Analysis
-
max time kernel
298s -
max time network
325s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
submitted
21/03/2025, 13:37
General
-
Target
R.E.P.O/OnlineFix.url
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Drops file in Windows directory 30 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/2⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument https://online-fix.me/3⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x260,0x264,0x268,0x25c,0x274,0x7ffe5e7ff208,0x7ffe5e7ff214,0x7ffe5e7ff2204⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:34⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3496,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3504,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4192,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=4212 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4256,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=4276 /prefetch:24⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5232,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5296 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5112,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5784 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5808,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5808,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5880 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6256 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6284,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6376,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6532 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6552,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6524 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6372,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6540 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6432 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6352,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6964,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6944,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6820 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6772,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6796 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=6484,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6652,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7136 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5848,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=6828,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6668,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7444,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5276 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6544,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6584,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6760 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=784,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6488,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6756 /prefetch:84⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=780,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7280 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --always-read-main-dll --field-trial-handle=6792,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:14⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6528,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7296 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7348,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7324 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7240,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7252,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:84⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4384,i,2528103306870194107,6724237908185538262,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:84⤵
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x2481⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD5a46a324553367dc0b13a007305e4f102
SHA1005a700ac0bf4429024f9e857e2281f82f370aed
SHA256a718f2fe90be4422382450b4959840a13d6d18dea09d3da5394624198a126063
SHA512d3b9fcde15be13451aa441070d9143fc53faa6a2725adea7fb9c340bcb9d7ea183dc1b36c0f8ec21c1748c80bc8fa03a14f198c2fc914c9f8e81702bd8e18399
-
Filesize
280B
MD529f13140c50c2394177caf96baf3a5c0
SHA1680e35060382a846752eb208b62de077d31fd1eb
SHA256f4554eb3e1e133edb5f5f01e19539ffc52adc0b346e19c4742a815e7a92b2dcb
SHA512d964d066a2913d3b6eb73925160d7e9d79a94ae5c6e3956cd361b54fe53833b311990a91346917bc90b227301d864939f6a5a417ff52ef9fe8e21971b1a661fc
-
Filesize
255KB
MD5e80cdded42978faae0ba033638a524ef
SHA14bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1
SHA256f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb
SHA512b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999
-
Filesize
4KB
MD5c18deeada61285a03e8ba2ec8713d631
SHA166e0f7a84525cf44dbd96beae433e9bcea8cc750
SHA25639c8b446845a7dec6b5e75744c3b571b83169f9ae401b444166b373e293e21bf
SHA512f1daae79ca4d9d1ae20a482ffc3e5d3208e75c25fe9ad3de7dd926f8232fecf1b12d3ba514cce37f067368535c90d0391336e05d8aaba8ffa9ffdd8ef3ae4ce2
-
Filesize
4KB
MD520b2cbd8374d746dafcd72fa00401229
SHA15842aec408725235021c3b7cd8eb21d63d0cceb0
SHA256a51c24c3ca8b35954db4021b8bc8e6378717322eea427a9611e152806aac6f88
SHA5127fb6d1c8cd5083b4094a047ecd108aed956c3845e9487c875056377ad7e578c239eb833b0fd7848c3eb0b3e7447a7815e09f850fb79bdfab3d6c394b65485df1
-
Filesize
3KB
MD57860d1d717804fb6c747dc5ea6fc4f0f
SHA13b73781ba1df49ee9cfd8e556d19d009a488371c
SHA2561922bcf5ce4a1f9b136f764e8f5a637ca9f0846b133e3bdeec458903050e8660
SHA5127b202e5732db0d47fc6ab960ca392cad67cc125078d9416f326b32f09cb84b61a581b9e95018e4a104c18aecc5c9b5d118da8f1d79c06584fce451717817a5a8
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
10KB
MD53de1e7d989c232fc1b58f4e32de15d64
SHA142b152ea7e7f31a964914f344543b8bf14b5f558
SHA256d4aa4602a1590a4b8a1bce8b8d670264c9fb532adc97a72bc10c43343650385a
SHA512177e5bdf3a1149b0229b6297baf7b122602f7bd753f96aa41ccf2d15b2bcf6af368a39bb20336ccce121645ec097f6bedb94666c74acb6174eb728fbfc43bc2a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
9KB
MD512531d1dbad3e68fb6930456dd69d999
SHA168b9a5b6c0f9922396e742db505c93fe84ee9b44
SHA2564d7d5397b4cdcdba46f3da4c3ce595a2a909f39e4e82e6c7be07656c06fd1edd
SHA51282cfd437f647dde449989dfcdcc3c9e722776cb5e4f877db30919928ffafbf07ae699306c47de51560f369bee0c73b506c78ef87d8e075b1934bd858e6c7d3f7
-
Filesize
8KB
MD5f30a33cddeae15f5ea8e8edd544df96d
SHA17db2d36ca5b71ca26dfcbc534c8f18afdbb1aaf6
SHA2565042d79adf15fcdaa9ea650a64e7256df6e9e7a0005e1ae932848be177fa8dcc
SHA51221cecee22207677d5b4d10926a4f643566030c6f1074b681efe5a74183f3731edd9acf1cc44ac9ff81d20c36eec2c53cb8c36d7dd1f9aa0c124717d8c66b6317
-
Filesize
9KB
MD52d30d01606d9bb2c250c7957828f64bd
SHA10fba67ac616f72fc2d5e582a4a00684df73a38f3
SHA2566fcac4a391220c1f0941742cec031b94e5b6a57a21e437f6e1f1849a08d6349f
SHA51282b1ee5642bb570ade4474e1723fac9c81d659c7f6e78efeedb9d30370c4afb55265987688ad0dcf3186ac8311c9644943445e09f1cdcabdb567a349ef9dc327
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD55ec9449806482be2268ca0cd0461da83
SHA14927f43555c79c2432476581ed0368a9cefade62
SHA25611f3c42261389b2189eb61306be11d07d4611c9688882632cc5e668ac3109240
SHA512ebeb166cc9f325d5b0f6153629611a19545edb6da99b46c2816188d721352d6acd1e962148c88eb382532499fc3f271074ffc40e190dd4b5a32295fea1e39be3
-
Filesize
15KB
MD573733fc473925d764a9d4b0d76cba383
SHA185555b9106ab53df59af77e2326c42300cd3bd74
SHA25678a2e603e01105353701c05022e08e7c034a98b4c249d67bfcbd43ee6a6739ee
SHA512cf057e114ff2cbbc39eb320de001e5b941ae466dd101cda41d22a36b0d83ac2bad5120906f8050d74d96ad061e0394f37d6937110697bfc62d7bbe1fa6af1dea
-
Filesize
16KB
MD5f815a257887fd0c79125d441024a94b9
SHA180a2d2d4c53eb00371acdfb41dfe0a39698f7727
SHA256a0fdbbb3d64a195ee0b71ef2848417e1add8768a4e0a8db74109dfe0eb8889ba
SHA512dd549c41a33fe5606c09412461568c157f19a87dbce1f4710afef2d86a63b82d5d950fe1e917de9f5f08a6552a1528e4befc565072eb6e8ff991d00284f0b5bf
-
Filesize
17KB
MD5509590eafceb0e343549b28a79fde14f
SHA1edcf84014c9dd06b49f4d9a7ecd446f61a4de560
SHA256bb44d7d6f8d7444099c844593cd762aef7a9185ac52e49ce206fad7f4e6e6067
SHA5126488c686531cc1e6bf2dc4d21359f051882556aa97c0c47fd34afb2131e061a5f9277b870ac89c7373fd96a78d786fcde178ce03f0b5704321bf30038245a45f
-
Filesize
36KB
MD538c978e7f93515d9e318c6ba4a4b6e45
SHA16caa8a97429061cbc9bc7a1c73753ac8f657c9d5
SHA256f2e884882a5fd2ee806dd6b0067538ed3f3534b6dbdfa9fb15100bd135416225
SHA512eba3833f8c056dd111625227c968ba652b0c1fd3df269be856953542c28d061ea2d09bc2e01532fbb2a821824205ec3acac3f58a8b1890938c55021a75857fff
-
Filesize
880B
MD526e68f8025caa6f34999f61155f0c6b5
SHA1bc886fd20e16415cec9568d4a411ea2bad64f22d
SHA256799ed4c676b2aaeb0c3a48c295fde5f5a8d21a93c87111852bc587dfcff82ce6
SHA51223a151d149eac3096c3bc8714969963380baec1c599604ebdc2fadf19120070a24102fc7b0038572539aede9d85fd29b96570b7b87eb2a3f25185eb0142eec1b
-
Filesize
22KB
MD584c072f052108684315cc647b7f457b4
SHA1f4da056de81ef62552c3c53e8d8f7e8f350759d2
SHA256a45463907f5c13b1cb7fbcf5a8087b63d7e29063bd0fa4f9e3ee8e06c1d4a26d
SHA51251fa71e62a9a93ac215700254373b1dd227cfd85e7a966d7063422fc241d25496aa00df5f944a2167ddafe6b8638f5008f2296009981e7daec392754b0236e4a
-
Filesize
469B
MD56d99e4baf74287fb127088d878ade9ff
SHA1002d6deb4d55dc170f51f67e600eaecbb90f7b1c
SHA256fbb82fbdee5ff9806fb9c4a13ecbab1b3b5375515f0eefc8c6cfa357cb39d493
SHA51263183b368e0be110b23ed5b3bbe7b5362bb2112a8e527bd69e4ed7b52f7a3155f9db9a8234ed3337fdd9443d24af77d33baaea4be5652db7a3bf2dafbd17694e
-
Filesize
21KB
MD5e4dfd0504387a1ebcc4a48846e44a23e
SHA1a5a91da421e3d8728ae857694dbeb24ea72b7866
SHA256d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6
SHA51294a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419
-
Filesize
6KB
MD50c29b92f5dd33aa67376ea6f875d468c
SHA14614ccb0bf30667d6bf0f43e1bbf4bd67ec2579d
SHA2561c09f4c87d74d9dcc986e173490d913f7424411696d5997028a082bdd084a82a
SHA51204d74a47e1c6f86ab50ad8b3b18807822c2bd45dad50f03347bb7f170c9586e2fa8d7ef1c24c8a0cf9fc7dbc22bacbad15693b422ed00cbd305a924cac1c4b25
-
Filesize
30KB
MD5056882b4f89d68d16a727139058d0379
SHA1a4fa2c59a8b5d45ab2a0fab41262f163ef689d18
SHA2562d4b9bf8254a766ba484ae29c6f0b4943bac1f2fd6cfa77ff42e94f8d1b0d5be
SHA5129f4fddd7c4cd7e421bdb87fcc0c97cadd4c3eab533a704168e1a3c648d4c92023d9b9626d337197672391aed41c1b4d4100972fed22850f46736a401f10c90e9
-
Filesize
39KB
MD54945246d10784d4d1be71fed43a494ae
SHA1fa089bb78998c868835cf6cc75a5cac0cc0b178d
SHA25630ed44fb2ed7b3cc3f3f206849fe3f3bff43a91b2da78653af8e7b710d8581ba
SHA5124b666841fdeac294520a44d906272d0afba215a5b7fd83473ebc5a199318e471a65942745b7f0b395ec7332d7ec6a3684c93ec10366f34aca8cd8826986694ff
-
Filesize
7KB
MD58630a270a7353da607f9e1fa8ed4bd32
SHA1217a1c7aa8dd2aae700023affac08ba97559503d
SHA2568c7f6fe40f2e47056d8cfd73dc3cccb92f88b41ad7d149d8dfd1e51cd404cdb8
SHA51247ff5efca734c627700863cac7c4b0ce9b2a799c99b083cb1972ce972aa9e4fb8458a08375259390ebdac21b74e4f80d96e25addf796d3b0ab1c1b8a67338ca2
-
Filesize
2KB
MD55859f75592b42146e72ff392b1c59e4f
SHA1f573e03f0ac9bca119b46bb129584095b3de2320
SHA256a7b21b3e87aaba94cea36a083dc67efb65d7b274870f982e1735eb672af32f56
SHA512880e372ccc96ecbe7c63274cb8f4b53e0ad5a37d57b22f28a61bda9c4c6da30f9c6c1ced6da1876ce8ea48ccc2cfdbbf9d819eca3b72c3a227682542de7c765c
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c