Analysis
-
max time kernel
389s -
max time network
391s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
29-05-2024 08:55
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://sci-hub.ee
Resource
win10v2004-20240426-en
General
-
Target
http://sci-hub.ee
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2264 msedge.exe 2264 msedge.exe 5092 msedge.exe 5092 msedge.exe 3216 identity_helper.exe 3216 identity_helper.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe 6132 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
pid Process 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe 5092 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 5092 wrote to memory of 4720 5092 msedge.exe 82 PID 5092 wrote to memory of 4720 5092 msedge.exe 82 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 1516 5092 msedge.exe 84 PID 5092 wrote to memory of 2264 5092 msedge.exe 85 PID 5092 wrote to memory of 2264 5092 msedge.exe 85 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86 PID 5092 wrote to memory of 1620 5092 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://sci-hub.ee1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5092 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f47182⤵PID:4720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:22⤵PID:1516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:82⤵PID:1620
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵PID:3424
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5192 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:4936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:12⤵PID:4888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:12⤵PID:1148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:3420
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:12⤵PID:1456
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:12⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:5492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:12⤵PID:672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:12⤵PID:2108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:4168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1328 /prefetch:12⤵PID:748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:12⤵PID:4128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1364 /prefetch:12⤵PID:3524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:1836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:12⤵PID:5912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:12⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:4112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:12⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7308 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:12⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:12⤵PID:4136
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,3192563488365447553,4618115173347836622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:5168
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1148
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1980
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51ac52e2503cc26baee4322f02f5b8d9c
SHA138e0cee911f5f2a24888a64780ffdf6fa72207c8
SHA256f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4
SHA5127670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834
-
Filesize
152B
MD5b2a1398f937474c51a48b347387ee36a
SHA1922a8567f09e68a04233e84e5919043034635949
SHA2562dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6
SHA5124a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c
-
Filesize
50KB
MD51a7a156a196e16f4f680e0815e3db505
SHA1d516a05c8e374b962aae9f1c6484eb12d88226b8
SHA25646dcb8cb7d4d80220baa300c65817e9a4a324c15ddb1e3955d222175eb6cf8c9
SHA512c00ad12a47717ecb6d7ac746f5e681bed7bc084419216290a8aa7ff4cc502c3bf9378794e1b5882df361410c0e5c2519ba5ea6ae98859dc72d6590ce14535097
-
Filesize
17KB
MD5e316e72bd7572e0e0112858ef0e2ddfc
SHA1ede4b33246741c317279591bf843630a3c1da923
SHA256c065fb78b0e08dfcca754d46f64414bff72a17836b5da8f717e48423fd4e5952
SHA512bd85b8e5bcaf8a346e615cd3b741fe9fc4992fd91312b2a2398fe63c637273035534280fc39ada7ded23a809f2d9ed5dcdd113a8d6bb6148f79395ce667abb20
-
Filesize
99KB
MD591085682855a0cdcb4f7fb758889e72d
SHA1fc05f5ed555e251b475859f1833432fba23d72e7
SHA256d8633da9b09816e32e60ed7c93f53a8b4dc528f89bc55423de94bf118c9b8f15
SHA5121ef50ea8822e4f9e17ee01040988302b6322ac6c5f2d3a9d122322a421372a2a91eed4187430f11de098c14a2b0a6e654ebb89fb0a50229c582d571c77f74b9a
-
Filesize
21KB
MD57a9c3e5bb3208d863069b38c71920112
SHA10fe5e236fdaecf7e7482cbb7bbbe54e812366d81
SHA2568dd6c570e8d8c98ebe983228777f11a9f0e195c2d2f8298c034766ccd2d3087c
SHA5123410ae393288480ca57e6520b9a3af6892bdb46af68fcfad04595fbc51ec9b6e3991079a622f040365d2f8520a3280f81ecdf629b7465a53dc1c64b7f56fce8c
-
Filesize
184KB
MD5b44c8912d1c43fe5eed8b0536cca79f9
SHA17d3961edd5ebfcaae667c632e6abb72636a3063a
SHA2568a50dba2bfbbfe01d25c025c5ee5acb8ce80af1707fb3b50ce82ff434be6b98f
SHA51262cb1b0866b1a2b054dbdc6a603bdae37984f125861fa1658579e3ac9e91dec98a3329aa53608f306440c3a2877828566f95f3b08dfd3407051b0b16efdd7237
-
Filesize
54KB
MD56c27f2ff737c54acafe739b29f2019a1
SHA11bd7b0bf0f76ba0c34d059a0a93f7714bc69b57b
SHA25614e6508482a47b942549d487294e164dbe8684e79a6a00410dfb966acffa9570
SHA512d226e531d259426cc6d7e3afdd2aa8b6c6cf9b37c0758e4ef84d62758b7f794273ebafabecae19a3b73d16a07b1ad108c92d5d9e1aac93c6d9b1352e4890e807
-
Filesize
58KB
MD5c19895716fdaf0c0704116d6b97a2b61
SHA19e6cc234e33cf708e7e5bfcc661d9ff85dd9367a
SHA256c976023edd17ce89501bb6a4cd50277b50fc4ef4045d61b52854da88d36cb202
SHA512f8d174066c1f91774906dca60470670dcd654d2d4bb473180fb0bea4123b66fcb76de24d0fcd66264436222028a3e8ab6085d9525468ef0de81af9762bd9f6e5
-
Filesize
19KB
MD5d546a874d6488dc7b2abd0843b4d02b2
SHA1abc38412c078bb9ab9ff9757aeefa67a19ff2501
SHA256c243c2a98c75631185c8d04ecfffc2765b0d3e3516c3ee7e2cd8d2b67660cf5e
SHA51213c7bde4df056340a345dbf1473a01308fd2786be7a384411814afa8f005d34d2ea979a24cb2d7821b5bd928841ffc3c00944500a55c2f0934155ba786ae9c0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize168B
MD562d783945d2ceb1bbc9b81d88097fe37
SHA1b2b702423865a326820de3dec1f948d887111dd8
SHA25676f25d2c36c42143728a249e848c7956597b408eaa7d378f97137d89ea21a23d
SHA512404707068e200b213040260d861f8c9a16946619317fddf311b6a47a76c29a17506875306088d8768e10174c5e622fefb48a5fa0c1402e5a448e278756d7cf9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD53facd247171b228ecd8e48420511832b
SHA1a024021f9953b2422469393fef242400ad355df6
SHA256fc0c8c888aeb5e8cdab3a83ef42c3f626765f9bd40ebb89e25ee46f3f7bc968e
SHA512391398564d43eb3e49e8bfa58aba3585065e4efdf3a29a6f929b1884457eedf43191db4c999e8204aa092d05f6e669df302badd0cdf5b3ae3ebfd35439d9fecf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize792B
MD5a7ec59131bbf5cd71c8711ee1487bf18
SHA1d268a102bb5a100a7d1f8266f8eee4af86ffe3b2
SHA25671417871c5d46c44fd546248044d3a8c5e0736887e4415445f9123b4fb587d5c
SHA512b5696267cb4b40715be6dc576518a5596502843509adaedb14152025d249c6a8eb17dbbe5192c0115f7e1868594faa7d98015eee3fa9e5971a8b3b6b402272ef
-
Filesize
991B
MD5b94ef33952a699ae4edb68434a567479
SHA1026f59147a7285757ed7ec54fcd34855b9cbfe3d
SHA2565cda329eddf7d830f06c8bc6a32e20022d1d0cb987dc05a9238d799c56f42a38
SHA51298d497ae666833d1aa48627b99bda8cd21840414cbffc9a30082fa3ec83401f71dc92dfeab6aae4cd0154891e00e7ef576ed4a7c6a4025e6ec444240e46b9c58
-
Filesize
960B
MD51e4957e8e999ffdd21c08c4d0199b3a2
SHA1857d8bc9f9bb7ef956226a1d94371769ee624a6f
SHA256b9327e2e4b10d3aeaf03543ffcb6b5ed108631a10243d804f9d88f137b72cc31
SHA512299519990e323ebca133294a136010226875b8444ac084a44c9f60cda4a1b54d3eb01b62dc7962ebaf13f7f096d654b44cb43fd7cef499a2c8b2dd6daf7a7165
-
Filesize
3KB
MD53586c23a2e4bf5dfbbc00cff52eacb21
SHA155788d0e28c800bbba88b977536c9829198f58dd
SHA256044085940da51ad12260e886cfbfad468be7c2d3c1a16412e18d678e61a0468c
SHA5122604730752ac67db978dd8e7b7b7adb10357e9bd0957b47605e8501721fa5ead91e91ac73d66c72552929a5d23643e61fb25297036b41085119b82c3fc564bff
-
Filesize
9KB
MD581d2fa7d9ec72266793dee35d0b490ca
SHA19b57488a967704315f14b4092233c6f4a93ce6ee
SHA2568c2c22eda688fcbda7c189aa99201f4f76807d6414f15adf4e2382e5bf6d0b56
SHA512b41cc2d9bb7b667df90fe9d9838dead67ad4fdc21c93b44e99dfdbdd0545c5e4711b132e0b5ae03c38ed711b0d254da351854db0418acc7caba3ef0120562b73
-
Filesize
11KB
MD5a3b87128e2df84d0f9e8f1717c1ed72f
SHA11e94596d205fcc660e0ac1fd7a86bb83e8eb5e70
SHA2568adbb88024fb4dc30943f9d453bc609daf2349038d7a0d7829c4fb7eb41a9d1a
SHA512fa43ee2997544a2ec5ff83b6edabab0943cfa4dedce3aed08eac6e36d1275937ce0b88ae35840feecd87ea9d9973c7b4d8d9ad7590a03d938af6fefd8ee8d1be
-
Filesize
5KB
MD51ff44e446ffc73f3d337a227d95c442b
SHA14cd3449cccb62915113a22c5cc5a12b677919bce
SHA25659259df3152db3a8b705267a4ff2934211f62480b079792425ff4e11e5af5148
SHA512c56e4b2ef08169d24cf38f37acf539a521ffeb22a4cedc62fec6567f82906b088c73af4ce2730982dd894765a3a40de9eaf6262c3fa52c0fa20484c1060d78cc
-
Filesize
6KB
MD5d605b70901eae3d1609a785fba7b5b09
SHA149d640a6818b63828fa9462b2147a5b51b511fbc
SHA256d401a2e841a91809e0cb86f360e36b53ca06bde494333ee560c76dc202c9d6f7
SHA5122812496af3bca9cc31c42478f952cdb2a2c4d7084ce9a4be17e1cff48cdc3e3f06fc7c9bb4d6d5635084a8ceac932ae675c4d7328cc5b42d5e70df0e17ad9022
-
Filesize
9KB
MD511cc2b4c487d13d75d79a0815965c167
SHA1868f2b5e366ee169c220caa2d5b25e30fa886890
SHA256e0f5290b3e994b9e9de7f4e8cbcaf3dd966ff8b3689f07c7fcdf4cd23290608e
SHA512824964a3c6be106562ecd18c70fc7a9d57db659f43410922bcaa4798be470a46207cce2a8940ce882a512b7e0fcf38657e46ec2e9b8e957f719aa3c790fbbea6
-
Filesize
9KB
MD548aa7db87102029c563c86e2992fe6b8
SHA1b2eeef9c7ffc9db6b87c7ed411b2fadb8d3b9e76
SHA25659fdebd4afab3a8f3fd368dbb2fbb8ab1f7192333eed728d92350c69127ae437
SHA51213dac5bf679814574ec1dba90e935ba0c3e1597d5e74761bd5d68d45ea9e1732c07eb00c2832d1e775bcf38449f81c2b29b105e687d8d8a2795d87f2e7e90c22
-
Filesize
9KB
MD5a03cf5108b32c38f3fbb4fb157d8f920
SHA17efb2445c5618a02a3358878bebb99daa85557f0
SHA25681e1dd818d15c0369237bfe52a3c7c697f483baf3801a4c9863de08e4c6ab282
SHA5123809d37df6ad06508e76b20a484245a3e4657f5f49aadc271a56eba58bf0abd3a50277613212ffbd709368a1b962d0595bcbe12f25fe931da03e6fbcbd7ae3e4
-
Filesize
9KB
MD5c9d2aba8b7b6eb20571a82aca98cecc5
SHA177dd937c0e53420fcf3a751e1d9a095eef304b31
SHA256f3f24995d029da6de22ff3aa30c388617f87a620b843f4e5ae848c782eb9e3de
SHA512d98ef7468f2de0cb6cbd399f254cf6d7b4925f54abca8bbc34d752ba01ac46b3a4579e0754cd59bee6081677dc1ce9cd0752244facbd2ff626a8287fafa6f8a4
-
Filesize
11KB
MD5e8b7c08a47e56541baf5254fb61719a5
SHA12fe94c10cd7c6e3e548299fda80ae450bf0c78ad
SHA25618068040e53c291f1e1911625698601870f6a585df7c7deb19de6fe86f41dcfa
SHA5120fb0aadad1ee22146f5f9d1fdc2be03b1398788677856ece255be01294eb0b442fa871ee086b6e8f9734428a4a33dd9a6e32a8e9956fb113d80fe49cb0e02780
-
Filesize
875B
MD5a5079cd88b7bbcabf46c8f9f45b16ba6
SHA16247db048650960d841ecb143b5b246ba4ba1ca6
SHA2564b1557b8e66e9172d3f649e70f4345aaabceb45404b858fccfbc0b4cb39ba9dd
SHA512ac402d533670871e1e07e42b92cf40db492f4ce47315db0526ee64aa5e5f87160a6e25157858bd99ed90ea147efce5e56095bc4f4db3ab62cc5828bf86856fe9
-
Filesize
539B
MD531c80f7f348e5d01b16f29e84ee20322
SHA17300e5831c9994e56662efceaace907b8b496162
SHA25604b040f038297dbcb2a5dc7704d41ea87a1f42cd303f136a8f520c2822f18ac2
SHA512f48c2380df9fb8bb2173caf093bd2bba3a2530e5f42022f888da9f69d4f4d0168b021a26288f36e9cde506c9f3b303168692ee044231bf810ad8067dd04270c3
-
Filesize
539B
MD53567811e53dd10fed3dd5a793863e0a2
SHA125205b10b0d6f3c83831a56492ffedbde62b200c
SHA256871d8f866f0260f761f5a1420ce7a4cf7352cfd5d5f8622bf9dc3b152d7f45b2
SHA5125041199f0d1c1c789555072cbb2c5cdd6ea8b0409f572ad7ffd9c581f1ed0879f3521b1b69595a88e79926ddd63e25b922608912f4ecc01314d666bf92d5e7f0
-
Filesize
539B
MD5edc9116023a98de01d7ad0fb9521bbc3
SHA1801caacaaddaeec658b5b53b9df6617711a201dc
SHA256e7e5e4379972c006aa1e936e5169f9dcb1a1c0a7600192b095beffe9aff2bad2
SHA512115ccfbfd018e4bb8e90c828bba699519f4fb674bf3365e804c9cb36065536dac6137a3638e8f14b7b172349914c43d6cf2988edac571fa9705ef7b01e3dda1a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5b08acac3f4634fc03c7507f168eaee22
SHA1b73f0038038fff57803c380cf0310ae38a217f68
SHA2563510a086552d859d6fc1ed575591cf8dc8f82cdef55b1997380cc3b84a8c1a52
SHA51217b338e7febcb6f3c5f95bd3340d84e052fb9922de0f2c9d81b7e6ab314dfffb9791dbc72394065a4ec39aa5c18ad3c82b2f4fb17ea006b5a0dbf782704ce729