Analysis
-
max time kernel
149s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
03-06-2024 12:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://https--application.pdfcentralapp.com-.lnk
Resource
win10v2004-20240508-en
General
-
Target
http://https--application.pdfcentralapp.com-.lnk
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4976 msedge.exe 4976 msedge.exe 960 msedge.exe 960 msedge.exe 3832 identity_helper.exe 3832 identity_helper.exe 5272 msedge.exe 5272 msedge.exe 5272 msedge.exe 5272 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe 960 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 960 wrote to memory of 4500 960 msedge.exe 82 PID 960 wrote to memory of 4500 960 msedge.exe 82 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 1112 960 msedge.exe 83 PID 960 wrote to memory of 4976 960 msedge.exe 84 PID 960 wrote to memory of 4976 960 msedge.exe 84 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85 PID 960 wrote to memory of 1828 960 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://https--application.pdfcentralapp.com-.lnk1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:960 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6a4b46f8,0x7ffd6a4b4708,0x7ffd6a4b47182⤵PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:1112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:82⤵PID:1828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:1276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:82⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5304 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5020 /prefetch:82⤵PID:4472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:12⤵PID:1396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:12⤵PID:2216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:12⤵PID:2684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵PID:1500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵PID:1692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:5668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵PID:5676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:4792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5272
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,1436417828042922531,6442421168279052214,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1124 /prefetch:12⤵PID:5356
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4396
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3564
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
19KB
MD569ef77257c7fa3a494a232f90b05d55c
SHA119dc83dc05f718e9693de231d48bf0307d8d29a2
SHA256d1ec04bcd468208a30012d660d1e857bd9d4d937957d45bb10cc7483de435421
SHA5121b95ee10d622e1468e04691dc47fcb59da6349ba8cdc0814ac8d27a0ebcb9c09692ef1b86533ebd59f2bca87f3340cbe032a011223afe4e7db018af47bab38ea
-
Filesize
19KB
MD5bcc4b91575004b43a8d8784b3ce12385
SHA1d3248f3bdaea64ee97ba0196051000c31abffa38
SHA256ccaebf2f7e94b54ccd54438896cc4c3867be5dc986527cc71f57a9404d07af41
SHA512a1c3dc049ca0252a442cd9fcd7ca4786c43b9d0086b6a1273c224c476e613c53f4966c88b6c5350e026da1e27ec977e3ee6a9b53d33eea9995480d4b41e7e98e
-
Filesize
255B
MD57948ea05c00ce54491fece6d0b4fdae3
SHA1f5c1b736716586108edfe1fc4a216161c8d63879
SHA2561448920eed0a19aa6b8e8aa08a8a6a2b08c3ae9b47e93c03d7970c84bab7fd96
SHA512ac670882e341af7e1a20684b5e135fb7229bc955528366ffaf200b7a8ddd174a028f0cece556b75bed82e2b59265ed21591ab8d94342808b67a5c300f9b95976
-
Filesize
249B
MD5b85b73e3db26d1a5d649a8c1fedb4ab5
SHA1ef65156ead44b4e1d71c4492fa9211fa801d3b78
SHA2564ee61cf9dae4d905d9f0e75ee249e75d7f38240cf8142dd8a4cb1a5f3a925f4a
SHA51272e24d4c02ee5cf0a54fbb0536eefe114a947b4187d5e8ce837be58e2bb222d0ad77d8fbdc6c6ce7aedd268df00fa9392430184bcc45c96c4114605ae289d277
-
Filesize
244B
MD573f67f2c751d3a2273ca754f2dd84530
SHA1a5a56de5ee35f4b4b4d1e9f6ad3908aee138ac11
SHA2566988688d7e6d6522044c3974fce181ac47e37d308d2f78a175643bdde9e37faa
SHA5124cb5b067322ec11b82d1c3d21b0565e62e57eac81ceb6312398d02771657f0c00325884579de5b6af6fce4fce278875b85b9d01aa8b52e8ef1ec2cfbacf911c7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52781562a1a14f6d264c6d5b714dcab24
SHA1aeb377beefe6918522a808f0074c1ea30c40336d
SHA2560a6a5723ecb2f0c918f82969cefb7ad471b4cbf559c9074db77f8eace42a9127
SHA512eebc497ab53d07527f01cb48e523e47b599e22a23aa27dda8fd00cdaf2c3377f8ec8f0a64abac8662e94226a2f76d988364fa4feeeb4b036c7f918000f6e9078
-
Filesize
2KB
MD5285d02b8b126f0d2c47f9fca433e9764
SHA103a09607b36a120188a5fe93f8c82eec9350751e
SHA25600988162ea23f8f4adb465ee45f594dd894a13b5b146673d5d6f48a7dca12ab0
SHA512e0720bfb0c70a072e6392f8e44bf9c053d07adc33d9b01e1dfdeb26caa0a6484e56bbbffb3abbacb16a665af8e8db94e5d3fa820c4737ed23a59827af893d7ed
-
Filesize
5KB
MD5a545280cfd83e834306348718a2e03da
SHA114ae002faeed867ca8eefb08eb3ece67f0f4dc5f
SHA256aa2ea754677cb2ee1ab8b90aa5f335300135c38be0beae83b5f1e40b59b0bb16
SHA51207b1b8d3f2cc5d82cf3ccb09ee738cafdb0cb9193130eb1559a05311a83747e49a0e91f4021be11d1e7d540ae020ddc996f70dd307a9cc1e5ca96f482f0f8e85
-
Filesize
6KB
MD578e3824a75ccb0d3d99296ce6fd11ff4
SHA11e37e6b7a3c5081c44fdf07481292508a6ddbe72
SHA2563ba39cca14ba499be9ac5043184761bfa04486c354d5ecac10ebfeb39bee5cbb
SHA512b21f7738f854183cea3487a3f0c888fed3b40a2254483cdd3c52c9ad1e514998957e17d3850c7e3f797daff552d914002ae3665d27cce56c0d8211cc936f2f2d
-
Filesize
7KB
MD5881d29581d1a9ff152dc9bb75b968b91
SHA1b880cf4bf2f9699e0f5b0dd39de0668ff15d15c0
SHA256104acf75d9d738d98c09ad3db4fbf1cbfc8075cd4cfc173e542989749da514f8
SHA5128f3f1f9917064a66d718cf1fe36eebd6e0adba5316b88c1d1f6ef27b9f7d312494ca7d49c1afdfb977ac360f594e399cf4c85cbe2b841d1291615cfec43322bf
-
Filesize
7KB
MD52fe6189d4744e67240147a9118ab0022
SHA1133619a51ce9582fba91bfab2199d5633c80e1d7
SHA2565fe09f5f4aee09243478ebd72d5ae7e6fa0f54a38d965c84ea253497141b98cb
SHA512d58382f769fb19572beea7442e0299604d724526db74a2f22d7d4e0886900bda760330f43c2223f0851c720d02ffdddb7dfe108fe6afe23b4dc7277153200d1c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5760568461a389b8d05ed1453f95bdf80
SHA1ff0c82a33b3e987917bf4ea9a8177be3e7e368ec
SHA256dbe5013df541aa6b5355ff55b7b4e36979c3bc2144580eba99eb6caa73354fb8
SHA512b4c68b2ca61c49e1833e5f91ce3ae520e94541fca2d3d50e116870fa52ae53e9de4fae1d8f97716e790c804acb74554584c1b86f24ac1e36deb96212f7a98bf8