Overview
overview
10Static
static
10windows.zip
windows11-21h2-x64
8windows/cf...ch.vbs
windows11-21h2-x64
3windows/idc/ida.js
windows11-21h2-x64
3windows/li...le.dll
windows11-21h2-x64
8windows/libclang.dll
windows11-21h2-x64
8windows/libdwarf.dll
windows11-21h2-x64
8windows/li...le.dll
windows11-21h2-x64
8windows/libz3.dll
windows11-21h2-x64
8windows/lo...if.dll
windows11-21h2-x64
3windows/lo...ga.dll
windows11-21h2-x64
3windows/lo...of.dll
windows11-21h2-x64
3windows/lo...ut.dll
windows11-21h2-x64
8windows/lo...tar.py
windows11-21h2-x64
3windows/lo...ip.dll
windows11-21h2-x64
8windows/lo...ldr.py
windows11-21h2-x64
8windows/lo...age.py
windows11-21h2-x64
8windows/lo...rc.dll
windows11-21h2-x64
8windows/lo...ff.dll
windows11-21h2-x64
8windows/lo...x_m.py
windows11-21h2-x64
3windows/lo...ex.dll
windows11-21h2-x64
8windows/lo...os.dll
windows11-21h2-x64
3windows/lo...lod.py
windows11-21h2-x64
3windows/lo...mp.dll
windows11-21h2-x64
8windows/lo...lf.dll
windows11-21h2-x64
8windows/lo...oc.dll
windows11-21h2-x64
windows/lo...esp.py
windows11-21h2-x64
3windows/lo...ad.dll
windows11-21h2-x64
8windows/lo...os.dll
windows11-21h2-x64
8windows/lo...ex.dll
windows11-21h2-x64
8windows/lo...om.dll
windows11-21h2-x64
windows/lo...mf.dll
windows11-21h2-x64
3windows/lo...dr.dll
windows11-21h2-x64
8Analysis
-
max time kernel
876s -
max time network
867s -
platform
windows11-21h2_x64 -
resource
win11-20250207-en -
resource tags
arch:x64arch:x86image:win11-20250207-enlocale:en-usos:windows11-21h2-x64system -
submitted
09/02/2025, 15:25
Behavioral task
behavioral1
Sample
windows.zip
Resource
win11-20250207-en
Behavioral task
behavioral2
Sample
windows/cfg/gdb_arch.vbs
Resource
win11-20250207-en
Behavioral task
behavioral3
Sample
windows/idc/ida.js
Resource
win11-20250207-en
Behavioral task
behavioral4
Sample
windows/libSwiftDemangle.dll
Resource
win11-20250207-en
Behavioral task
behavioral5
Sample
windows/libclang.dll
Resource
win11-20250207-en
Behavioral task
behavioral6
Sample
windows/libdwarf.dll
Resource
win11-20250207-en
Behavioral task
behavioral7
Sample
windows/librustdemangle.dll
Resource
win11-20250207-en
Behavioral task
behavioral8
Sample
windows/libz3.dll
Resource
win11-20250207-en
Behavioral task
behavioral9
Sample
windows/loaders/aif.dll
Resource
win11-20250207-en
Behavioral task
behavioral10
Sample
windows/loaders/amiga.dll
Resource
win11-20250207-en
Behavioral task
behavioral11
Sample
windows/loaders/aof.dll
Resource
win11-20250207-en
Behavioral task
behavioral12
Sample
windows/loaders/aout.dll
Resource
win11-20250207-en
Behavioral task
behavioral13
Sample
windows/loaders/archldr_tar.py
Resource
win11-20250207-en
Behavioral task
behavioral14
Sample
windows/loaders/archldr_zip.dll
Resource
win11-20250207-en
Behavioral task
behavioral15
Sample
windows/loaders/bfltldr.py
Resource
win11-20250207-en
Behavioral task
behavioral16
Sample
windows/loaders/bios_image.py
Resource
win11-20250207-en
Behavioral task
behavioral17
Sample
windows/loaders/bochsrc.dll
Resource
win11-20250207-en
Behavioral task
behavioral18
Sample
windows/loaders/coff.dll
Resource
win11-20250207-en
Behavioral task
behavioral19
Sample
windows/loaders/cortex_m.py
Resource
win11-20250207-en
Behavioral task
behavioral20
Sample
windows/loaders/dex.dll
Resource
win11-20250207-en
Behavioral task
behavioral21
Sample
windows/loaders/dos.dll
Resource
win11-20250207-en
Behavioral task
behavioral22
Sample
windows/loaders/dsp_lod.py
Resource
win11-20250207-en
Behavioral task
behavioral23
Sample
windows/loaders/dump.dll
Resource
win11-20250207-en
Behavioral task
behavioral24
Sample
windows/loaders/elf.dll
Resource
win11-20250207-en
Behavioral task
behavioral25
Sample
windows/loaders/epoc.dll
Resource
win11-20250207-en
Behavioral task
behavioral26
Sample
windows/loaders/esp.py
Resource
win11-20250207-en
Behavioral task
behavioral27
Sample
windows/loaders/expload.dll
Resource
win11-20250207-en
Behavioral task
behavioral28
Sample
windows/loaders/geos.dll
Resource
win11-20250207-en
Behavioral task
behavioral29
Sample
windows/loaders/hex.dll
Resource
win11-20250207-en
Behavioral task
behavioral30
Sample
windows/loaders/hpsom.dll
Resource
win11-20250207-en
Behavioral task
behavioral31
Sample
windows/loaders/intelomf.dll
Resource
win11-20250207-en
Behavioral task
behavioral32
Sample
windows/loaders/javaldr.dll
Resource
win11-20250207-en
General
-
Target
windows/loaders/dos.dll
-
Size
39KB
-
MD5
2c64fadc5893f9f730ef36ee2552702d
-
SHA1
ed435f79cbca422fb016512a497e5cdad9b803b1
-
SHA256
e40cf852b5219562b6e7b1ca998d23edb6bbef0e838ab33a75b1bd5136b908df
-
SHA512
1cf545880fb0f0e31c044db2903d8e8a6f7224f518fca2f63bb5438f8455bd7ac1d483a03f37b9213c720daa228a61d82f7bbd21c8d7bf4f91fefa9a1946f323
-
SSDEEP
768:r1viY6Uh3ggYOnUmGQ/oBw9z5XEchlnKCQ4:BKYVFggemZtz5XE1CQ
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 5 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language wermgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MicrosoftEdgeUpdate.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 5644 MicrosoftEdgeUpdate.exe 5840 MicrosoftEdgeUpdate.exe 6072 MicrosoftEdgeUpdate.exe -
Checks processor information in registry 2 TTPs 7 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Platform Specific Field 1 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision wermgr.exe Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz wermgr.exe -
Enumerates system info in registry 2 TTPs 2 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS wermgr.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU wermgr.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 228 MicrosoftEdgeUpdate.exe 228 MicrosoftEdgeUpdate.exe 228 MicrosoftEdgeUpdate.exe 228 MicrosoftEdgeUpdate.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 228 MicrosoftEdgeUpdate.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\windows\loaders\dos.dll,#11⤵PID:5728
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM4QTg2NTktMUU4RS00RjNGLUE0MTAtNTRFMzlFOUUzMDE2fSIgdXNlcmlkPSJ7OTkzMjYzOTAtMTYxNy00N0Q3LTlFRjQtQjVCOEZCQjQ0QTE1fSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7NEQzNDEzNTMtRTRGNC00NTQxLTg3OEYtN0IwMkUzOTg5MEQyfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4yMjAwMC40OTMiIHNwPSIiIGFyY2g9Ing2NCIgcHJvZHVjdF90eXBlPSI0OCIgaXNfd2lwPSIwIiBpc19pbl9sb2NrZG93bl9tb2RlPSIwIi8-PG9lbSBwcm9kdWN0X21hbnVmYWN0dXJlcj0iIiBwcm9kdWN0X25hbWU9IiIvPjxleHAgZXRhZz0iJnF1b3Q7RSt4YkF6Nlk2c1UxMjg5YlM2cWw0VlJMYmtqZkJVR1RNSnNqckhyNDRpST0mcXVvdDsiLz48YXBwIGFwcGlkPSJ7OEE2OUQzNDUtRDU2NC00NjNjLUFGRjEtQTY5RDlFNTMwRjk2fSIgdmVyc2lvbj0iMTIzLjAuNjMxMi4xMjMiIG5leHR2ZXJzaW9uPSIiIGxhbmc9ImVuIiBicmFuZD0iR0dMUyIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRldGltZT0iMTczODk1NTAyNyIgb29iZV9pbnN0YWxsX3RpbWU9IjEzMzgzNDI3NjIxMTgwMDAwMCI-PGV2ZW50IGV2ZW50dHlwZT0iMzEiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjIxNzk4NjIiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1MTAyMjQ5MTEiLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5644
-
C:\Windows\SysWOW64\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "0" "4588" "1056" "1204" "1060" "0" "0" "0" "0" "0" "0" "0" "0"1⤵
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Enumerates system info in registry
PID:1536
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM4QTg2NTktMUU4RS00RjNGLUE0MTAtNTRFMzlFOUUzMDE2fSIgdXNlcmlkPSJ7OTkzMjYzOTAtMTYxNy00N0Q3LTlFRjQtQjVCOEZCQjQ0QTE1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9IntCRkIxQTdCNy01RTM2LTRDNzAtODE0RC1FNzhBQkM0MEFERTR9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSIxMzIuMC4yOTU3LjE0MCIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGluc3RhbGxhZ2U9IjEiIGluc3RhbGxkYXRldGltZT0iMTczODk1NDU0OSI-PGV2ZW50IGV2ZW50dHlwZT0iMzIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjQiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1MzE5NDM4OTYiLz48L2FwcD48L3JlcXVlc3Q-1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:5840
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QjM4QTg2NTktMUU4RS00RjNGLUE0MTAtNTRFMzlFOUUzMDE2fSIgdXNlcmlkPSJ7OTkzMjYzOTAtMTYxNy00N0Q3LTlFRjQtQjVCOEZCQjQ0QTE1fSIgaW5zdGFsbHNvdXJjZT0ic2NoZWR1bGVyIiByZXF1ZXN0aWQ9Ins2RUIzQTA0Ny0zMzlCLTRDQjgtOTQ0OC0wRUNCQkMyMjkxODJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IGxvZ2ljYWxfY3B1cz0iMiIgcGh5c21lbW9yeT0iNCIgZGlza190eXBlPSIyIiBzc2U9IjEiIHNzZTI9IjEiIHNzZTM9IjEiIHNzc2UzPSIxIiBzc2U0MT0iMSIgc3NlNDI9IjEiIGF2eD0iMSIvPjxvcyBwbGF0Zm9ybT0id2luIiB2ZXJzaW9uPSIxMC4wLjIyMDAwLjQ5MyIgc3A9IiIgYXJjaD0ieDY0IiBwcm9kdWN0X3R5cGU9IjQ4IiBpc193aXA9IjAiIGlzX2luX2xvY2tkb3duX21vZGU9IjAiLz48b2VtIHByb2R1Y3RfbWFudWZhY3R1cmVyPSIiIHByb2R1Y3RfbmFtZT0iIi8-PGV4cCBldGFnPSImcXVvdDtWUFFvUDFGK2ZxMTV3UnpoMWtQTDRQTXBXaDhPUk1CNWl6dnJPQy9jaGpRPSZxdW90OyIvPjxhcHAgYXBwaWQ9IntGM0M0RkUwMC1FRkQ1LTQwM0ItOTU2OS0zOThBMjBGMUJBNEF9IiB2ZXJzaW9uPSIxLjMuMTk1LjQzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMSIgY29ob3J0PSJycmZAMC40OCI-PHVwZGF0ZWNoZWNrLz48cGluZyByPSIyIiByZD0iNjYxMiIgcGluZ19mcmVzaG5lc3M9IntENTQ1NTQwOC0yQTMxLTQ4NjgtODE1My0zQjRDRDBDMzcxMDZ9Ii8-PC9hcHA-PGFwcCBhcHBpZD0iezU2RUIxOEY4LUIwMDgtNENCRC1CNkQyLThDOTdGRTdFOTA2Mn0iIHZlcnNpb249IjEzMi4wLjI5NTcuMTQwIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgZXhwZXJpbWVudHM9ImNvbnNlbnQ9ZmFsc2UiIGluc3RhbGxhZ2U9IjEiIGNvaG9ydD0icnJmQDAuNjEiIG9vYmVfaW5zdGFsbF90aW1lPSIxODQ0Njc0NDA3MzcwOTU1MTYwNiIgdXBkYXRlX2NvdW50PSIxIiBsYXN0X2xhdW5jaF9jb3VudD0iMSIgbGFzdF9sYXVuY2hfdGltZT0iMTMzODM0MzA1NTYwMjc1MDIwIj48dXBkYXRlY2hlY2svPjxwaW5nIGFjdGl2ZT0iMSIgYT0iMiIgcj0iMiIgYWQ9IjY2MTIiIHJkPSI2NjEyIiBwaW5nX2ZyZXNobmVzcz0iezZDQzI2QUE4LUU3OUQtNDAyQS1BOERELTM4OUVBRDM5NEIxNX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IklOQlgiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIxIiBjb2hvcnQ9InJyZkAwLjI4IiB1cGRhdGVfY291bnQ9IjEiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMiIgcmQ9IjY2MTIiIHBpbmdfZnJlc2huZXNzPSJ7NDYxMTFDMUMtMDc4Mi00NkI2LUJEQkItQkU2OUVCRTk0MjI4fSIvPjwvYXBwPjwvcmVxdWVzdD41⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:6072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=3816,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=3856 /prefetch:141⤵PID:5368
-
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource scheduler1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4068,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=3968 /prefetch:141⤵PID:2800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4500,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:141⤵PID:4936
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5268,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:141⤵PID:5440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=5472,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:141⤵PID:4944
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=4032,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=5492 /prefetch:141⤵PID:4524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --string-annotations --always-read-main-dll --field-trial-handle=4816,i,812062913372518910,10869345044244848604,262144 --variations-seed-version --mojo-platform-channel-handle=2948 /prefetch:141⤵PID:5780
-
C:\Windows\system32\WerFault.exe"C:\Windows\system32\WerFault.exe" -k -lc PDCRevocation PDCRevocation-20250209-1546.dmp1⤵PID:3556
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
406KB
MD5366583ac04036c021bceb086c89dcce9
SHA108d66877d6801b6ab8b0685e5d5431fc4cb216e3
SHA25612c2cabff4bff7f08547d4c122b0873845dd133a377ff64162ddc31b7195cc41
SHA51280a53cb9d50c68cc7330fdcf4e23bdf6a0130add072db1bd130de9d11ed0ca43bd7451127c2ccd9c72283f4378b2f5ae51282a9886cedeb493c88922e3065979
-
Filesize
419KB
MD5794f66b8363254116adc8d6579495f66
SHA19a6a148f9f9bb94d37575b9671c5cbc5cf8c3f19
SHA256e8e970e9fcd5bfa2988a162e8da457b5aa2463406393ee04c967de8a2fd71fd4
SHA51200134413e19d73c752706ae23efc861aa690613a8fa89cc80d6d819e7759cacf64c84b1b172949149d0df677e0f6d64d697527a554eb7f27c720d07f3ac48eab
-
Filesize
381KB
MD5d59d4ddb9125c0ff7f036be8a1856fc4
SHA185a8a5204e5e30a9bc04cb05b5a46e7869781992
SHA256070bac0252d1e1d299d18f484d769d6f1f25d6ef63537e63fabad72f977ec6a1
SHA51263c1b4f4d75d80ae04df2f388819c954eeab15b820043a9421030a12e2e57b3499d60c95fbb96357566c44850de208573ccc254aa0ac0302245d45287513efa3