Analysis
-
max time kernel
110s -
max time network
112s -
platform
windows11-21h2_x64 -
resource
win11-20240611-en -
resource tags
arch:x64arch:x86image:win11-20240611-enlocale:en-usos:windows11-21h2-x64system -
submitted
12/06/2024, 20:20
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://minecraftshader.com/jenny-mod/
Resource
win11-20240611-en
General
-
Target
https://minecraftshader.com/jenny-mod/
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 2336 msedge.exe 2336 msedge.exe 1528 msedge.exe 1528 msedge.exe 4016 msedge.exe 4016 msedge.exe 3476 identity_helper.exe 3476 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe 1528 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1528 wrote to memory of 4224 1528 msedge.exe 78 PID 1528 wrote to memory of 4224 1528 msedge.exe 78 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 1524 1528 msedge.exe 80 PID 1528 wrote to memory of 2336 1528 msedge.exe 81 PID 1528 wrote to memory of 2336 1528 msedge.exe 81 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82 PID 1528 wrote to memory of 948 1528 msedge.exe 82
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://minecraftshader.com/jenny-mod/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9b6b03cb8,0x7ff9b6b03cc8,0x7ff9b6b03cd82⤵PID:4224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:22⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:12⤵PID:4212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5080 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:12⤵PID:4648
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵PID:4896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:5044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:12⤵PID:2044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:12⤵PID:704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵PID:4388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:12⤵PID:1612
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:12⤵PID:1292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:1532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:12⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:12⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵PID:5560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9396 /prefetch:12⤵PID:5780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9496 /prefetch:12⤵PID:6060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8596 /prefetch:12⤵PID:5900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9612 /prefetch:12⤵PID:2308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:12⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8224 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2336 /prefetch:12⤵PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9428 /prefetch:12⤵PID:5736
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1944,7907675152736613905,12378513325205432488,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:12⤵PID:4888
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3092
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD564f055a833e60505264595e7edbf62f6
SHA1dad32ce325006c1d094b7c07550aca28a8dac890
SHA2567172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99
SHA51286644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a
-
Filesize
152B
MD5a74887034b3a720c50e557d5b1c790bf
SHA1fb245478258648a65aa189b967590eef6fb167be
SHA256f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250
SHA512888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\924da1e9-34f0-4044-86c6-971dd10c9e7d.tmp
Filesize4KB
MD565914cadab28895c01ad4e0deaaecd4f
SHA127c20c371b76f7af4cb8fb052f610a399e5c1bf4
SHA2565f09e09f96361b52fd56308244497c7190d9a77a10fe1de5d4c26cfc5336de58
SHA512bd4c21591a8e00a88ea797db722ecc9eae5e36dee38ef706f16d98e1bef7a64a7f83baaa64e89f14f07efc1e4ed0c693ca814daed1caa727a9963589605b4950
-
Filesize
19KB
MD5f0c0412e4f7e8ebf6e1c8738622abdf4
SHA17e5433f4d55ff103426fde504031eea535b3d55d
SHA256a67bd5961e1d3fba115d8d04644accb4df135aefe880d03d7e66c404c85b47de
SHA5125d228fe7f147e41b874a167942c017c130cccb61fa05f80cdab0911dd5e0185b8974c93ae9877c5d0beace13fb248bfdf717b29d450b12e08e2230c806232638
-
Filesize
33KB
MD51aca735014a6bb648f468ee476680d5b
SHA16d28e3ae6e42784769199948211e3aa0806fa62c
SHA256e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86
-
Filesize
19KB
MD593069ed141b906f40645ff8d0cacedbe
SHA144f6f2ae47c447dbff22d4a105a48383dc24d8c1
SHA256b6631d1b36e91ee87fd91575b16ebc9bf6bc264e85e8f0d37bbf7e08d69d5681
SHA51290eb76355d2be14f89ec2c8a72f3f8534619c22b5b562cd062526351771d006206c7def2434ef5cc22f3637ccf275666c984a72213aae2998bf7623f930308f2
-
Filesize
19KB
MD5e78f9f9e3c27e7c593b4355a84d7f65a
SHA1562ce4ba516712d05ed293f34385d18f7138c904
SHA25675488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA51205f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286
-
Filesize
248KB
MD540f2fe967034678cdb39a1f87c7a1ae6
SHA16923b995c9bffa303b1d9d356a29398b3c4b297e
SHA25619c1fab4197fdc86d1e1ef90c4f0719621bf2cd815152680418ca8525d1524dc
SHA512bd45e306e37fe1a329fbb5d85865b66a7763f348652542069ef94129411e9c834e4e54bbafd7334fa1c84a30ea4a38d77463b03997b10b5dfd4b8e84a11a4fc4
-
Filesize
64KB
MD5e9d809a1d7fd30047317fbd43fae61e9
SHA1f787ab2f19856948bd9ea7aae25f45b2a8d08d8e
SHA2560ba8c1a3ea7999dc49680abfe030219c514214972d20197ccf7def509471b72d
SHA512e91109af437dfb88f8f97df5795a25e4efaf1a2fcf9ffff8410f19a815bcf80f62e21fe9d5de7e5b6df5e983eef8393c806e5df48353547a02b81c0780fefc50
-
Filesize
103KB
MD534b8eafe7999d7080fdd5902f7754a9b
SHA1d070c338cd62a80523198b3135f6b6e1a9e1b7c3
SHA256ea2861af6046769bda8f778b66058aa3ade2584279377b6f4ae6ec5f1b8df43a
SHA51243368f863c9f9a92b8af4b49fd731355ed17947d90e9c8df6fffbb289ee54cb9d9111cabbd8671c34104ac371de921074acaaa2edca204b9752dfcd6839f66fa
-
Filesize
160KB
MD5f88a71e9b25fc7d8c63de3ce0f3a796a
SHA1e1c5cc34f71d108d46de5f6f25078f3652841afc
SHA256214f485c5eef87bf3f4b4cefa2d381eb425fd2fcd2e904e7c4704576adf19863
SHA512eb92a0925f7665b8ec97f3d7e34bfb2e4cd04a1448b91cf27fea98407305dab007d81386b286f538d8ec806f4203e26a48a479c668888c236a7f4216e5f4545a
-
Filesize
14KB
MD575d92a270d5a368f79d925a33bc2afda
SHA1e8cd8eb00c92c602ea550cefed93c61c266e637c
SHA2561d65642096bbaf3179945c4a4b3b51ca4ae6e43736ec3f4b40abed4bccb54083
SHA512763ae91ab81775a486602aee6bf8c2241236b96505ed4d46716971302edbb6fd10c7ea8f5847b44751090938949f7d170fd582dbf48bc826f430d1acb2b69388
-
Filesize
284B
MD58aef61680173579454095ce9b7925848
SHA1b85661e38a8d8c2587adde72a651f86c809a4eed
SHA2563e76ff1911d72bd2b091b8cf76ff0fef38cecc6e48007b98c3514fc2580eb6e2
SHA51241febb4855ecc33da55d33106ca31018feb5fa1df1272bfaf1d64ee70aae517b2bee4e4fbe78bb6927355e8e0eac8d5373dced32ba57aa54b0fa19ab5293e294
-
Filesize
53KB
MD5122c3f8c9f320c343f2126403ba31300
SHA1e5923c34b32b151e5b71893a46a2b0ab4585e5b9
SHA256d52d4fbdb28276c0127eda6e8afa95cfdd7a3608928dd657e5efe5075654f51c
SHA51213aaeb16085510e706e65528df6a359284225b0f11dad75f9832e4bfb506f6de4778e9d0fd605d5d75447c54e9e669330688702db79d050c5bbfc5df36407852
-
Filesize
33KB
MD584a0c8549b03e369d1107b8fe929f7de
SHA12abfe0de4fce0a34b0d442c75b076ea60cffe130
SHA256a95e45299435743619015777a8ab1cf13b7edded33ca52bd3257e705d505a63c
SHA512f8c93f13137e8d6093af6ad3e5e86da6e448a1715e877f5cb73239bd4a229670e4c920ccbc67d208921283411561bdec6c949aacf3485ebb6f6c60f181dcda10
-
Filesize
3KB
MD55b7a7db02be36aee9d337cbbfddbf448
SHA143ff44a66282f21885e5f3302d86aa2e956bd96e
SHA256a4341ab6bcf698bf0225c5bbdc7a5f08bc3baad5e84c1f11cf0e4bcc9e498b1d
SHA51235c88b68379b9defd00c6788816938ff2c99a9882cc84a8bb15346cc529741c8ddeec641d7f73b1f26a98c914619152561bfede9db9d8401efdbaa396e9f9223
-
Filesize
55KB
MD56ff92c774532090e187263598c97f40f
SHA1c757d95f1ac4865fbf2b9dff23de7b15e25d2f6b
SHA256042ef9756cf2d1eba5ae6ef439a16771b640ab6ab6e28c9dce1920bafbc91a72
SHA512b9bb5554efe19f8c09963736b09b80625f603e00d73343af646ba8c77e5acf536e0d3f0fb3f98845d5d72a89c394a168c65e9d9d942d4f5eb7c62fec6ea4f963
-
Filesize
54KB
MD582c5a7d812030019b30d636e6e7dbbe6
SHA130d366f15e17119f664bcbae80b5d3a3195e530b
SHA25643dbd221e7867bfbee2a094b0d6dc0c51ab0a1a5f190523b8aebf794cac6a597
SHA51203c61e71bd02917f7c36591418e526f9d35c1f8c711a4a452a58cb6f67182dda7bf3e50dd4aec6dfa63ed5c832ddc77ce6773b548bda6d4fb4450ebbcd9a18e0
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
12KB
MD5ff8c7368d4eab2b1829ee400442ae193
SHA1274621a326500e07fb2ff4a612bcbcad88ca5922
SHA256c0fc2e6134275f1110dcefaaee46b2bec49a6b9acebc0879c4feb399eaeef2b0
SHA512db34bf4a39524c65848ee0e5aafb70c708d4e1e53b1dd18ea2fceccead2cb60351e50198e34b770b4dabaa844c9682d3e76f5ead855a7a0b2037f860e9a159df
-
Filesize
5KB
MD58a042c7c87f1da8421186403563a19ea
SHA1a44c9f7cbbb073992ab89d18f534dbe069de2c0e
SHA2569ca85428b4fea380b6e95bb5e83fe0839541eafba04fbcdcaa8aa77f17791cd4
SHA512e995eb164eb736342fce6fa35639021bcb11b410545436f49b72423ed6b9702804ff458aa777e94114f89ea69a5908719d69da5166725313e8b7a1da52ca9437
-
Filesize
10KB
MD5699abc82d4bfcb0912d5d22fc42fc965
SHA131c44c072f7bacbd987aac16f01e72dcc37c1f5d
SHA256b7d37e1c85f37643bda37323e521aa9d357109ce7f0f4f0c9a786ed62a0adc73
SHA5122961f5a6902b004598b307c40bcf5f1722bb261fa48432c17f96c5bd75504bbf2b3faf065f379f28536618a1113768d235eda47d11e19890cb9ff6515f3a846d
-
Filesize
2KB
MD581b7458cb964cb3c1246d61d034fd9ad
SHA1283b3a3fb26848f3f524961cbab7d465ca882442
SHA256b827ff88c895db15e53fc4e5a15da7db56f5836802524b88d63c6abd27ae26e1
SHA512ca37b89db980c8fe357ca8e13064314c4fa1cbeb065316174ea3c456afff52d555a15413a00fe3d48dcfc3140776809e0f17f3dbbf24c794501166e4e2ea1e05
-
Filesize
4KB
MD57b6d4e2cba85c1aca19515c04baa21ab
SHA1c329cfbbf156ab4a5a09a226129c42b48ccd5bef
SHA25635cd2b8657c796a646a096972bf22b2804c834c50e31d17b61babc3d4d8c6737
SHA5125651961999897bde5907ed3bf30db2c7bb84b58225248bed8598c70b95c2f0514398a59f0373219bfd1d60d0fc7a2e0d2e571ebfa8902556f23358f26602a0b0
-
Filesize
3KB
MD5070446b54e90463cd35ce5e43e138a7b
SHA1aed4b0ff499434c4c3eab5c6201b673af7cb2fa9
SHA2561de5504f76d393316b25ba9cae81dd3c593e334f91a982670bab0f1273967265
SHA51251e97ccc310670701d17493c10e65197eac76900b8667aa48316597d80d46a03b185fb7e21f49aeb410318a4d7aca99eaea5e0a848b80a68b3a52f317df42d71
-
Filesize
4KB
MD51fe20dd38afbe30098772e0aef672a13
SHA161a66510d59764e36dcfc7ee61f36eecb5f9ffff
SHA256b05718e664334dea011ab94d0f05bdc366acd9b831b097ec77ec2691751e26be
SHA512fafc248e4c8fd5555b3d7dd8bc975695cdfb1d6f6926cd26298c88c25b0a4e28cf06f1bd004c0c40dedbc5175da04ee4f3aa6244f5739825494ba8f2cdf67ef9
-
Filesize
4KB
MD5efa05d968c36d9830446c7832f53ded0
SHA14b4a85644175eb420e8911167831a17ed78223aa
SHA256dd7603a9cce45175c473e3447bbf9028b0de51c71bccbb33b59c816456a3d191
SHA51274b6e2aa4c04d2720b888ca0610b12e9ce284064becfc556675193255b858eb37887442c9e4c08a7ab984d3b26e8657bc08bb024ea3a9fbf29402d015b6f4a58
-
Filesize
4KB
MD57c5ca9159a03fd60d195b0c593ccecb3
SHA1bf7abd6ea0325e51cb262056b5e0613406bd39c9
SHA256da5d2632fe730e4bc80d20f6a239d6d13593a60297082f66c5975ec12fe5d32e
SHA512b8eaa58c27479e9d5e1a6cad6f59792845e5e5d0eb47c8215ebb033c4effc2127f243f27a401a615b0c96400e39cef388755b4adbceaed8b16090029b48b8598
-
Filesize
2KB
MD503e69b5ef3128223fa68443ab9f8d77e
SHA110d5d0f366ddf7fe2ad7d968b7f9fed38666a1c6
SHA2563a20676bf908d5100569bb5643b15d1b584b4adca98e201a498750473368aade
SHA5129977c539b15c04aaa8b7ebb6e68bf65f42febeebb700c89ad4cc4f67941bf469f72686e66daa1fffb586f6890d9e4cd8a2be764532403da85da3d31393d3f7f1
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5c47fcfdc7111060c694395fcf88ee333
SHA1f5ed101cbccf2ee0c06eeb94f7b73de02e04771c
SHA2560b37821c38498280c9c291d2757f94bfc68e488e12c3c5c8fc391bcb437dcd48
SHA512cd1e5ba6d86b2227d35267ef071a0dddfa532c7544c51ee59eaeb14a0c459477efa4c2acd3015c9d7df3c2477ccf09b1d6cde9c0ca44d9463b74930e61cd9448