Analysis
-
max time kernel
349s -
max time network
319s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-01-2025 09:34
Static task
static1
URLScan task
urlscan1
Malware Config
Extracted
lumma
https://cloudewahsj.shop/api
https://rabidcowse.shop/api
https://noisycuttej.shop/api
https://tirepublicerj.shop/api
https://framekgirus.shop/api
https://wholersorie.shop/api
https://abruptyopsn.shop/api
https://nearycrepso.shop/api
Signatures
-
Lumma family
-
Loads dropped DLL 3 IoCs
pid Process 5624 Monotone.exe 6080 Monotone.exe 1744 Monotone.exe -
Suspicious use of SetThreadContext 3 IoCs
description pid Process procid_target PID 5624 set thread context of 5816 5624 Monotone.exe 131 PID 6080 set thread context of 3348 6080 Monotone.exe 135 PID 1744 set thread context of 860 1744 Monotone.exe 139 -
System Location Discovery: System Language Discovery 1 TTPs 6 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monotone.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_regiis.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monotone.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_regiis.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Monotone.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language aspnet_regiis.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1540 msedge.exe 1540 msedge.exe 4840 msedge.exe 4840 msedge.exe 4640 identity_helper.exe 4640 identity_helper.exe 4960 msedge.exe 4960 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe 2388 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of FindShellTrayWindow 33 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe 4840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4840 wrote to memory of 1296 4840 msedge.exe 83 PID 4840 wrote to memory of 1296 4840 msedge.exe 83 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 4188 4840 msedge.exe 84 PID 4840 wrote to memory of 1540 4840 msedge.exe 85 PID 4840 wrote to memory of 1540 4840 msedge.exe 85 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86 PID 4840 wrote to memory of 2800 4840 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/al1mamhds/Monotone-HWID-Spoofer1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffec77846f8,0x7ffec7784708,0x7ffec77847182⤵PID:1296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:82⤵PID:2800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵PID:228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:3956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3412 /prefetch:82⤵PID:224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:12⤵PID:2964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5644 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6328 /prefetch:12⤵PID:3832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,13428881546282048523,3490086517679678461,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2388
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3096
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4584
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3076
-
C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5624 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"2⤵
- System Location Discovery: System Language Discovery
PID:5816
-
-
C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6080 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"2⤵
- System Location Discovery: System Language Discovery
PID:3348
-
-
C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"C:\Users\Admin\Downloads\Monotone-HWID-Spoofer-main\Monotone-HWID-Spoofer-main\Monotone.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1744 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"2⤵
- System Location Discovery: System Language Discovery
PID:860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultdcad1d30h6597h4a03h8b06h0c03cae6bbdd1⤵PID:3636
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffec77846f8,0x7ffec7784708,0x7ffec77847182⤵PID:220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,5631033703888451325,9102986199730360959,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,5631033703888451325,9102986199730360959,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:32⤵PID:2776
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
42B
MD584cfdb4b995b1dbf543b26b86c863adc
SHA1d2f47764908bf30036cf8248b9ff5541e2711fa2
SHA256d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b
SHA512485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce
-
Filesize
152B
MD5e55832d7cd7e868a2c087c4c73678018
SHA1ed7a2f6d6437e907218ffba9128802eaf414a0eb
SHA256a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574
SHA512897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f
-
Filesize
152B
MD5c2d9eeb3fdd75834f0ac3f9767de8d6f
SHA14d16a7e82190f8490a00008bd53d85fb92e379b0
SHA2561e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66
SHA512d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5fbb85ad47e6a9542427e10605cc03d50
SHA1eb3f012d0d51314df26bae2aaecb9852c48582a7
SHA2567338ca11ae23594e560a2c1a499eea4c2deb77cb7f11c664b3d7b4cc4aaea2c7
SHA512b9ecf20036ac698d371a892b3715d7882ab49c4f53b58197bbdc01636fb644295c93a05d58cba2515c7d14dd1ca1ed370fb515c4ad0fbd8758aa2443142d612d
-
Filesize
672B
MD511495c7e82f1eae263412572560ddfa3
SHA1335fce52bc97bd449d892adff810a815c499e3f6
SHA256c528d4c3ff971608ac296729c21a4fd6953852a79c10040a92bc58fed86ff277
SHA5124a3a561da517a1d7288b99af05e3e82e7ebc2e27b4d74645e4827806f9332bb47ec97fd5bb3fb54f7a4fb1b2469a94c625811f1b71b49435a75f279527e2ae09
-
Filesize
6KB
MD50642ad1d3f4c3024be1931a5bcf3b333
SHA1ab341c213b415675ed7d83fcbaa4f5848271e42b
SHA25646c66bf99880b7defe89d524b6018bd1f397d6bc675a549b605964eca6abe164
SHA51259f4103bac16d1d2b8bc5fd300e21ee42dc9caf870051f2049cc011752250fda67f21b51b1361ab3b23e08dd629aaaad9a0a839121296b6a10637eda6aa5bae7
-
Filesize
6KB
MD578baa223f256a92a1facc54453c9d7ab
SHA1dde31baaf7168f7f7e0243db25bfccb91a8888b7
SHA25616847d3b1658bd17bde2f7a75573a04c71bfda836047e4cd13d5658b4a6859ad
SHA51293703a203d407a05a2eb7d6247c6bc96112dbb85e03dfe4697673f742893cb460b32d638db587371d9b45020ed87c977519eb31fba9924288e88365afe87977f
-
Filesize
5KB
MD5165909b4394bc5393907e00914d7b580
SHA1327021f61aeae0e571e7385a9182ecd1b929c1c7
SHA2569f77dbff63943fd56f8200d76c5ff8c7e7a3bd326ee1081ed8fe6ce9b69b149e
SHA51226703d30d69b5206952a6ff6d803a7b1185ffb88740aa6d99d212e2d81239b4cba44b208a64db03a80f9d9446e059e20aad8a6a5534fba6b1dd8b1e484b4690d
-
Filesize
6KB
MD562e7129f0160ec165eba085fe587f621
SHA1097318ffd7de3dc88e088fbada438a1089c38d41
SHA256e3db2ba35396bac23350cee4c6a0c9bb4a665dbe837e62651ba5cec3b5ad7d16
SHA512445d81d6a57cf02c0efb2d57b8e0db7133340b0431bb2a43955d704edcca7581c3645270ae7f53bfed9744e7a041c1166aa7f0ab9eed91a629bbc199866e1591
-
Filesize
1KB
MD5a4647accd5eb8b43f2833140bb2c83f2
SHA124acf1705a91ac31df4919a6e377d2e2086568d8
SHA256ce98e2414368c4399136acc725eb4767b81a10029bf1286d125a44747af5cef4
SHA51292d52ade5a065d0e5bbbab4af8abd5ced342482a229d245e114135bf82177f1667351f75ef677e6c93cddc821bd2ea3269739706d5a3dae88bf8caf2bc535975
-
Filesize
1KB
MD5c5eaa40e710e1ba2d5e9a10ce3cfba10
SHA1525124fb2dcdc4db7f8e0c49493660a309122cd7
SHA256730b91989b55609cf2ebd1fc0a74a5fd2dde10f319d48da18ee87496b730d51a
SHA51220337ba795c87366b257f3722e6c1cd108407ba704fb141251e7ddd126a1ce1a8d7d8b9dd29397c9202c6e0506605df6bd622b8af82fae683b46bbb7a682cebf
-
Filesize
1KB
MD56168b467446a96ca36fd3056efb6b7a9
SHA193305467024561959e8dd168e6f2a96957333268
SHA256421aa03697bb7b93cf7060d9d4c13b7eff32185ff8692a2cf6d623bd4ed9d66f
SHA512ee78092d13bf4a85e923ee8dcacd16fd07a322ece442f7534b842be06dc2bc79c4dd526f2b8bc1e63bb93995168c9f701b6c8b9db025766c31dc354b111dc396
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5d8945fecc7da10a1c53e59cee3966fde
SHA12dde2b301303171719f46e9a355620c6df79721a
SHA256723e50c083374377dee4baf9c8541526290b504a6606e1fe1d51fe3d8a13863e
SHA512d498afe8305857ce561e9e67d97127e5a9de55ca4b8e887eb3518a7ac9c6929a0d78ae44e76c13488a7cd479859ec3814e2525366661b7293a77d6e6f54a5ebc
-
Filesize
11KB
MD54b73b2ba3fe80b71d269418dec1cf296
SHA1a67dd73198e7a9fbe3e727231a0d90c07f0054e9
SHA256e45abdeacaa7aed88bd725cbe7bef36ad70fc52f2a2a1d414d25d45168a62e28
SHA512de46906291586b698aa1c8a662f92f6736b736c9937e9a2095e19f9df4d4b3468e90fb2cb4ddfc63e3ae5cb279f77fb5aa9f4c75ff8d8d5198ef620eebad5d92
-
Filesize
10KB
MD5be913f1a18a3bbcab65850d2bea77e9c
SHA152df9071b48dbab0ff800217f260d850b445e9ca
SHA256577f7f0792edab6ec75f54ff503fc536d9607cc8ffec528c410cb478b7db2798
SHA512f6fff68b66504b96fc1e82b6f7e4370cf9b15dac4d2cf27bccd59d784551de8a9fa1095bbb3e76063edbf9b69876f07c64e06907d08a449d7f92c3556c8034cc
-
Filesize
428KB
MD536c0b5018242a87d99e2b5000dfc29ad
SHA1d46f1ba661e3d18c8b1e7895920368e9bddbc7ae
SHA25694cc3d303105493943c6cce20473c82eff3942515bfd73df976e802d97be78b4
SHA5128f10af3f519e2c52539fb79ec16cd82470f25c0863b622030ed4bd59f437c9109caf46d151c18889c4939a44672339d75029c8f757cf7118e759b90355317f0a
-
Filesize
779KB
MD5e242ef816448afebd79f29b658a38ab1
SHA15275f86c280addea2937aaaad60f2cf06d8c1fc7
SHA256d1e88cfb321c25973d7864a4f5a8c76bd94df1b16d7760179d6e9e6d0167109b
SHA512f3a41e0b8f084de241d3c3810e545dc49476bb0c6f8634d1274d7fed4e5d5c47c5fb95fa900b1a1eff666c30ffdd648a13d5c339c4f5533f8f9eb28649543772