Analysis
-
max time kernel
545s -
max time network
561s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 01:07
Static task
static1
Behavioral task
behavioral1
Sample
dyv.png
Resource
win7-20240903-en
General
-
Target
dyv.png
-
Size
1.8MB
-
MD5
11b7bbb67f673539b5a2c0f2962e3a80
-
SHA1
7049f78608ddf8fcfedbf24724bcaf92794866f3
-
SHA256
ec21bc5f665662e4492b99aaae389f5a132619ef73631118b6e2d3a3a231e275
-
SHA512
c21d38a50fd8e4bec8027c6bd103d81b354afd2c1e1fdc581d016a40eaf9ffa879d50a39361dd36a8bf0197685161173b154c7902e8e861bb835bbbd79ba0b87
-
SSDEEP
49152:oJkPBnd7Ez7fqZxqjbfb66iezYy/0eSOYseXW58n5:oJEEz7QxqjbOnezYy/ZVYXW58n5
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
A potential corporate email address has been identified in the URL: [email protected]
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2480 msedge.exe 2480 msedge.exe 1720 msedge.exe 1720 msedge.exe 4632 identity_helper.exe 4632 identity_helper.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe 2060 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe 1720 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1720 wrote to memory of 4716 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4716 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 4560 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 2480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 2480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe PID 1720 wrote to memory of 3480 1720 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\dyv.png1⤵PID:1868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1720 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa286546f8,0x7ffa28654708,0x7ffa286547182⤵PID:4716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:22⤵PID:4560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:12⤵PID:4832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:12⤵PID:2936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵PID:3052
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2464 /prefetch:12⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:4320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:12⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:12⤵PID:3268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:1896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4388 /prefetch:12⤵PID:3724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:4636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2824 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵PID:4556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,13497839874385745962,10849445039725163874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:12⤵PID:1696
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5116
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4840
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56960857d16aadfa79d36df8ebbf0e423
SHA1e1db43bd478274366621a8c6497e270d46c6ed4f
SHA256f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32
SHA5126deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe
-
Filesize
152B
MD5f426165d1e5f7df1b7a3758c306cd4ae
SHA159ef728fbbb5c4197600f61daec48556fec651c1
SHA256b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841
SHA5128d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33c5503d-5588-40e1-b4b1-5e831c70badc.tmp
Filesize6KB
MD51c34691d92421e889fe94c31048d3ab4
SHA1320f22065523b8392ed251299dbfcf1bb20a02de
SHA2569a11ed235715b1ebc6f457ec7046735d008bd26ece0e4a673d077771cff0f006
SHA5129ce9db8bee2fa566715f4fee7dc77d2c9d2e877c891fe20013597661da2eeb49c1bff91136a4b874a94ffb7ccbef16a323e63305a9cb3e3c2948211de7f385a7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5579f1aea191e39a2b65ef4dff8ad3274
SHA1f48598e36ae163b5c7e5649019988fd22e34555e
SHA256b19f8bf7115f9f14d3c194111e86c409140e9706a4a58c6839ec7df5e9744aed
SHA51248630f4cc8402d0de6c715fc25512a970e22c6bccbab658fcad97faa8b2bccf4c3503789bd70db5a430d749a3b84a8cfcd3bca80fdf9c69b187e900645afb974
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5a5ffcd8bfffe5df2903a457ac77fb780
SHA103c3189501510aa6deb99b0eeeebfbf23fd53d84
SHA2562f9dc6523b3a2978353afe5e2311e2838d95629e32aa1d34d637be9225961077
SHA5126145cf21b57dd4d4564d489951d6203868443d49a6cd1865810fdb434c04812ade7b7949908947bf3b123205f6b325335548ac1f9473ca7c11abf88e6185347f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD52aa763ef3ad2351683ca045c6ba40e30
SHA18d9d8e967919bd8f42f168fb67529bc02c8c216c
SHA25634d0fa42e4a6c64618ae0143909d418d409111367794e60e75240f9aad56ef3c
SHA512ba44aaa1d9c551d3f2f804606ec22b93b63cb45e0edbf0ab4a1339304a8f6f31309a10aa76badbb7dde6a1f8f9acfb37041db099f1fdb3e94bf4e5b96ce1320b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD51f467367def816172aa7b0019f196407
SHA16cedeece9f14f5f8bb4d17b8dc1146d73f0a5501
SHA256f405d5d904cbc37b2cd25d1ce05f29e6f3705dd76d151ed8262faa0d5c42827e
SHA51271c7c88137c8b1c07fabbfce62935564c75dbb904298e53925d7dfa42f185fc9cde46684f9bb27fb07c7489607be8dc3296ca8b88778ce5b460d90096d966166
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD560b3e50c4e423cdbba6d92c135ba1f41
SHA130acfeeba911dec9381a4b323ca329f78b9e3d86
SHA25670b118fce1378e619f1733041a2a1776c4548b139528bd38734f2c1562c15d74
SHA512b4e7f3488c7d320a6bfe4a3a6df4069e106bef883bea51f706b0137995700bbb04d56491080674721317353a1ede25249c9f8fd6e0e8c11367f5f6d2cc11dc1b
-
Filesize
1KB
MD5c32cdacc020d636ca80a08de31f079e3
SHA147e98226d69213dd2787b2a203e576fe75b718ee
SHA25656242e90cfa879662b8c8e57eb19bb024478dcb29b66ba1cfa3808f922572a62
SHA512b9c868b3ad05c851dc137c112dd489a503b92bc33a127ceddcdd36f51a0af74d2c8f290ae23f448f8cc93dbcb9696d4167d4b8966e38c84b39c72df26b5f0aae
-
Filesize
1KB
MD50a5876716a29f3761119a169041bf84e
SHA105cf86de2645e469c3498e4145a676fb07f00e37
SHA2569cfc1c9f23cbc66ea77a83c41161a26089f12f0711b623c8ba1f336c9ba9537a
SHA512fb231e4c77cae1f609289434b3d88c0a3b1f3ce93ba45cab0a3007045d246ad53fe0eb3b8a5beba08ae624a06caebd38cb20f812e238a2747722f312da28f7e3
-
Filesize
7KB
MD5ce83bdbbc53c2d35b2e8224b046a4f0b
SHA10c5e20ee77a0b1d0e7a6f93d7d5eaf0a0893cfba
SHA25604afd8415cf68de4ad44ab2c11b8d63a47faac75c0fa04004e332543f501f199
SHA5123ff3651d4bd2e5b0e4f1d29e70708103862a39f21cb8204e553ac54c23c66165f58ec63522c80ccfe9409943cd294dfc71d64f7e42afafd952536f11d9b2193f
-
Filesize
6KB
MD596ea33acfd707739afceaa7c3ae416c6
SHA1656ee5bc611b610bb3789a3b275de35753b359be
SHA2568ee6338c08acb1ae166f5edb528c69d55a2902bcf2049eaddadbad1cb0cc7888
SHA5127d8125951ef80430f6a3bfc858c2433d403f52595acbcc37445f865de5f7f9b713b6d49b04f9f06dd23fc68bb8cb999887e48509293f399bb5d42cceffd7644b
-
Filesize
5KB
MD5b0a63c098861766d814dc5549594ac7c
SHA121d5654d2a9b59f05f8cc537826e65f2662967db
SHA2564c5d2806cc11a5cb20a7cb38f4c0c65e8b5ea3a3500cf0b65e1673460bfed83a
SHA5125ef625c3b2e1a7dde347722b17f6aa7ea32620bc926aa531f76c4b24962f84b6c194b66ee96ae62338e1c0c69a51357500a9e9b3b70e250ba0e0f69cd4cb1871
-
Filesize
1KB
MD5e2ae783c62a0ab1ce222ee614e0b0ece
SHA19a5aa0e32c6f29fb599c0a5e6d42d0c86afc73be
SHA256844cd9705bf09e5c077bdd1d7ff43cac8a8516276ba6d9652cdaadb9ed2c2e58
SHA5124725a659fda2818935fcdf364a204ba936f95ab9a3a77638f1d64fe5a2f988c8881375333b51a9dffec82d2ed8910783ce6a40e350721a3631c5cf92872cc72e
-
Filesize
1KB
MD5c1eafcaa15e402bc5e4f290dc54fa7a8
SHA1b1fa968a88306fb288c15290ba72a5f4fd4998a5
SHA2565551b312e37c18e9f1bfc49f613f5eade21291da711c2daecd027b9dac4c803e
SHA512066389b7a1cd02cbd129752a0f766a3573b88ad9061077321d0c1fac4f2b1a69254faf20c6cf9a748bfdd6fb285d9896b8a0c9c9293210f14244589ddaa5fa20
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD595563e3bf8599edbd86ec48612d03908
SHA16a409800a0bd1fce73a91d75dc852dcd12d97ed5
SHA2569b0db91c798f290bd096d8d75332e3a31e66733f80a47661e589f7816eafa263
SHA512439f3c61c78ea3a4ea4a9bb8ebe5138fbe48f21e3c1f77812748d37ad192eb4b1a1e611c9eda3e7b45ecfb08bcfcd362b539574afb542938cb7ca9f3954ab7ae
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e