Analysis
-
max time kernel
150s -
max time network
180s -
platform
windows11-21h2_x64 -
resource
win11-20250313-en -
resource tags
-
submitted
23/03/2025, 10:10
General
-
Target
R.E.P.O/OnlineFix.url
-
Size
46B
-
MD5
59bf167dc52a52f6e45f418f8c73ffa1
-
SHA1
fa006950a6a971e89d4a1c23070d458a30463999
-
SHA256
3cb526cccccc54af4c006fff00d1f48f830d08cdd4a2f21213856065666ef38e
-
SHA512
00005820f0418d4a3b802de4a7055475c88d79c2ee3ebfa580b7ae66a12c6966e5b092a02dc0f40db0fd3b821ea28d4aec14d7d404ead4ea88dc54a1815ffe26
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in Windows directory 13 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\R.E.P.O\OnlineFix.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://online-fix.me/2⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2e0,0x300,0x7ff8b403f208,0x7ff8b403f214,0x7ff8b403f2203⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2196,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=2192 /prefetch:23⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1880,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:113⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2476,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=2536 /prefetch:133⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3404,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3412,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3488 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4072,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4164 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4168,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4260 /prefetch:93⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4248,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4416 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4280,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:93⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5420,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4204 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5580,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=5720,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=4180,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5432,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:123⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=5344,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6516,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6612 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6372,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=7124,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7052,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7052,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5836,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:143⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.execookie_exporter.exe --cookie-json=11324⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5608,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=5684 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7516,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3392 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7632,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7440 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5756,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4480 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7648,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7820 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7884,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7896 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7620,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7844 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5856,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5128,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4880,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6916 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6616,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6004,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=3580 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6744,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7584 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --always-read-main-dll --field-trial-handle=3588,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:13⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7604,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=8040 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8040,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:103⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7156 /prefetch:143⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --always-read-main-dll --field-trial-handle=4356,i,17734810601116320564,6443995460310247864,262144 --variations-seed-version --mojo-platform-channel-handle=7152 /prefetch:13⤵
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x00000000000004BC 0x00000000000004D01⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD56bbb18bb210b0af189f5d76a65f7ad80
SHA187b804075e78af64293611a637504273fadfe718
SHA25601594d510a1bbc016897ec89402553eca423dfdc8b82bafbc5653bf0c976f57c
SHA5124788edcfa3911c3bb2be8fc447166c330e8ac389f74e8c44e13238ead2fa45c8538aee325bd0d1cc40d91ad47dea1aa94a92148a62983144fdecff2130ee120d
-
Filesize
280B
MD502cf1313b32a8ab2f031cee39bee8fc3
SHA1861cc0ab9ff881460dd6433e37075b822aac9355
SHA2567e7fd13903a8d57f314d9e7dab6fa28975050b63f045eb315e96cccaa17d1e61
SHA512f5464c94391bfb590f6755c2ae6896dd459a2a93d778601caebf272438c2ff127ec5de81dcf8efeec65a56609558477afc7be1c4993977a18fde7b915f7a8700
-
Filesize
255KB
MD5e80cdded42978faae0ba033638a524ef
SHA14bc7ca1769ae8f7d4ae1abbe58776aefb4d0beb1
SHA256f53ea4b855088dce71229d9760b4c6afef96a764daf95b5e3852cfdcc38e69cb
SHA512b02648b654c1223ebecba8fbb8509b8e608760f6f8063acc3bc39511e9bf58d20a47d3f81cb627e9cd0d3a86a6ac554a51aff1648723cf20e61775e79982a999
-
Filesize
3KB
MD5f72747fca90ff6822aeabdf51911ca5a
SHA1f84ca899b26868a52b91deb58b182512dd302e25
SHA256c1bdbd9ad5108ffd0c358a679d064323015f8649267f2c33da228c316b025fb2
SHA512dce08701aeb13008273a7c0ed65bdd9932631e71fb27fc3cc287f416c86a2effe167585ed686f98ce025bc4898370d9afbf52269d88e73ebec71d03f722543d7
-
Filesize
2KB
MD5b63546abae91c2010f3595672bc26b18
SHA19ba9422031287d88baa4e2bda776ec96ffce8df8
SHA2563494046b7a45b991b9b477fabb9b053a0c6767b9f8c76c00816d704df9c1a17d
SHA51205aa58c3b4198d4a7bc2c8f9187df48b22bd352f528da0c5f1488824721e126062c45ac7e58518a53fdf5a25cd01713439b397e7ea3a96aadca6d8f15612805c
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
9KB
MD56ba7ed7d6b2666b850c35020247d8ff7
SHA1005cd2a804f33ecff0a25482d2a5b79572492208
SHA2561f58e64d4d6345a0bf4b6bd329193001625bbb838554157312cdd1a7e82fa170
SHA512ba181885552245ac6b09114c0694f8d158575271060b82e675a7a2354b5228763a1c281975272136b648335e8ebf04f21a0594b8287c80cec11103cdf00f1314
-
Filesize
10KB
MD52c2a9d81f61568fd2c43b3bc29b7e640
SHA1e023a69e974a3fe61859bd57fe48b5404e662547
SHA25630206916d7f76fcc2c951183881d9855f0cbfb70da9f0021ed344076df9becea
SHA512bd90683ee4edc6dc12cc5063f780212ae40a5f9d076d40e22978ace404175c686a9a6bab646f843180279feece16c8cee879a284b9c8bb6543340b28735b5755
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
16KB
MD5b7115f78b8b4b6bd312df43ba92dfbdb
SHA1669ec2d1e1241c90e6a937082b3a03167ad56c60
SHA256bd5830d838ddc54f2ac62bed0b1bf207df2176c812f379707b272d206979bb0e
SHA51226a2d982177bbac3ab4a2f391d0a91c1d101774c744a29b7030811c0ddf9b666a383860df03d269e5010038afa6ced50c401ba5529edb90da1a24c4e78125f99
-
Filesize
18KB
MD53d063c7e891c50ce41809de97c351e87
SHA11bda510179cfd41f6fa7220b2e24b5e7782ed534
SHA2560e7868257193823ce31772d73898f52b3703565b73e25060ac3741095381cba6
SHA512fe8e3c968c697ded6c83d78632b7ff394d13149535cac2b653f8e1e325590bd8f832bbec567888eebb783dcc3dc65e29feb05d188aa0035b3fffcc013efe8f9d
-
Filesize
32KB
MD54e4ae4b0a957c41ecdd3faa440ec90c7
SHA151b3adb77e072b513907b6fd7eef43b7ae962457
SHA2564a7bdee5b57623c5d6564afee709040162ce94f43454dcd5869c4280987caf8d
SHA512f6c7bdffe9d6f7263ebdbc94e5f4488e92bde1f4f44b71e0896aaccc227128d878528c4eb4febcb6f513dbbefa68884e28aa6b71cbae4feff6aa6893633a8573
-
Filesize
14KB
MD56d68178bf7cc6c5c14f0a9038a3976b4
SHA1569b9cc131e401f78144f978ab29ddc8731fe035
SHA256ba5f29cf69e18574a74cb636360438be1c51ea73deb2b0920f2077face36311e
SHA51234525473b1d0d27062002b99927d78fe62e68cf6eabad91a323116a958120ba589e3e2722f2486e59892e7642dd8dd071503bc6e97ce92228261b6abe382b3eb
-
Filesize
1KB
MD5ad4e5da98b07fe2f861ed6d0716aadef
SHA1830bc36c054d7118f6cc2cd5d62ed62593c9b9e7
SHA25663782b9bb77d7a2020305687f2b3fff4a0194f90624e0bac30da6f370dde17fd
SHA5126b085a7892424d140887d2c9bddb7e44a2e2be5b7a0cf00a678837ff5dd50b06aa916d011e35cd9d8b3ce76e282e49cacd075eab27600ff88ce50072dee06cad
-
Filesize
880B
MD5d154de686406382ecb53bd535e3ab831
SHA10ae8319f0be410f064bf492ddcaf3f1d459db10a
SHA25664a3eae94308b56fb277e01bf1580a968c2e911d51686a0a28d32e80ee83da0b
SHA51285cf0e6557aa3ecc3e8b7dd18b41b3397489479cc4903294db26ef57ceb5aaefc96e7e7eae16acfb1ed02dbf6645803bc5ddb67543f23d8eb3bd0081fc848288
-
Filesize
22KB
MD57e57de69776e1714a3d13500281b1b20
SHA13d2ed1b6c182d8126c565b6f1a6b30c38f9965d8
SHA256853609e80be339ddafce861ec413f1a00af00c89fafa42679ae65b9b992609ee
SHA5124837e3f5076dfb1dfeaf21df7ae75a1bd4379e7413a23f5d98449246b98561bd3f05921e085122ab0f9d733e5ea4a220e27cc00e5c9c50fbc0f900bc1603829b
-
Filesize
469B
MD501e683f6fbdaadc2417f61992eac6822
SHA1c6b483b5cff86a4b70583e9e498f9de37c432713
SHA2565562b103d3ba5d115ae3cafa5c09e13c4b27bbadd8020e558092229810c29e59
SHA512742dc0477d0ba2510a254682ba23b3f9ce4fb27eba68dc0de76d26b071ea379f27ce9e29e57b5e3a10ef41da095e9200dbd597daf794b46a64ef1ead3c288651
-
Filesize
21KB
MD5e4dfd0504387a1ebcc4a48846e44a23e
SHA1a5a91da421e3d8728ae857694dbeb24ea72b7866
SHA256d3c39babd9652bcdb02ae17f895437ed85f617cb04f7ba4bbaf7ad7e8ab78cb6
SHA51294a1d4ab7b18763b55c9246d73feb0ed64a7e506572884a2940696b12910d6ff2a03a0b1aca3e4035a81548633acd437e762e758952ba72dafc97f191e46d419
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
12KB
MD5d8de5856a65e217fa23a26cc2184ff0a
SHA1f4f596dc70d2d6c07af87e5ef94a9e5203459a81
SHA2569fd7b1fdc699a8d431047218718459a63885132431a364045762aa37cb40de81
SHA51229ca7a7ea512789a2efc638ab83a02cd1bedfaa75e131ece2ba10778c44d2064bff3fe1e8822a29aa0d832ee42495b4c95862c5cd58c33ec91e35df89e280438
-
Filesize
7KB
MD5e0e29a1aa29b82d11cef0cbd2d6c64af
SHA1d40bc01c8a0737dd2ac762db447f3c796dee9f3a
SHA2564eb3ac0561ac14e81933be68f3187b9c9df4be10ae606676ad3ae368cde2d642
SHA5120f5f05dee708ff13d146aae29195af7082e3bdfe43b5e68c006ac91746fe9bf7ea3486732f18baea8325c58159e6086507855c2c297a311259aca8cf22bb220f
-
Filesize
30KB
MD5ab7b9c1cf2e615316e24181769e22430
SHA17d760e5e181b08cc70a24bc65f63c7fd0a504792
SHA2564d5f2f0287fa35b09a1b9939d7bf94f0c39ca3bb77f175bc37fd959a9b887c8b
SHA512ffc51fcae4325f30ce171afdbbe00d99d54f1575b1888a89ebf5965543e8951a521aaca0ac005f29ca75aaf9702f01b6e0fa9935e36ce1a58ba60bbbaee7ae14
-
Filesize
34KB
MD5c3138b94f928dea18981351786b095f4
SHA1818cde6b7a0c771b54aa413083ba2f6fda416a5c
SHA256e27e49202f0a9b9268aeefcdfc5a32ff23020b71a5c5213a58ff108eec3471ec
SHA5123a3d737f508e8122ec0869381413b8b68e15fc49c3bda30f2a491f0c508ed5cb011992b6171809cc5429274ef4cdfa17f855b143b8fc0177014c703174cbcc72
-
Filesize
6KB
MD555828dae751c7c4ed9f4fc0c47135296
SHA16b11ccffe327bfb375dc14f0a7c917bf781c99a3
SHA2568071c3219c4c5b379b9d5996a3dcfafaa348eff16bf7d3957856182efc9ec4ed
SHA5129852dd27379900d3a5a322176db1d02c9f0084ff3fd54566be0f903b9dd8be105f350ee7cef66133a113cc769256dab4c098170cd5c31e3e221556e82e8e90cc
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
134B
MD558d3ca1189df439d0538a75912496bcf
SHA199af5b6a006a6929cc08744d1b54e3623fec2f36
SHA256a946db31a6a985bdb64ea9f403294b479571ca3c22215742bdc26ea1cf123437
SHA512afd7f140e89472d4827156ec1c48da488b0d06daaa737351c7bec6bc12edfc4443460c4ac169287350934ca66fb2f883347ed8084c62caf9f883a736243194a2
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331