Analysis
-
max time kernel
248s -
max time network
252s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16-07-2024 17:32
Behavioral task
behavioral1
Sample
VrInputViewer.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
VrInputViewer.exe
Resource
win10v2004-20240709-en
General
-
Target
VrInputViewer.exe
-
Size
165.0MB
-
MD5
9b8338ae21d62d51dce0bfb802dba073
-
SHA1
d1517fa4de702b674831e283d2d8ff6878e6701c
-
SHA256
ffaa6fadc298557e09c500a3ea9453bb22aa68827daa76453e6fe368cde2ee57
-
SHA512
724bb9f1e5fbf7d2ab7be7020f65b01994a279a1592e414545a96e08e1bdb44b92f9fe601f30e24a8a56648eebd48d0400b1a1a723677cb7fe1efa09ba43f120
-
SSDEEP
1572864:RdFEbPWOp7BHRu6eI6aZtdo1RN1zpALkr0flY8xT/yGG3L3dtP7rmnMjesry47tZ:Ddofu8CX
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
Processes:
msedge.exemsedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-701583114-2636601053-947405450-1000\{A6BD7C8F-6F50-489E-9D90-3EABB3EAF1A6} msedge.exe Key created \REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000_Classes\Local Settings msedge.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exepid process 2880 msedge.exe 2880 msedge.exe 1156 msedge.exe 1156 msedge.exe 3284 identity_helper.exe 3284 identity_helper.exe 460 msedge.exe 460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 2460 msedge.exe 1096 msedge.exe 1096 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs
Processes:
msedge.exepid process 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
Processes:
VrInputViewer.exedescription pid process Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe Token: SeShutdownPrivilege 648 VrInputViewer.exe Token: SeCreatePagefilePrivilege 648 VrInputViewer.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
msedge.exepid process 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe 1156 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 1156 wrote to memory of 1108 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 1108 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 4444 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2880 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2880 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe PID 1156 wrote to memory of 2900 1156 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\VrInputViewer.exe"C:\Users\Admin\AppData\Local\Temp\VrInputViewer.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff03ce46f8,0x7fff03ce4708,0x7fff03ce47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3672 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5768 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6308 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6280 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6388 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5264 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2256,15439923790771111528,3232167006384041642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe"C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe"C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\@jakzo/vr-input-viewer-desktop" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1684 --field-trial-handle=1688,i,464808884580061350,7063627189064707065,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:22⤵
-
C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe"C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\@jakzo/vr-input-viewer-desktop" --mojo-platform-channel-handle=2120 --field-trial-handle=1688,i,464808884580061350,7063627189064707065,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:82⤵
-
C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe"C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\VrInputViewer.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\@jakzo/vr-input-viewer-desktop" --app-path="C:\Users\Admin\Downloads\VrInputViewer-win32-x64-0.1.0\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2284 --field-trial-handle=1688,i,464808884580061350,7063627189064707065,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand /prefetch:12⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d406f3135e11b0a0829109c1090a41dc
SHA1810f00e803c17274f9af074fc6c47849ad6e873e
SHA25691f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4
SHA5122b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD57f37f119665df6beaa925337bbff0e84
SHA1c2601d11f8aa77e12ab3508479cbf20c27cbd865
SHA2561073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027
SHA5128e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD57b29ee5e00cb4460edce0494be0902da
SHA1650731fd16ff1fe9a0afb2216794c5e334989ffd
SHA25642084bc2ba569f9f59f257eec2133cddb63813200fd2226fe7ba94a641aa22d6
SHA512a7644d382a93ac2563e83c398d2ec9bd0c910b18f27d1a1a033f0a2d2756d3126ce36b604471fd854bc9b64152cbddfbc8291dce853d4ec0814c3f92c4d4d24a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD584c2960aefd8214d3cfb8159f610842f
SHA129e9ab033c7cc0e5c0bba4f81abcf19d16089370
SHA2565e264147a9b87456a2bb924587535ac1d7011fd0f78dc79e6d5404bd69d4a450
SHA512703a661364fd2b15d5a7e0e6723286ff091b60e31ed35e1b663c8b6dc6be3f0c984f0062b1e4bb89d23fde663b3d660d7cf2f0df3e456968b9f58b7260f2c45e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5336ffc2c740b2b824fb9632b6720a079
SHA1f97fd48003275ad86e121723042e4eb4fa9b5a21
SHA25657476dbf030de37c530bae492db237f01b75f190ba96cf0b10e0e28dd4a259ca
SHA512f74ada3d6d527fc257ed85e58c9b9960bce84989581a41d6f689e640058143b3327b24d170bcba237c3af9acce40d10a56c1ad5ee233e14ec1f677b7cbe612ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
566B
MD5f29886b5f01bb70fa8d8e7ff016dc4f9
SHA1b6b2c3c69ae0693e0dc1f315742594a6d9947a45
SHA256d4c238723c79f95010d87370510fdc5f7807ad15422a2dd323635e7784cd4613
SHA512c1713bdea205fa2f2658c51d2569f421e7f87e620df255a179c68154cb8169d98c7099f28ab2194888cdd209077f2219be5d4877b90457b03fa778605e4c7bfd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD53fde94216815e79ae3fbd344594fbef9
SHA1256b3b9324ffc87485d7124236b332952c5a7855
SHA2566c8d5f7c10da1b7587f147f0af8294a3c49b4ba8056fc1806696543948b81044
SHA512cbad9d8b54836969454774f3624068330f477265b7508558bb421fff72c6accda3d0fd11539a2310ebdbf42f6d15102e067a5310c643cab9151bdb6868584b85
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD544af7de7abb6500cf259bba2808ba64a
SHA1e988140beac4518e41e3dc5d2fa025233c3f56e0
SHA2561f98a22b303c32de0d9b719d59bae132d7374a14101b7326890394f2e6021736
SHA512f8afd796254e9c99bdb66cb54d19d50547ada47e64d79d502171ae50a0db43cecaafa2339cd15f2bc2700edbb1e991bc4cd8f11c5c5c2ed1df173808e5b4b484
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5bb320dbaa80981da8e6a93717e7c3701
SHA177fd8f5eb07369998c5423ee75a0472d5df27e8c
SHA2567f5ca17261ad9678aa486d82331dfa7546a84a073ee4ddd442d08922a50d3d12
SHA51252f9c66756735695cc461120f269cfd9aa3bfba4168cc04bcd87d90d9d900cfeb66f52d8d56db34deaa64ba99ef4c9f35de828721904ed133daa34f078a0e38f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD59ec786618284bbac46afbf567e681c0b
SHA1627dd94397308398b05f48dfc872d2d7ad046839
SHA2565f3cbf6759d8d0162104b25ccef1785ae3060d8a653b3a762d09399473a6b09d
SHA51261c32f3ab4e2195dadb73f91cf4eea0d2b104c4743215d98ff41d6da99744d45b5d0458bd91a7b96c11ec6e3b1de1b33b5b9b3bd08e82c8d431c07ad844fa334
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5ab5e4b7de65f9b9f4e5cf038869b286c
SHA1066dbbb6ea2ff165f2a718e8166ab381abb94d18
SHA256e74310680f4cc4b62204227c6e2ccf5922cbb183e18caceb54df7ee8129da151
SHA5120adf0f10fc85c328895e19b760f342e52b5710cf4dabf7b34041894076b04261162f265e85de547678b195a33353309e5be6e291f0b21eeb781fc0312927aea4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5add3a6c224f2aba4ef6a5a34d7c2edd8
SHA1014a8daec60368f6ac981d5c7ee9786e288e9b19
SHA25634a51c3a9004d1cdd6a88a1043c7ee9a492d562f70fb8e165408155c882e1156
SHA5123a93cf8228245113327a7b413a48ca7b89c788cf58344a91c3273cd2b2cb722646e9d7af74b6e92a95ad97a66f3b3659a156fbfcee8e943816340170a6bb9f2d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
874B
MD558e62e300e794c5bff0da44e033a7d5a
SHA1a53c7c65c30d3f9fd2020241cbcfbcff690ce461
SHA2560caea726f9f0eda053d86fd566402fc4a6e6c59bfd055de3f298c109b43c89b9
SHA51206137671a7848b3a1db9378b9681adb21fc364c1bdd890dfc93aabddc14fa72f3a6806e3e304d7d9af7181e33b31a0ef8fe0dd73ecf6a6790d6eee2d9504be73
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5024dc2323934464fdbede7c33e149405
SHA15dfb5ca2784e41f72007c0b23be89016f4f6b548
SHA256e810e3e911d5401c5b9223fe021208531b3f4587cafd8a0136c9e6d8b17d449a
SHA5129a5912b6ceb4ff110131a0b4dc97591f9ad6b9fa1c6558dc0c314396ae13ecc5af1ea6447354d1d8c59f652006c2b4f9fcf9d6eaa5e0cbc336e4bf5cb0f47bb3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5900e1.TMPFilesize
706B
MD50c375402e5665e01572c2864db9d3bab
SHA100691a5e148a060c1b5383e73ba1a3c7c870bb77
SHA25652e37f249ae2355ed1a352753657773a23f2670f5925c422b4ad1bda11936f2f
SHA5127e6e1a202a8e1bbfc090d3dd7d2eb75fea254fcbac98496479304c207521de97e454508a7428867b4b2cec732496685af28ec2ef240ea776dfa02764c4a20b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD51cf4635b2e0d7b47b4ff8ca436818299
SHA190e7edac56d047cbaab21f1bf1516d8d263cb8cf
SHA2566df274261869db908be8a1b7720829e556463b9b0cc5e4c8016c0b3784997991
SHA51285195a208a8a2f121b8ba9e71ea78a965eefc302366084d21b7f12947110da95d2a34484163e88abb3ff1f81528577aae4a142d1b201ae50876eb0e2e3d9c531
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5e41cf1fd4f0f61feed6c0cd3b49cab2d
SHA1e9ff43961bfa064c393c9aab4b80f2ddb145fe8b
SHA25654684e53d3991d5285998ab544129efbb81010c048097a8089327c3eef36cbbd
SHA5123417b569ea269c3ed6d6c364d74f55c1474624f31e063f15c45745efa4fd1a31a60a641113572be66e4a7343d0f1c92f0a960208f8419e6eaf693aebcbddd566
-
C:\Users\Admin\AppData\Roaming\@jakzo\vr-input-viewer-desktop\Service Worker\Database\MANIFEST-000001Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dicFilesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
\??\pipe\LOCAL\crashpad_1156_CPQJGPMFPZRTGVHIMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/4864-639-0x00007FFF209F0000-0x00007FFF209F1000-memory.dmpFilesize
4KB
-
memory/4864-638-0x00007FFF200D0000-0x00007FFF200D1000-memory.dmpFilesize
4KB