Analysis
-
max time kernel
149s -
max time network
181s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
20/03/2025, 06:05
General
-
Target
R.E.P.O/OnlineFix.url
-
Size
46B
-
MD5
59bf167dc52a52f6e45f418f8c73ffa1
-
SHA1
fa006950a6a971e89d4a1c23070d458a30463999
-
SHA256
3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
-
SHA512
00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in Program Files directory 12 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/3⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7ff9af97f208,0x7ff9af97f214,0x7ff9af97f2204⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1912,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:34⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2116,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=2112 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2416,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=2428 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3408,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3368,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4180,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=4240 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4260,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=4376 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5272,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5188 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3636,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3716 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5160,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5504 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5756,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3656,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5916 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=6556,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6520 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6512,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6392 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6676,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7000,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6980 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5180 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5340,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7140 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5768,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7016,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7388,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7532,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7544 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5656,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7392,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=7600,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7744 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5484,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=120,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5192,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3472 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=6492,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6052,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6012 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4224,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7588,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7608 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=7608,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=7384,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=7764 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3404,i,5665929304761019529,17636891099487589368,262144 --variations-seed-version --mojo-platform-channel-handle=3232 /prefetch:84⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4e8 0x3941⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD54013ebc7b496bf70ecf9f6824832d4ae
SHA1cfdcdac5d8c939976c11525cf5e79c6a491c272a
SHA256fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a
SHA51296822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22
-
Filesize
280B
MD5fed4ab68611c6ce720965bcb5dfbf546
SHA1af33fc71721625645993be6fcba5c5852e210864
SHA256c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4
SHA512f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee
-
Filesize
255KB
MD5e80cdded42978faae0ba033638a524ef
SHA14bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1
SHA256f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb
SHA512b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999
-
Filesize
48KB
MD54f43bd8516012aa229e3731913d73256
SHA192b18484c5e638b4efc9723e5fc3afba359618eb
SHA25639606ea9321f013ae9805371e20cbe9787658f50c4f256fc5b738d6d7c11fc55
SHA5124d7235c5c1e4d0a9676b9801c9d165ef6ff8c5e313d36452e77177f96e48178391499a4bfda4e47026fe57bad01b87cd54dac8cdee7bb0cf94e11625c47e04e1
-
Filesize
93KB
MD50db54a9de7ca5829cb5cd1f40a7df64a
SHA1db6c3258cadf35af46a24a2f10388bf9f8a48e5e
SHA256c3f979efb9f6f93ba82b263006f177ad088d811ddd45a00d9308020374ac638d
SHA512c3311a7ce812a39b0f0027d260eb59f7d30dbb52a9a4f52fdfc8ed4ec4840aa66d11723018e6d46cc25485c6a3d469286095e81e7574d7fccde9f098f392a1f7
-
Filesize
156KB
MD5866fa967a11d20f6778600cbebdda8d6
SHA1d71165d18fccb324990db5c5b08a6c218fcd6de4
SHA25602abe881bcae956fb20650e9aca4f09bd5c5d2e792515637680f1849a98f186e
SHA512d0025c198720a103983a87087ab435c7ec5038137a32d0d95517ce3bcd9bb1323e03e61e67ca4031ec9412706afacfbb4ee12f756dd65eb5c636d26f7b8caaaa
-
Filesize
58KB
MD5badbd4480920e01347c05e84b09316e6
SHA11e93ba08e65ae86e05c7e4455718f139a914bcdd
SHA25637860d340af50c43c1f18eeba945a0ddf63f45654b7385f413370cf1f5ce57eb
SHA512b735e554ff08983d0dfd0ab07374c9962d7af775a8c7d91481fa1fc4ff621fe9039539893e799c91552ea5fa8f785d2d068608c21a49de7bdb4236af6c394133
-
Filesize
46KB
MD5f013112b19afa3f40fd173aad327c2b9
SHA1ad7e182846e99e48c52478a41affc52f85ae9315
SHA2563e4154d4f7eb1a3b87dddf264d6beae057c04b193be290f6e065100c502f1186
SHA512509a0ef62c2522f9f0a2e1153e3d7c281b7a20f38cf8c83aca301465e9c85b43a0638c980191791275c14978baa6a29ffa8b0693e562dec32c8a13a27784aed1
-
Filesize
4KB
MD50e11fd87b88ae86560516abbb8fb9d5a
SHA198ee1cad8c3ddbd7aea4a06f1662b9fdb025876a
SHA256293ba1522c217256bd631f534f6cb107759d1dfd3a300dd736f5416908b4b891
SHA512526ff33aa2bc5547f2869d6141d57482ee10d93561fc7f8da2389502f61bfa6aede3b61f3725826e1dd6fd3e92abf1cd3b9f01f382a9289ca8d6d65bcf390d01
-
Filesize
3KB
MD54a4388c5fdcf248c8a16da033055b611
SHA1632822dc2607d94cbffae4a948d9b266caa02eac
SHA2569d92e9c4af01921d82ee71176a1d4d7456bf6138f97978642f8c8818b6b8b851
SHA5127e92743b4963a72065a3bf4302de9f5a3ae45907c4f60b4adc36d5c72801fb583981f32c99092d4a3e5f5ba12826349bafcf4cd575af28801dc04439bf9b2e65
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
10KB
MD52fb095e4afee4ceeeaa192b14dcaeb03
SHA1d986b3dfee790e9e2e63587d708ee73a47175114
SHA2560ae2d18563a2cd1b797727783593ca12fca504369eb09afb5ba1b95fc74453c1
SHA512efa971ebdaa17f2d0fb9125a052b0731be37fe79fee1870b3864dea2a100084eea4c2e7636981107b9d5756a0e8edb293862647e94d72b2ac67cc121f5a779e6
-
Filesize
9KB
MD5286bd53697f2824e1a3ff9c75d0fe2d9
SHA1916fe5ef574c935f9ec4df11de4a503fda9b69c7
SHA25605dbfc256fbbc40936bb7ba23f297a0ad27bdbe10ebbe9f8bbb8529c898e58ee
SHA51234220a6bc47a5dcc9a1cc5b0fb70e1a9676e1b360a289a2265d25d7d2d12bf67ff0567669e5b77cffac4be9edfe48a96ded72879b1d265e397801a4324cf8f72
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
15KB
MD51bba71245c27af1845abfbea753e4d2c
SHA14def4989fa526c0f42b38e6e00b8e7be719ec3b8
SHA256721ee16752aebd99b99eb74edb2b41daf894dd62876f749b11a16c0004c259c7
SHA512cb96830943d614c55319a931a7a54225bbf193e794ed385f6ea55a5c3d86b443ad03f59f6bede3b522f6f41db1844c7131bd3a2c3639735b03f061e17e35ff4a
-
Filesize
17KB
MD5330e3321051cfff00070efc7d6f98f30
SHA16b2235a9a8e162923f71ae2234186d828e5606dc
SHA256daf6804e837388649bddbf80d2295ce1fb81c5ab752834388d3c91191632af7a
SHA512c9539af31953885803f3fa3d7bfc519effd65504e7a00e66af030f5317c33ae8be26559332fb25f4bc8b2ec1f30c5858b94e55b712e12e51aaa55b65bd2a6220
-
Filesize
36KB
MD5f8ba7397921633d5c2a36216f69bf6ae
SHA1c1b29d738423845c43a8c6b4f8495778a9017ff6
SHA2561d74d4605128e88838792b0f4e35acde356b7338529bf4b126225535ba6f089e
SHA51249ba8fd84cabf474803f617adc900268a773ec3abec0a95b787f0a69d359860fdcd40f8de3f5b9d5826d4c134fd7cfd5fd82c50acf75a14a65809e3b47794ddf
-
Filesize
20KB
MD5622cf13abe8c4ba81acbbe4070f8d70a
SHA129c39577de789602617632a1ee745e5897805fa7
SHA256b91863cb7dfb695e04f8be6b437f67ba669d1cfbd407a3418cccf12919c7dab4
SHA51225d382c5ef4691018d62f05e28a6d2c321218e1586646b2e628350968f2475d30a13c53c5055bea16451111b1c566e53003af3e2afe3a9e5a3785255069c23f8
-
Filesize
868B
MD5e39fcbc143a01b1204e49ecc4a4f0c84
SHA1d89586b234d129308fa4eb2b545bb10fcd35f190
SHA2566b2d199806df57e4cf733f26b89869f1bf5a2b61b03443fdf0d0940cd60caf42
SHA512333b0c58e8cfc2b3357f071255cc323ded10663b0975505f9f13b9e1f00f8ee7d4a45313c541f2c4db02b09f74f03fece1b3b76174e843bf0a327be69c4422db
-
Filesize
21KB
MD5f138534e30920b1d964592ffc1867f53
SHA1910030adaa49c4aacf70d3449ead523fa9c38fcb
SHA256dd1974ee460fb9eb3a7b1fe6e47c85057601dc117c512a013e9577df065b8bf1
SHA512361f8e5c03a005769dfeec1d96ca5528359ba9a038eb754f79e421ce0931424ac4cb50a4f70ddcde8b33afdd1cec440058e2300a909b8f2fc2ec4ad8fad03b90
-
Filesize
465B
MD515b297b85aeb507b073ec064c754ee87
SHA1f8654b1346fa67cd33ea3614d227b133d04374ca
SHA2566be13968ad37f5d484fcc44dd371ac15424b3370315fd343dfb15e0004bfce7b
SHA512b9e693771708fbdb1ab1707869954789dffd4d5d06d6cc3ed6b56557849b3138f069a3c8ff6247a04e9d78640cdf1334d6a7a120a87b27e78722ff42f061ccaf
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
30KB
MD5fad409b1393e777709414731a7f2dfa6
SHA119e76d0e2aa8fba2266f775640d957d341c8d5d2
SHA256f2696d8a1ec1ec3c83579597d358b9334fc3571365c3efb6e1513974d3fc8c01
SHA5122f2f47853130cb31e8776bcf815b3dcfe334f2f55adcb080f68c890efec263d697910c7b303ba088885ddf67e507f1b7a290a334ad7693e573171945a443a673
-
Filesize
6KB
MD51f313535e9781a3df1445239bb4b0649
SHA1ef48f1aeee34b841631efce13e93710bd8cfff46
SHA256c457f39801828a49ef52cf21aa1e49b42078e089e5b62814be08be0db41ba362
SHA512cbb45cbf47bf33f8fce2dd20e77e86f72640a114d86b6afb9dba07dc9dc278099807d513d1172b3c5a5a94a3d0af70a6ec175fe13720b05beeb55ac2301162b0
-
Filesize
7KB
MD514b86f58099425bc04ef56a29f37262b
SHA1b180837497888dfe043742b2fa45d83ca3318cc6
SHA2565eb07c5c85ba71ac821f04d2a98392caced588904cedf56a095b023f8e8cc1ac
SHA512d28e0c66a0fbd12a380604074880fdb2b9154996c2d435bd780befbbee479b9a71f35688ef5fe7eeb93f6c686b12887ede6d4a23a7ce9a33ac5bfdd836b8f633
-
Filesize
39KB
MD5ed7366d22c8f9a186a8e3c72ca0df80f
SHA19f1af8f22a5fcee64bbf805ba79da38370cb5d0f
SHA256215681228f3923b46d5f9672f0310de574436ed102653e4289d2d34706556785
SHA512a58a03e585c1fdeb3d797d6339b94d4c35fb8318aa73e136ed4484e5e544b38e8a5d1e81ca67ba8542a27bf85e3cf50ebf82c59a027fecf8cbee143da81ca159
-
Filesize
2KB
MD5d6b7647abe89d2c5904e4184046509b5
SHA13d75394320983a248157f02e14ff98c4faacbdc7
SHA256ae9e532888525dea44b117dbe08d25bfc1b501219e75a417e7a1c4cb23f5f2c6
SHA512c3d5faa18b084bcb7fbecc304cc2705b81103e938f005e9d0e2a24fb20227e53ac79341fd9fbf66288d15f17e07ac561818012d7392f96d3ef8d309219c3de9a
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de