64a32ac6adbb8ccada1ca74ed4af18eb3e38620b90d2573b2f8954bbeb6364b3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
22/03/2025, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OnlineFix.url
Size

46B
MD5

59bf167dc52a52f6e45f418f8c73ffa1
SHA1

fa006950a6a971e89d4a1c23070d458a30463999
SHA256

3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
SHA512

00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
61	discord.com
62	discord.com

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1088316198\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1088316198\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1356888748\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1088316198\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_2137710712\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1356888748\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1356888748\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_2137710712\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_2137710712\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1356888748\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_1356888748\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133871302909237897"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{E05D73D8-F25F-4BC7-9D42-B438CCD61CFD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1080	msedge.exe
1080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe
2308	msedge.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2308	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5608 wrote to memory of 2308	5608	rundll32.exe	85
PID 5608 wrote to memory of 2308	5608	rundll32.exe	85
PID 2308 wrote to memory of 2332	2308	msedge.exe	87
PID 2308 wrote to memory of 2332	2308	msedge.exe	87
PID 2308 wrote to memory of 6044	2308	msedge.exe	88
PID 2308 wrote to memory of 6044	2308	msedge.exe	88
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 5540	2308	msedge.exe	89
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90
PID 2308 wrote to memory of 3956	2308	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\OnlineFix.url
1⤵
- Suspicious use of WriteProcessMemory
PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/
  2⤵
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2f0,0x7ffa8588f208,0x7ffa8588f214,0x7ffa8588f220
    3⤵
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1944,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:3
    3⤵
    PID:6044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
    3⤵
    PID:5540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=2588 /prefetch:8
    3⤵
    PID:3956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3476,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3564,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
    3⤵
    PID:4556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5000,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=1676 /prefetch:1
    3⤵
    PID:1864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5656,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:1
    3⤵
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5548,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5428,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
    3⤵
    PID:5924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5852,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:3144
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5876 /prefetch:8
    3⤵
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5028,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=4896 /prefetch:1
    3⤵
    PID:212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:8
    3⤵
    PID:2900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6200,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5072 /prefetch:8
    3⤵
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6176,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:8
    3⤵
    PID:728
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6804,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
    3⤵
    PID:1684
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6804,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:8
    3⤵
    PID:964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6836,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
    3⤵
    PID:5000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5148,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5004 /prefetch:8
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5496,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=3448 /prefetch:8
    3⤵
    PID:3472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5540,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:8
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5304,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=5756 /prefetch:8
    3⤵
    PID:5044
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5072,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:8
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:8
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4924,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --always-read-main-dll --field-trial-handle=6132,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:6052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1312,i,6352947431597315305,14727481116555207649,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
    3⤵
    PID:3772

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4644

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x460
1⤵
PID:752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2308_2137710712\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2308_950465535\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\74f02cfe-75e9-4b66-9b7f-c04c6a0dbb2e.tmp

Filesize
40KB

MD5
f8c5afed5ea396eaa3ff89f8e8e47b68

SHA1
39d100bcf9b404c9534f5fa384d1bf706dedee6e

SHA256
12f2aadb08b6b4ce79849d221907c87ad89a3a9c8c5568a5078e6f3ceb903c2f

SHA512
85e5eeb70d33266b01b029cf4bb60b66e76b8d6293e5d96d0ce557d1a106a79eb107b91fc12e759e7d857de506bcb56a77ac4f8778cfae154b3d118c0eff3443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7a7b04c02742349d9e24fa358eb328b7

SHA1
e1a14f70b4195b6218c11613a084b7853f67cbe6

SHA256
4e94ff7a83678fc4a93d30c420180ec6461af90829ccc9ca6cea86f2d5ca28d1

SHA512
b416aa40d45641efa9626e779540312b9affa8d7b31cb2ee9e0e6bfa4cef3cf416837b6ffc30af48ded2dcaf58dbcde3043423c7dc2dea144978b3a8f8c9c2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57ec25.TMP

Filesize
3KB

MD5
92c45c0252f9b036dba2b06fba9eb08b

SHA1
84ba5bbab12637c6a4bfcdb1010ee620707b5514

SHA256
f531123c9460bfa3f303fd35300d0ba5c194ecf4e3546c65301598fa74ed7b1f

SHA512
0f67efdc9e0873fce0101a38bc1fb8129666874e0d85b5214fc9403db206fa1838e32eb35342286ccebcbbbb376fe5797f148cb64fc01bd863cf7f9c39432025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
05d9a2f9cea0bff7a42bb562fb5ad598

SHA1
64cbe933fef6e207e1be4d5d91481e362cc4551f

SHA256
717b0b224f61bf1a53b0c95a8d727188b505b50f1a9980a83d3c0b4cfb300fe2

SHA512
c38a0d88601f9f28a64711ada1d07e01d448219b3ba271b18b3f3db957e3fc91260c8e0c9f6e9cc5766a61e31a3eac94ef6c472491438b704fe6f995388f649f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
970f1a07fcd2666232166abc63ba5c9c

SHA1
f2f65c3d6418a894e3f5c1730272046506cacb0e

SHA256
ba6d518d46ded78309ddc5944fbb02d24762d9d3dda1b13d6bf33ed826a97a9a

SHA512
f94e2f85ce50578f07b2fbc960bdc39d06e70348b1b8066a04ed8197649beb8491f3e82e3329c403fce05a1ec4b308ca3844267e17f33415cc8e4b2d6a501a61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
0611fdd95c776b42e65bcf81b2bcdc42

SHA1
4b288a88d474a501a9909809929c008a81075767

SHA256
a230018026e9aad5e6cebe11a2ea0591b1ae735186819ad42823bd3d3bda4fcb

SHA512
15cefbeb7db6df39a6ff8d53477b4f5c721a42e58a2ada6eb711140fce0179656a2f0c662c5192269e87d40df88a61411ca4cb2f60d049cb8032cddf09061919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
2d4e80ea333f047ae4d79dc7bab58868

SHA1
b5a8ba2cc2d17e42a29f10d2b402b4f44b51e970

SHA256
0f2d848ac7b8276af713f769dfcb8e245687bd4b7afe3a6819c20dbb7b4a0d55

SHA512
cd965c988ce1dd80e4c54f61864540e1be079f9b8856b7dab47e0c6772cdfd048ff19d53ab89b3bf58ac0adf75b43e53e900fbf9ff12e53d37050fc2e1eaad9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
b69d193d7ecd34d280deed5929070c86

SHA1
bdba8dbe29a33e7223565967b76c0bc58f5281d9

SHA256
a425006c9eb3374dde393f94a5f9f315757ea5895f930484dab9e4278afb0eab

SHA512
7789ad2828216097e0f62a3041646371c5c2399a69f0059ae9e8b8cd2b9dcfe07626b078839d63371c31166cb783385f76c69754fb4478434b5d06b7457a3f5d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\1cdfb29a-88ce-484a-af16-21d3ae1a2165.tmp

Filesize
898B

MD5
2e886d21c0effc87ecd53d77b26290c2

SHA1
6fd014f6421e49263a6c9386865c1d7cbf935554

SHA256
a17506dcb792f40a14d6ec301c45a9b6f449a0a64335245152a8814edc2f8b41

SHA512
5a4d95ff0ad6a1e7c89c999d1010740097c8b036499e85a52bc3113b088d446000f27fe0aa32aaf68ce92034dc0700fcc670f596915692211c5b7d006571a536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
cb48dd219646874dc5e19e399fc53ecc

SHA1
8f56b1397cf558c40fac73bc00dfa150848a2e95

SHA256
9d670956d106ce0df53361113438945d3dd5d541d3a62341131e94cade92a0fa

SHA512
32105c343d2b43821f1f881d305add05397ca5a1f34efa51a445f50ed20e0f6c005c949de7be31eaed00ab52a1e5e0c3383f20fd2dfa6a384a0a53a568fa5e13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
22KB

MD5
99d1281a04b4805c7d8f89920cac701e

SHA1
f4e6545c422f9b1a9fbbef75632e9855db1f91e5

SHA256
72f20648fce0776905454cd208de071700d491b419d530e77bce4671746adac3

SHA512
cdd4c0f5889862044a1aa78ad9eb1f3d51e96670eb4fa90c1fdca670182b8b3c02bcb277455aeea1e03398c86a10cee88ce5957934e2420d11e66a7584aef380

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
3668670c5117a01b9c2fe99608a86f86

SHA1
a96710e081e04570b3be84195f89b3969071da56

SHA256
ecbb05c394a299b6ed05e3675042c2f7f40abdb44a85cb80ba53d1434c2c4f87

SHA512
19dfba89cb1c30a34767959c95f1d9441e1e033df139f9cc9986ed7992b5e35393e257bdff7a0e6692b3d0b8261b314da6b0d421c538c2b41cf3fd355413d13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
853493610b945dc60e29f901c9188f6f

SHA1
3e6108ed8761588601ed02d50462e997b0fb94bb

SHA256
563b64c24adb0e39a31ffebb1db148817163a8847aac06e55c61c20878250360

SHA512
07cc5c18b03ee5c9e050efb2481f98ab579e8b4abc984794ec2dda0202f452f5592f3caea38960c35a8498534b97e0587c2618471adc8f0632f57f13f36c23db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
8790f9304786d93ee78f505f7cb1b3a2

SHA1
1bdd75f24e73ff555f1f3daeb193444020be145a

SHA256
c486bba70e5d97ed41f4bdec4dbdc89bd76a05d8fcf633dc8aefc00e3a435af3

SHA512
1be411d63de585df55f09ea1d4236842d389f3acf0ff8e36974efa1f0f8a489dac6ccdf2261334afa21bb8931c9fbb60468268edfef4851bd490b58daae63dde

Download Submit