Analysis
-
max time kernel
145s -
max time network
172s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
18/03/2025, 17:14
General
-
Target
R.E.P.O/OnlineFix.url
-
Size
46B
-
MD5
59bf167dc52a52f6e45f418f8c73ffa1
-
SHA1
fa006950a6a971e89d4a1c23070d458a30463999
-
SHA256
3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
-
SHA512
00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops file in Windows directory 18 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x308,0x7ffafa95f208,0x7ffafa95f214,0x7ffafa95f2203⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2152,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=2148 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:113⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2532,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:133⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=3500 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4068,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4124 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4084,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4144 /prefetch:93⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4100,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4220 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4128,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4232 /prefetch:93⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4704 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4120 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5504,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5832,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5848 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5856,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6188,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:123⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6400,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5752,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6816 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7000,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7012 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:143⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11284⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5424,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7108,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7376,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7372 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5648,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7176,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5584,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7708,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7724 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7416,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7704 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7744,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=732,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4252,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1612,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7492,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3616,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5940 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5932,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5920 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5940,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7880 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3592,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=7872 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5524,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:103⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3636,i,348131805320290418,9216177109320982390,262144 --variations-seed-version --mojo-platform-channel-handle=6984 /prefetch:143⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004DC1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
105KB
MD57ba0e1240fa041160176aae49bdf852d
SHA16a59f3bd74c7d95adbdfcc517640f0c1c38eddd3
SHA2564ec7dbba5db34d797c8a627f0a824e8476a81a90159460a8a4a6cbaf9121e0df
SHA512ac8f9c79d1561b4944b7a8b44d3fcbccd046608d54f0345a8542fe0bcdcb7f7c611878ff9bbf613d6188877bc35120788ed32c6207f1bddf6c181b811993d7fb
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD5046b1cdbd636e82e7711ea1fde31d7e3
SHA1f5fa4183cb259a99b4148ee957a5f76e80a77ada
SHA25640328502d95af4c1db45d98abe8c4e9214d80a8df7f0b8f19f81edd5e121f90a
SHA512460ba5792f0df64289ff4057d04615973a7844b2fd2c14df554600c141d720fcf13d9e9c8449ac57e50fa074a81887437918970881b4d48f7a7ee3521bac8eb4
-
Filesize
280B
MD5cbc9fc2d9ad2df85283109b48c8e6db0
SHA1721ea0dfafd882d6354f8b0a35560425a60a8819
SHA2567c21b286b304b2b42ab3502158aef04892b60c63007b8ed7172dad86a4bcebbe
SHA51209594b5f33704cf367960376e5abc8cbfa7baead59c3f199ffd365a9a9c2159b45f6596d597ebdd033db5436c000faac3c5b2fb39e97fc17b102d03831265609
-
Filesize
2KB
MD534caa0a969c95b5193f9bb97b3fea6b5
SHA17c38332e479ddedfd989a72528c1c2788b4c34ba
SHA256ac5ff7b75e35cdc0ec91ab583a6b288ab1de5f615d0c850f92f1f8b46661605a
SHA512bef944f2cf627d8233dda026ba265cd5250b1ec7c8444613afa43749878a4c88cb254e1b1cdf483338095fbb120a3281f58cbec9777a7987d73a47b3baf96a87
-
Filesize
2KB
MD5770abca51af9b70661bda25aab5e3adf
SHA1ef3423bffe34bd796c770c3ec817e24194f1f6e5
SHA25685c3ba9f27d0c10c739975a93fed9a75a46ab0f8bb6701f280a8a020b0981b6b
SHA51208d5f20d1099856d674a233edd2e648beb32cafd9f2a7ba131054394e207a8454a0eaa84cbff602e54b695172458a69dbfce68d8f2bbe09d4a3c2e8957e3b07f
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
7KB
MD5704880f601cfc37ee7b423fb5adf30b4
SHA1ba540086ac2a7f1884581b740d0773cef07df8a6
SHA256fbda9d22a2b47c8a7091d3ee4043949151d92df5376b9a036a57b59022eace9c
SHA512a969b3e526980e4488da7c8c3cb8c3bd23b514d7904e51dc701bda51f1b67133a121612109d1a59c3f9ce878460ee5ec367bb114f9db140d6519ccbfda6eb027
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD54242cf25bc0f7f9d20a3ca76df302503
SHA1f74465fdad3c0bdde3bd11752d661330b01c153e
SHA256d3a457b12037c72f06de15b4de2c5c7368b2dc0c019834731fb103941b7b6720
SHA51290eb2df59bfcc3c086cb82c214c6f80254a36d832eb80778282420a35bed801541bb59fcff0f7f64a92b9b42ee7ba96dfa44f3fc568841d2a481847f5c126841
-
Filesize
15KB
MD5e1c412d2b85a6e58beca24713663ef9f
SHA1bb465b30096c3b75c896e449186e9847e2984dd3
SHA2569682d61e09bb6a2dcd0f6211b182ae9e606650fb23018933db6d9eecf7a09c01
SHA512d3195b146a628ea19355735684b82148d6b9a59b467063a04644bb28160b45fbf5c7f004dcdcf671be19bb25e3e1841f45853640fa98f92933d5ac3b996d709b
-
Filesize
37KB
MD50f49c6b4d8cbcdf7abe5f5d3137d1de7
SHA1b353bf7c1483dcd6b0ce469a228e73b154136e0f
SHA25698f7f9cb8610ca12512ccf5ebdb7f96c5956acbbc838b64084a338de1f8bd2d4
SHA512b6189eacc1626a7e8b75f473bc1352e91286bfd55c17bcee25834675b999f40539565b55c82008882d0a29e3faa61d78dcccac09254463dbeff7d4e4d18d78b8
-
Filesize
4KB
MD5938dc0400aefa75ea1180f958fe684b3
SHA11b8f452d98aa40d1d4a2e42cf0dd770376be0b8b
SHA256ec77bce7315ea38bf2822d825c0c03db1058de08bf5adc2fd8c27b29ae605ef0
SHA512884778c18fc6b0bbc7bc62b427f6161522078d12d5c2e951c1c4ae549ad8e9482f9ed30cbc495e9261c93cd68efc304baea1bb19090d6c6da064436ece08723f
-
Filesize
20KB
MD5622cf13abe8c4ba81acbbe4070f8d70a
SHA129c39577de789602617632a1ee745e5897805fa7
SHA256b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4
SHA51225d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8
-
Filesize
880B
MD5b7905e2453c436d6fc2d8579b9cc1749
SHA1a40623c15627baa1d92d4ff53dfc0e130721a1de
SHA256aaf1ca1ab442a97cdc148abf8cdef6301772b901ad103856a2e48da113e208a7
SHA5129f53fffa3ddb6fe403aa3da6d27c1b7a17e59fb1a270dfb2167b4735a25ced05c0d026e24b54c6054436c18166db4b532a76bc433dc72f27496dd7f067a39d3b
-
Filesize
21KB
MD5c883e1e18778b87047f0e1ecb48a90b2
SHA1fbb0c7c621ba590a7443ceda05300ac7a49e1988
SHA25603678bdf60265c404a24ac5b2fb965fda90c42be3fc016fdc17462466200e269
SHA512f1611435db7a40c9f3b2f89ac6b731405bfeb55166e0e9e7b6c6f85a20b1e87a8b06aeb56785751d34e6fda3d6ac15598abc42e353baae7abbae751dd89ea628
-
Filesize
469B
MD522923923f3122d887b0df8aaeadbb7dc
SHA1f57e7ceef954003137b23bf3d8f7803ad9d1768c
SHA2567070ae5a8188b35571f63353cadcbd65fea6fda790ec3d2007c4674995d608c7
SHA512c5e0662f2a0e7490287215a3e11e2e9318e27314761a3f04001ffe5967a85cc0613309362d5af97b3ef7895b025b5e23f42011594286142ba74a4dcfeb844130
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
30KB
MD57efe8f3a78c5d99c480cb7ea5fee6a03
SHA1f950529b0b04b323af68fe280f438f57df903fe1
SHA2560e883ae9784c5eaf6a571be9e88b12be27cb075733bb071abdea7b5183da7b51
SHA51290e2f7dce202553e9cb7bf851b3e06d7ca8b93bcc3e791468209e0bf47591d4d9a1435266b2580e80480ff1d59967d47d3b7f59b27fd3edc540c53f83fd30e6c
-
Filesize
6KB
MD5336d442eef74f319665c9b133c395c1c
SHA1bf03a293415474e88ea1ecededb621b54261ae10
SHA2560be50788d3f284b6e07a9293998fa017a2d329e21d74bdb9299fd4f1abfa7173
SHA5122010721bf5cac12f57bba62f80a21b804acf8f081b9173406f6e4a3207849bf44afc6a481f37b2f72aa95f9dcd97dddc5250c80983f438ca1a65de6425741978
-
Filesize
7KB
MD5c7369a26855c773d281db7822d5c00ea
SHA10c3da095869740815d4c9b3bd285dd64c91c9be9
SHA256e200c4a58071081a666c6c2512dc80b84ffe141ada9a7179d9649ff7603185cf
SHA512387f442fd322438aed9e0fda0676ad682108aada3c0aa931f12c6cf249266e45b65dc1bf5a0efcb2d3a3c3ec5d82ab72bdec66b54a497d9662f5b3ae5fd5f40a
-
Filesize
39KB
MD588556e0cf16bbf09c3f2d0a03b760468
SHA1d21710d3d905f7bd791ec68570be43435b8f6434
SHA25672b2165317acd77745ee8afab68c3fc6857fdea23d5ec9314a0eddd8459ae790
SHA512597c73147b0456a53f067bd1e69b3e3592985ef8691f85ec3729ec95f63bd9d9ef7250106a3a42134b490ba9b8000964721cfbf544dd1351406f2219b9714abc
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1