Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
30-08-2024 22:25
General
-
Target
714b920e2e9691e98d269641f49a958a9324ed6bec404620c4fa2db5624a7e27.exe
-
Size
843KB
-
MD5
1538f2496409067d29289d9223e22a39
-
SHA1
a5b76c1277270fc2644399fe9ada46fcf7c20489
-
SHA256
714b920e2e9691e98d269641f49a958a9324ed6bec404620c4fa2db5624a7e27
-
SHA512
04b94808d1f79c526cb673b47f75064bffaa28b6b44ca2efc669fa43ddbc7091d51722a8781d6b29bee46eaec3567d1f80400678df3410d3a05bd828d90ad4d1
-
SSDEEP
12288:lGWGDHK/4O4v9tIr8aVwDTadGRmNQ51038WcqhVTnvJkxmwH4E6:lGTX9tIr8gw/wPS638QhVN84
Malware Config
Signatures
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload 1 IoCs
-
Executes dropped EXE 3 IoCs
-
Drops file in System32 directory 2 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 3 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\714b920e2e9691e98d269641f49a958a9324ed6bec404620c4fa2db5624a7e27.exe"C:\Users\Admin\AppData\Local\Temp\714b920e2e9691e98d269641f49a958a9324ed6bec404620c4fa2db5624a7e27.exe"1⤵
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SYSTEM32\schtasks.exeschtasks /run /TN Update2⤵
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:83⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2748 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3900 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6120 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7046285825321350488,13076629841135698076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:13⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xd8,0x110,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=svchost.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9660546f8,0x7ff966054708,0x7ff9660547183⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
66KB
MD5299dc89a8330685b96df6f4244f7e811
SHA1848235ad62909f86b3f8f3a73d6c4f8b8909f734
SHA25654fbc955be7930359b93d906ff209faa190a112ce47d1d92f5e6637c68e3d34d
SHA5120a935c5fa2d8d535b53690be28dab329fb3b44643182037cc963003546e38cacbed96f47892a5e9a7bf48effda2193d43abfc9817a978802d67b29514962eeb8
-
Filesize
464KB
MD5457a9fcce3c0b3dc7d42809787e7c98a
SHA1a9ecf39e47b547a2b956714ae5fa6e0faf121fed
SHA256ef15e8d90fb469e7d5e4fb64304d48312f4821485177b3c1b0c3e990b5bbb40f
SHA51212757593bae5b08f753c2ff95af51f09c28881346b6bdadd82b46ce759500b625f2b4f0df8522312b82a5a0300dda951ecd5e25197da784ad6df1181677c661b
-
Filesize
79KB
MD5e51f388b62281af5b4a9193cce419941
SHA1364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA5121755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e
-
Filesize
259KB
MD534504ed4414852e907ecc19528c2a9f0
SHA10694ca8841b146adcaf21c84dedc1b14e0a70646
SHA256c5327ac879b833d7a4b68e7c5530b2040d31e1e17c7a139a1fdd3e33f6102810
SHA512173b454754862f7750eaef45d9acf41e9da855f4584663f42b67daed6f407f07497348efdfcf14feeeda773414081248fec361ac4d4206f1dcc283e6a399be2f
-
Filesize
34KB
MD5522037f008e03c9448ae0aaaf09e93cb
SHA18a32997eab79246beed5a37db0c92fbfb006bef2
SHA256983c35607c4fb0b529ca732be42115d3fcaac947cee9c9632f7cacdbdecaf5a7
SHA512643ec613b2e7bdbb2f61e1799c189b0e3392ea5ae10845eb0b1f1542a03569e886f4b54d5b38af10e78db49c71357108c94589474b181f6a4573b86cf2d6f0d8
-
Filesize
17KB
MD5240c4cc15d9fd65405bb642ab81be615
SHA15a66783fe5dd932082f40811ae0769526874bfd3
SHA256030272ce6ba1beca700ec83fded9dbdc89296fbde0633a7f5943ef5831876c07
SHA512267fe31bc25944dd7b6071c2c2c271ccc188ae1f6a0d7e587dcf9198b81598da6b058d1b413f228df0cb37c8304329e808089388359651e81b5f3dec566d0ee0
-
Filesize
88KB
MD5cb2c28a95bf3f86bef5d89f340621dd3
SHA19e94b41219f2eb674154e5468a8349d22241335e
SHA256531a2f4f81564e638bc23cc740879d49a63f1888560d188e5464c12bd0e26a52
SHA51297a71e95747b24ead50f1f6bb3ac8bbf6da97ee19b7a5b37d0e0e656b0fdf1ac9e3ddbbba6789123f47861907c8a45ccce744b4018a4e5629462d060df3cdac5
-
Filesize
18KB
MD51403e903c5d3afe77513cb208396ae0a
SHA12c87bc3c3049b822af7f10d682e0319dd761d0e6
SHA256564bc818eb81421fc97187009a80712b7a9d929f72ffc7196b39182801b339fc
SHA51257f99f234630ea3a692096425bdbf3f9fa06f308c366bda43ae63ff678cc929a8329bbb194775c98a8be265933886b9beff572f5c86f60b4f860012349d86bb8
-
Filesize
297B
MD58f0af3aed587c371ef683dc70bb5de84
SHA1873ce679ad79540cbaef34d1cb17188043386481
SHA256d3e3e5cdf623d30eb7edebaf65379dba144da32af5bed58a683301350fc52b16
SHA5128a95e5a4d99dceb8125d4a336d242f6e92d632b8ea2bf4aed9a9a08b0c9d6161f3eb1e2332f556f5cf5d3113132809baaf1c38188bdd1958d968e612af840f0f
-
Filesize
1KB
MD534c07730a77b2852df37728a30cae98f
SHA1fdc9bf09f28dfa8ec5b569841514f645f203f179
SHA256650d19b873a3b0aba00d0f2e5f7e1856ee8e97fc13354894bd95cabe8c889a8a
SHA5126927afe4a14377f4efb020aa818096521a020acf73d0b6714ebf3e2f48018741c9ddcd22a20e41e6c2cbae61e72521955c44b60b582f5d267e788cc7372bd8a8
-
Filesize
272B
MD51d888afc41849976b8d71bb9108c8e80
SHA14fb6b98f2ac75f379b33d84a92753a85aaf79ea3
SHA2565c858e9ff8eca89394eff6dddb875f4fff7efadce5c8a264a3de1b8a4f21cf17
SHA5129a654eda90a28a3f2f583822b001a42dbf83d11ece1d1e8b5a8e04c232396024276d754e57974581315084c8fa513f1b9136860375228c4ed3b364a986dbda18
-
Filesize
1.1MB
MD58b6a43aebc5d990887f25736bd15f9c2
SHA18bd874d53f2b559f5c86e9ced63d45935335a90d
SHA2564cc424fd377f94f870839779c2209d65b3978cb7d1cbadb7d84a6d0da42cf54b
SHA512b5526afccf6b995cc6471ed9f82eb0460c845d15e879a0490a1527c43d6c41bd540734a158bac18de22bca59bdd1d2e19b209514850bca8ddd472e88bf6ec9d1
-
Filesize
1.3MB
MD5706399af72e615f6f4e5be5d92c95b40
SHA16d62411de3b3a3e71849d2dee0a4303751bea34d
SHA256eddf04530b6881bfa5ea2d66887d52463d37fe1c93c6b0b7a478dc51b15d25fe
SHA5126dd774f405445ae8d60002558c3fe3977d5fd017a9569e5ccbbfdc4c228b5102fe0d6164dbfc52072996ed045e745bdc6e2609b4d6c10412010e816ba32a21b8
-
Filesize
291B
MD5c0f69c082eb9b78150b5ea7638e9454c
SHA17bce5a4fd433955adf9d9fc440794415abfe2a7d
SHA256b33add2469bff66a4dbc5e20a831239abb12e85d1cf99000f9dcbac861e4d783
SHA51221435d42b6e24b4558d2fe92e9ff83f8d45ec5ee61b2a3fe43ff602cff20d2523a45ea15860a8a8761e58c995e6f998173b460b0cf5570658542f7859471e22a
-
Filesize
187KB
MD5291d40b117d2d99991acdd66d636ecdf
SHA1bf7b1edf87672f287bae773bf4bd6eb469e0e74a
SHA256f2267f6385a0b40ab1c7adf3de8d29f49e5ab7527c14a5653bb4db29c074d438
SHA5120e63913cdca538a7567257e64614135ae76762420514d6c72693e59cdb4bbf64d2f2cea9b183ab5f0f8e48a8ad67a167ae3f9d393c3d13867f251b2aef937117
-
Filesize
295KB
MD563d377c94e2471ed1a243610919602b8
SHA182d8baa21540a6e6ab93241a34e3421062e4cae1
SHA256c8930bdc21b580f451246818a2cef35118d1e3e4797c961c5051f7cd6275507e
SHA512dd3e3349ef9bd2cb69ed6d302c8c6f88fc4b13aefcfc058f59f1da053783342b81e05c18fadcab2e2635f3b9bfda8c1930e5d808d1c57026206d4b7cabb10e6a
-
Filesize
269B
MD5459597dac1a3b9ef43b77bdc727fe682
SHA1894d54d5e0afa63b6f043b10cf9d03170f47c844
SHA256d748c149f566024eb7ed602b5c3e1b8fa4d7bd8ae3bf07670547ade3521ace2e
SHA512a803529658c4115d7f3d4efc685f7673e332e27146e09bdd4ed1a477f76e27ef871425eb0d275868b89a48d9218de49433822118d4fb04b0ae287613ff657b10
-
Filesize
264B
MD533d2c0719ac656cdbd76e4174640d001
SHA1b010ae3f49cde35fe2ae483f65ff9ab3753026b6
SHA25617b70cb14f5d85a922ed89a70684259826bd7d4e0e3b1443de77abe9a1d7d888
SHA512baba7a350727eaa0b61b5df416aa7ae6c7c93be74ecc9a8c7cab4c84b3b2f255f6fdef047dce94882d1c9b6d2949a76e942c5c3d1a9680fb861a2edb7670ba4f
-
Filesize
264B
MD59fbd93425cbd6a08f4061862fccc9b03
SHA18258bcfebc755446fa184b761235842afe43ffb3
SHA256ca982efcf8e34aeab44ed2274f118855df4b2ecb3f07e5cd40b960f37f8338e8
SHA51246b4281ee37332b95adadac17c2c3215d0a2485b4b2b12e21e08931deca0d7418d7c71c2ff4e9b12eb4439733c777354acd2d5104d01bc8859f83e3f5182c080
-
Filesize
437B
MD505592d6b429a6209d372dba7629ce97c
SHA1b4d45e956e3ec9651d4e1e045b887c7ccbdde326
SHA2563aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd
SHA512caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa
-
Filesize
5KB
MD597a2f5943a7f2f921ccc981b5985bd35
SHA1580908f19d393dc855c4fc113a35a4ee12551a9c
SHA256fa8b9c4f087c2733a98f77b8ce101e74b88477148acc486e2ebfd8d63699f8c9
SHA51285ecb2659bc1a4103064ca6c38eb889990ae6a1f3c4477bf113808fe2f21db7981f7483ea8072a3ab64ffae0f9abf6f72e85f2663b2874eacbfd8542977536c4
-
Filesize
6KB
MD50bb9d480acd9aa535647088014c221bf
SHA137166177a52a820b969e0c1b864476363a73b836
SHA25601a9493db155b7222955771a52061a2a49a08f05515ee814537b920532caa3b9
SHA51243ac1738ef8d22c139457ab539d91161d242404aeb0caddf3072ffa0067d23e7d4d8440681f3c6e8149cda78938e846a793fe2a6563c22a62f279cc5fa3b0421
-
Filesize
6KB
MD5b018dc1fac744cf14a540861a18295ea
SHA11cb5ea39df2270834ba63b8640518b8a22b161a5
SHA2567e1af398e09e6cb6622020c1310b7a50a0fc729b53c095b8bf29d7ae0bdfd433
SHA5122a228ae4bb71ce790601bf4811d1424f887be3f334bc58cdf2a96555bbeb1d1a899a1fe319e1b1f7f4b7411cac5f93eae6eef0141d1478b9941ffa16c8e1bf67
-
Filesize
6KB
MD559b73e227409f3582cc5f43563c97d59
SHA1d8aac5c5b3b93a00f854d929f521c1b6e4109725
SHA2561b055de8a5902c96433e4bbb846ae024d9eeeeceb0afbbef2f6eb3a9651fcbf9
SHA5121d6ae16ef224a50dfa09e5241b069bd2605444903c21a57a95906d79d33b66e593c9af3806155ef77ee73416ba0335ff840d5c6a829ea51ed3c993aca6ac809e
-
Filesize
371B
MD5a784bf2f3090f46655b80f1aced7262f
SHA129bb0f5cd3dfa98e229abd0377025b724da121c3
SHA2562aa92ca0c1e72100232102c353f4fb81e8c875d33d37a8ff9aa29960fd9c79a0
SHA512cc195dbac6e77801bc4f65f10232ce69b34d7357b9200a2cd95f16b162b912ca33395f899ec76c4785a9d2abf420bfbd543811d8ab92c1b74478716177008046
-
Filesize
371B
MD5966651ba194c15c66e46baa7dfbd4fb3
SHA1a1dd9cb9a82fd678a3673b65a93cebae892f7bbc
SHA2569d19fafecf4fff3b50eee22e964f2296311cb06bf57d119260472e8b6389c4c0
SHA512152cb457602e1910d38d9e2afe591ae363f2fba7fa024e61fae66cbc68e0fd63e0359b44d7306f687ca147e081b149aa9ec9bbca2cf412e67eee35e2f12986cf
-
Filesize
371B
MD52b2b07551c5c03b6273802b3380f9257
SHA1075f9c8deb1ca4b46e34878512034cac42389dec
SHA25697c76eee9f7feb7f006b60562c9f0df1b07a4da3af571ec6651cac39ce518e2a
SHA512d11a225e5ff65d6b5580ae3f9d4c362893872dc0f6ed04f3966c9cad2379fd1fc67799a2826f0860af3f26e750cff685940b0e75e6a047996e109e354a48568d
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5d57285ff8c5d86dea822735129f8243d
SHA1f8edd2e82cd58768dcbd1b34f8e1a6c2ae5d32f2
SHA256bd83026584509930ce8f6df4ce339311ab42fd046ce5b05d6906f825e94a68ae
SHA51297eaf53f0c74468fb158ee02eb3c71e4ab8e9caad20371d8cbcc62fdb2674e23e64a60a5e63487a64eadd60855259d687187107749bd3bfbb396a5c9d820fc7c
-
Filesize
660KB
MD55bec8d7c881f1ce48a094715ca77aab8
SHA1d6152df4e0443293caef5efc9a89f046a0fb583d
SHA256fd0ae8e49b453646c28a7b2b6ef4b77f17586d7192ca3c8d647a0bf8abf810c7
SHA512255996257ad2e03d6f04e9f41df673ef7b314ac98de415c626e0d34a0da7d686e6e29ee0ba43f9d61f34a89512abd2746628256cb162e49fb7f20f596ed6b593
-
Filesize
8KB
-
Filesize
872KB
-
Filesize
10.8MB
-
Filesize
10.8MB