Analysis
-
max time kernel
283s -
max time network
285s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13-06-2024 07:35
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://bojagicard.com
Resource
win10v2004-20240611-en
General
-
Target
http://bojagicard.com
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 3228 desktop_shortcut_bojagicard.com.exe -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/files/0x000500000002293d-414.dat autoit_exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 1030.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 4172 msedge.exe 4172 msedge.exe 1496 msedge.exe 1496 msedge.exe 1916 identity_helper.exe 1916 identity_helper.exe 1104 msedge.exe 1104 msedge.exe 1104 msedge.exe 1104 msedge.exe 2564 msedge.exe 2564 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
pid Process 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe -
Suspicious use of FindShellTrayWindow 61 IoCs
pid Process 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 1496 msedge.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 1496 msedge.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe 3228 desktop_shortcut_bojagicard.com.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1496 wrote to memory of 4636 1496 msedge.exe 82 PID 1496 wrote to memory of 4636 1496 msedge.exe 82 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4544 1496 msedge.exe 83 PID 1496 wrote to memory of 4172 1496 msedge.exe 84 PID 1496 wrote to memory of 4172 1496 msedge.exe 84 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85 PID 1496 wrote to memory of 1412 1496 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://bojagicard.com1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe925646f8,0x7ffe92564708,0x7ffe925647182⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:22⤵PID:4544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:82⤵PID:1412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:12⤵PID:760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:12⤵PID:4548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:4476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:12⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:3572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5768 /prefetch:82⤵PID:4280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:12⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5212 /prefetch:82⤵PID:1280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4564 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2192 /prefetch:82⤵PID:4564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1360 /prefetch:12⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2564
-
-
C:\Users\Admin\Downloads\desktop_shortcut_bojagicard.com.exe"C:\Users\Admin\Downloads\desktop_shortcut_bojagicard.com.exe"2⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7317344288223276374,10626838347072128935,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:1700
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1812
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4140
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
Filesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\476ad030-f6da-4a1c-ae41-cbbe9dd87ca9.tmp
Filesize1KB
MD5136c8c50c2dae0523137c186d615265c
SHA1ec2029a96ee11309fbacda033964b47614460df6
SHA25672ac66a6992e6cede8755104d8e63cd918120927b72bc6fb7fb53d74ac5c591e
SHA512c675d56ed482008afc48bd4ab494aab1dd84371b886a3c12e94a6cf4ec495094ea18bada8797ae07b2c61b164fa42865a20f8b9302ac73e37b742636ba858333
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize720B
MD5cb98a23ed155167d278cdc0a11e81e3c
SHA1203da9ad695f022fbe94521afbacf71f81cbf774
SHA25649ba8f7ba6b49e581e7e9b4b3098c8dfe2606c503262c02f993127f2a48ae015
SHA512b09e0fed9caced58234dbe26d4a81681380eb853119addbe741fe2db1602b4a7cfd4659d385975e63f41ea1a4e448e7666b8d9d51d4d88af737375c81cada8f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize528B
MD5071c8e59c1f4cf592ea37826bc006fe9
SHA1cff1bcc15999811b6e6261237927443e69247c17
SHA25630f7e9ee917818359b490e75032fa44450fe03b61cbf79d4164daa22f3410374
SHA512824168ab78d8082cb9ed5b7656167870d473bbda784d51755892aee22f9cd08ce89d0876e70cbe6bb8cd9daefc381a19068d6d6250ab10e6d0165393a5d0b2a5
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
111B
MD5807419ca9a4734feaf8d8563a003b048
SHA1a723c7d60a65886ffa068711f1e900ccc85922a6
SHA256aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631
SHA512f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c
-
Filesize
2KB
MD5aafeca8cf16ff1e4e7f8ec06193da28f
SHA15bdc80630fdf60ec465673b65f583afb14e6d71f
SHA2567af363835ff52757ff7212a0e58b0a7aad245b92c4762463640b0becee80b53c
SHA5127dfe76dd2271eff1ea2cf2b0d16e8db5b6b0a160248235a9d00ee8bd9ccb37806d242f715f021f06f4a44326055c0db45307d2143c53160481ef497ae0dfe84d
-
Filesize
2KB
MD56b3a1f4976ad364daa7692634b09d0d5
SHA1524b9b44363bb4fde70a20968e6fd0443e367d39
SHA2562e2802f6f6f74f1b10c047de13eece26b376467ed1ed92a11854a4a60df219d1
SHA5122be9643eae32e37c0d7ca83b2a928560830f4fb83dc13454234bed52cbd9e54c03556351b8d5cf8353d3728692888c047e3cf2a6970e52a0162798f6d1943888
-
Filesize
2KB
MD5a193f3fcc1bf295efe847ac16e5353f5
SHA14406e20454df365c6bb6ad7ac3855723bf32a691
SHA256931cab1f9ba08421aa3ddf76f91037e935847623794af60ff3ecb95193165e57
SHA512b731881fb9cdee8b310c553cef34c3ad5aaba432a00f4d6852e25d0aea1e933bfe522b8f04b2a98994c503c10eac9916dfccbeb87cfe7d4aad70534dce591c7a
-
Filesize
2KB
MD58336ceea7ba89cab6dd02c4563f0916c
SHA1cb568fded022dcdbbda6c4341889951daf86016a
SHA25600de3ea369f61d91b7f8cb4c62a966501240d6f347642a6a45f6faf935b52ce3
SHA51297e3f0c9e81df8ffc259addde4aa83f0353f488f1b42c7db84105c001bcc766d214c5ab4a0830d3513393fe581df27a674d657791e9370fb1b3a96b58e4ba378
-
Filesize
6KB
MD5eba306d140ce3cc40e3285ac2885ab37
SHA105b1ccf7e7f8dd22671d4a6abb05dc719418e7a7
SHA256d16dfbfb256c60f0bbb962c6f76ed0d19b41a54fe4e46cf94e46bad4f7900c25
SHA5121d082ac8e6934ea8017e613deb2aecce2ad3d963abd782cdd3667c645c5666f7d8d1ccd7502b4441a4a69ba371423a1f44415915df9d4a4cf0b9ef567e48a740
-
Filesize
6KB
MD585e593eb9dd3b7029e73869b8e4701ea
SHA1bcba00ef6d53e2888240026ef5b281f8089fa3f9
SHA25664eaa8fd96ea44be297a67e8105857e9f79f163db1cf17172dde41c264422b5b
SHA51217bb94df2bfb64645ccdf5fcbea56fb4434512f10bafcf7429009b66760bab6ad801d752de734ca80585bee2f4e575dcdc1b54c7e1d979f956500f449cbc95e2
-
Filesize
8KB
MD5805fed39148cf7d16b25a5994d8e49ba
SHA16931fcd8710af131b0284fdd7f5b06b0463c1808
SHA256ad3503ef2dbdf62f34ca5b9665e91d39d271855568219cde11e9a84a0f0a4727
SHA5129cb92da7353f09eb9affe40d3f183a1ee69dc23124cffd2939713c89c080c41c6c4998bba6e3c890e5f0665bb7ddeb06ec189a932a24cbdc089e4b08e20bba23
-
Filesize
8KB
MD5dd68d92fa4e403225c474156ef774f93
SHA1ac6da8e9f4cff6c137a68a72fe1d6a1aad11d7b8
SHA2567fcea3304cf849a0c305ce69e142911d53592fd04f71d6fe0f89136e37c8ed4e
SHA5121a195d6f4072988369008fac504caf62c9f07ddb74fea706752b61873eec53b78105002fd05b4c8dfb1e515b792f31a0553cc5e28a1d17ab6bd93aec9d698e21
-
Filesize
8KB
MD59ee0d8fd8b1626a55222482a201d8bf2
SHA170f79a9441dac0a2673510b77efcc083a667f2c1
SHA2562b9c589e2243328a714ee25dffdc3a5bcdb8fea8e141ed894ba73a1a207bbd22
SHA512e1cd7aa2951e72f6df1b93e8cae8589cccfba343a35b0747e724027f757d2acd2b9b09ae0a1461948df531628b8938b061ca9076d59df059674a01a58a95538a
-
Filesize
8KB
MD5b696ae0c169945fae539892848a7e2fe
SHA1e9611f4c37bf0418d2b053312967b7382c72b672
SHA256ed26f0d65c001fc81846ef024814311d02591c6c66ef0ea5d832be1f0668024e
SHA5121559add4cf4e273c5d3f1d672b9c5b325ae125e2f807622ffd049ff460f8f127f529a6eb50fa32960b8724c4762bc65e9ea0dcb00afeb4fd86327565a9388d35
-
Filesize
368B
MD5d786867eec8d39943f19d9fbe05b71f3
SHA189cdb3a1146f604ca72beb6eb2adf9c6fb3ae924
SHA25619611b77c3b92d182ff74e57a0e3bcafc67fbe3ff66bd551a3b465c285cc89f2
SHA512dbb024d8d39aa8e4aeb233078a0f971885140e3cabc7bc30eaf1a31a6438a39e962ac0b66818e3fe39f9f4e6c05e86320bf4bde82e72a9105119e284b94490c7
-
Filesize
1KB
MD57e21b70dfb199d4036ff8f2350206f62
SHA10973ce7de59f842c1369bf731100b03201fb283b
SHA256ee2a2fe2a92fac2bdd86d32fd46abbcb74b912628bcbccda495934aa158add70
SHA51201c90eca48e244ca79e16f67df6bace024dd8ab0a78e818bb3d6c4147031b90cb9839bb2f7ee5fc9e5596de02745f0e560b5fd312b3925e347a1d3129abc7fb5
-
Filesize
1KB
MD52876b6d08f21914b3f7fcbdbdd62b1f3
SHA175414ffd66f6ebc33c2677ba08fcb0ae86d53115
SHA256b85dfa6caa9f369367e41e1049edb394f32f7438c74f46aaa83ba09952f17152
SHA512944cb6da698b61064bdb25466772ac4399ce3bb16ddf46ef3a226547e87f0a97eedbe36460c1df25fff1e91e40777894b46bbb2e7f17355a17d2e28b8d9f668d
-
Filesize
1KB
MD55dde7c1747b1fe122dced98dea039c3c
SHA1babe78121e0197090c8387933c619268e551ab98
SHA2564798074e18decd0e2e0d62ce7094415f20f641f7b16eef5d9e3d03107d29b3d8
SHA512efd291bef66e4465f1d4619180d83dc25f24fa088b02583880fdfde0b16b4d6574678d243aa69c9e0b0c1e4ea245d37e9ca7612e6eb1c4efcf594f3022e02c6c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5187224c1f4a5a910562b2102b63185d6
SHA1b1e8ca34ba0d2fd7390eacc75ae71a3cfcdc3065
SHA25645324d85e1f3b3d2c607068f68fdb1135c42baeed9d17a03df2df92222ce6614
SHA512584ff384411b8cd30d6fad6660a93832adf39518bf6277f740e6765e658f7c7b46bc30ce932a86884bfc151bd9eadf4dde8cb9342930683e4faee0d4f9dff2b9
-
Filesize
12KB
MD5bb873bc4ba8172152ba4051868fabe3c
SHA14c0f1a469dd3730946b6cb09d4fe5f32bfe2224b
SHA256f4bf8ce275fcf2d06a82804f79d6abf15a4eec4f4a25c337ad922532eb635508
SHA512a1f4a41871a4e32afcf048a368845a9088edf690e5f9da5d0523d0496788de2b1cd02aa4ccfa7ce5bc0e3133d0f237481be405a74c3e55b6ea0984c98dd4e99e
-
Filesize
12KB
MD58c3276f4887815170fc98fc4babf19fc
SHA16bcef67bee33d3eb1cdeb1fec033f47ddb19d586
SHA2566e221fae41a778d471d82ca35462e617380ad56aa54de1b0a955d90c8d636049
SHA51240cd701747e9de12d1f464bd688b416e13e0b2965d6b7400a397c4cd2614849d793a760914730c742cbbbd3edcd1ad893a57683ba3dc0518fc7f0c8a3fb973fd
-
Filesize
12KB
MD581fb4ab5e5a65fb4ba517dd70730b120
SHA128b050a33cd0a349e0b576fbfb05ffc5333883df
SHA2568afdf1f329af87c820f0204c705b60fd3bde7bdc3bfc530564a086863be1264f
SHA5122df16c8a329c99ca998cbb26834a597d9660df6f84f0ae072444288f2c42192a0c82d0778c5d1fdfc5f1b2dc9278cbcd206b0705e9b58b4a475abf824eb30c4f
-
Filesize
12KB
MD5bbd06fb20bd824655f69deae2fa6541c
SHA1177a15e9bc00aafbbcfac3609ed0da3804519960
SHA256795a26a1227b334d8897251e68ff7844bdbd54c330e9f3d2d7df08fa3157b426
SHA512d2033856a68f64a201e24e3be603789670d9b3911950d6feb5f0c2bef14a5f68c05c7e732e9a16cef78b43fbe840ea10c7be775ca6efe70ae984a1494e116e94
-
Filesize
983KB
MD5534b5ad1e18cca73c2071cb9fc7f8b32
SHA1a992de7210841097a888e1c577f029b6315354be
SHA2569c363458977306d3b1521dd0e9433b7f973eaf194577a9a1948e0d092aec1379
SHA5122eb60e93c7275bdc09a4522bda89fe90030b3a070c9b2839e08ad44c92733697809816af1352d1bca140d79925e7a8a437d436213e999637f0e3f2a0c2f70f94