4e299075536c52b7fe1d8076e6bef32e4a1b673d591b96cc53aab4b3d9717806

Resubmissions

15/03/2025, 14:32

250315-rwm7pszjt9 10

15/03/2025, 14:28

250315-rs8n8syrx8 10

Analysis

max time kernel
145s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

R.E.P.O.v0.1.2.Multiplayer/R.E.P.O.v0.1.2.Multiplayer/OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
68	discord.com
69	discord.com

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_494096288\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_494096288\arbitration_metadata.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_494096288\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\autofill_bypass_cache_forms.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865227652118470"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3446877943-4095308722-756223633-1000\{D9EDCDAB-9501-4CDA-879E-B0A09D54D8B8}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1216 wrote to memory of 2352	1216	rundll32.exe	84
PID 1216 wrote to memory of 2352	1216	rundll32.exe	84
PID 2352 wrote to memory of 5180	2352	msedge.exe	86
PID 2352 wrote to memory of 5180	2352	msedge.exe	86
PID 2352 wrote to memory of 4904	2352	msedge.exe	87
PID 2352 wrote to memory of 4904	2352	msedge.exe	87
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4308	2352	msedge.exe	88
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89
PID 2352 wrote to memory of 4756	2352	msedge.exe	89

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O.v0.1.2.Multiplayer\R.E.P.O.v0.1.2.Multiplayer\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x360,0x7ffd8a47f208,0x7ffd8a47f214,0x7ffd8a47f220
    3⤵
    PID:5180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1808,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:3
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2192,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:4308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2488,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=2500 /prefetch:8
    3⤵
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3480,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:1
    3⤵
    PID:1900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=3568 /prefetch:1
    3⤵
    PID:64
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5008,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:2024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5508,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:5824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5420,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:1
    3⤵
    PID:1344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5792,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
    3⤵
    PID:1476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5936,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5784,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
    3⤵
    PID:1740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:8
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5720,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5028 /prefetch:8
    3⤵
    PID:5336
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:8
    3⤵
    PID:5832
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6508,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:8
    3⤵
    PID:1464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
    3⤵
    PID:3888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:8
    3⤵
    PID:5888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6892 /prefetch:8
    3⤵
    PID:964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6912 /prefetch:8
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
    3⤵
    PID:3888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2812,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
    3⤵
    PID:5876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5104 /prefetch:8
    3⤵
    PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5292 /prefetch:8
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5352,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3336,i,17086979029410736159,16228991736455212838,262144 --variations-seed-version --mojo-platform-channel-handle=3296 /prefetch:8
    3⤵
    PID:1556

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4852

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x364 0x4ec
1⤵
PID:5324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2352_1291643539\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2352_307329904\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2352_408640119\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2352_494096288\manifest.json

Filesize
238B

MD5
15b69964f6f79654cbf54953aad0513f

SHA1
013fb9737790b034195cdeddaa620049484c53a7

SHA256
1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

SHA512
7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7b0736a36bad51260e5db322736df2e9

SHA1
30af14ed09d3f769230d67f51e0adb955833673e

SHA256
0d2adfd06d505b9020c292d30597083d808bfd90ddc0fe173def5db96832a087

SHA512
caabdc6a8601b93f3c082e6506b3c9efe2242b90e92e86306dc0bd4857d33343ba395325fabb21f5db562d3e3932f52f77de547f379072d0154efd5f1b1cdeb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
406236774004f44925a89a55157cfb92

SHA1
62167c5d2bf0edab951114826b2e9c1aa79cf252

SHA256
51231a36fc2c4f6e8eb9a46f7ea2c807929903ddda2fc2351fb31427706517d1

SHA512
4d3c9be5ea26fc838ddf4b508a12f02df515def0b2560fe6206f2868f2c120cbacb6386f29184cc3a664d9e30b3491e76cac993dec174ec2a5cf7897cce5695e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
33594a70ac6bc9ddf5eb6a625486c09a

SHA1
e1652f913852b311885819290ed63b31cb507d09

SHA256
23dbcdd69d09226a02c31b18236aea5f55eb327769e3b4def655efa1ce3ba4cd

SHA512
99ca73968fac0553e8f46309e624232283009a50f45e5ce0c55a5b794766285d705c54b58fc9ff1d7598fc3f59402fed2a37952d229a042d52884c5102e3386b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58028b.TMP

Filesize
3KB

MD5
4e6386b5d34913e6b7a099c3419e1348

SHA1
ceb1e95ae61a87ce06c537be59b7227d041c3f8b

SHA256
1ffd348ae43d81eb5c26644134ccdbd1d0545dfee83ad0931684802404f10abd

SHA512
e265d2189307a7470d6d658d197eabc0dda2dfaf184ea395571a1c4dde36e4126308690b83f035adebff1281cafd78f33f2beb686ae008e9d0d4e246ed8e0d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
a7431e75e28306806abb4db046f707e6

SHA1
a8488f2a8e5c8e67a0902d015e94056ab221ef2d

SHA256
7758c0ecadebb3fb81267204c86856149cb8c3c1f716e8689d695b9b50298979

SHA512
46f2d964304b36696960ffd4de1f26241318017c2e6d006f265f9b20931bdfd42527875a9b7e153e8134ccca94b6f2856fe9b005db1fd8fa61337e2bc0e1c16f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
283d75404e0c479bbc58b946404e92d5

SHA1
f120b33397e1871c2784176417f44b336a89dd15

SHA256
34dfdc608037a667374ac42da2db95494c000e81f14f01db64a801bc3f512891

SHA512
493aae1a2a2f06d851a14bfed7a10402672b22803c8a8c8b14832cf3d4fbc7d8e9178a48709b50e8f8527c06c957b1bfbc3d234df888861ee2a2b34eb10cbf87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
286abfab35d868b3772e0bdc9b457e30

SHA1
0069bad54ae4306a0a27a5eeca916074a6333d12

SHA256
797c1139dbd740f5b5f79658e239abe1d502485a2df797c51199c4979094f23b

SHA512
926833840bf0b6330a8dfcb7abc9b361a0a5edad06267e7c2f76c2a913568deb73288b9b9e0e1f4eeb2b6745f75dd452adf41824c36aafb0466cd5e900ca0f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
c48e79b24f568b39bd4ecac70c4a936c

SHA1
cedbe718f6abd4212c786a620c62fc07698a82b1

SHA256
e9169fdb71c82c3dfda6466e177b490c01b5c5094111771c90a2428972ca5a88

SHA512
9d4924c4bae3a9bb817c44767be15aab909b288bd7c8a202b0ee988abff6af22bcb012f8449721812e0f9498ed0351e3918bcb2f910fff4b8de7179f1bd85d13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
a418eac231722951869977d174529181

SHA1
9584cb4ab00b62185855d5d5a6ba0e4ecac140d3

SHA256
96f49e82e2999eb9ed8918ab34f8bcf4723f951d181082a326a8cd841d017cfe

SHA512
4b61e61e07f922fdd612d95c50ce2e4a4e5c7441ee528ae13e4339b279d0b329ae5504a15b25e9640b8b4554b878cd647bce60620c8436c67cbe1f68efed1f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ec10b893-f4de-40b2-a725-82e47c986695.tmp

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\favorites_diagnostic.log

Filesize
2KB

MD5
2b463c720d3507a356824f9d71f66352

SHA1
b1405f6402787e97557658b8d843d2c36c314a96

SHA256
a3cde9bd41fc5bde787ac86279b3ddc33cf789fcb7aca6c32cda181719d051e7

SHA512
c9f04a216aedfabbf91a96b0471d9c9849805ecfcb746751641093992ca7be579bed6bec9060038225ccea1b9b63e0ee7498bc1be34dd32217aae26060405851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
464B

MD5
671593e7fd5036ee6af024e2cb0eaef4

SHA1
6a6d82e4700e31ea124d6808539e02201b76797d

SHA256
8527a15262c5a0772a4cce873f268b1690d85c33616333f88c593a16d33b507b

SHA512
cf7fca56c740dc3746457cca67c2bd18e350f06a9d00effec3b8dca7fa4150895377bf6821a53f6b2f74244bf4e380c1cdfd1be32fa33445f9a3dbe3ba682323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
dc219bb4888479c097ff02e9845ca61d

SHA1
c8a61cf2a466c61fde665f027b2d5f8c58de901d

SHA256
2348d51c4c7f8be69343b0ff9abce12bbae3e17e6a0490208343a47d21fce9af

SHA512
96db107ec3ceff59cbe41e4c3e1b4e0de5a63c4918986c739d2a282d18fe80907d21182b12e111d03a35346d13501b837104361c519d0b77f4e00d53f86efe91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1b46c31094f55606970c8b5f75879607

SHA1
689057a6d71f57c7c5b6b90e841e1908a2315a0a

SHA256
9b17f76c1c07e2d45a41d31b28d8db042925c93d919d9f3de72c780ea396b5c5

SHA512
26aa4df2763020e3d54a10f5f1ff082a09f877c7a5f637cde074486a6e56d4f838b90d3c739186033fe64a37d447f63cac2f07089c5377eb0e1e206ebd0fca88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
e47a447a3ba3781dcec1534da2e9527c

SHA1
3de4372382342b2dd731fb1e7546cad1531339f2

SHA256
4cca1b7395effebfac714f399ba6d4eea22c465d9e6b702fe2a7c7539baab31e

SHA512
ded5bcea61328689e376f3ae11194c7bf8cfed7430a1b43164c0c231c727e85d1eb15957c6f7d2ddadd69816c721b69eee099034ee4bb5690a80e3472ef9f461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9ff93b0774128d58141924c8140d77c6

SHA1
e8961086c12d1668216ba20d05d2ee3aaa30c6c0

SHA256
ce01d4eb6bce5407fd0094ce57169747b1971f5c6822932ac0181dc6cfa0a75e

SHA512
0647170e64aac95bde6bb39c0836862c33a36a05dfff0e4af5c55ce1266c119864073ad847d0e3446f57dfdfe00b15d4fd6344132f98e65517fc03994036c15e

Download Submit