24464b50a61c06ddeaca86d3905ab68993759ab05ddd54f0d4e46120115cae2ca0d9623
-
\??\pipe\LOCAL\crashpad_220_KHJHRQERYUHCBSHXMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e