Analysis
-
max time kernel
140s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
10/04/2025, 18:01
General
-
Target
https://www.mediafire.com/folder/uml3a9raehtf2/des
Malware Config
Signatures
-
Downloads MZ/PE file 1 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/uml3a9raehtf2/des1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ffe536ef208,0x7ffe536ef214,0x7ffe536ef2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1988,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Downloads MZ/PE file
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2256,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2588,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=2712 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3516,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3524,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5128,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5324,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5208 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=152,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6080,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6296,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5988,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=6644,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6712 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5980,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=4832,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=6628,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6916,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --always-read-main-dll --field-trial-handle=6992,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6964 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=7144,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5388,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6192,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6236 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6076,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6856 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5396,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5196 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7580,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --always-read-main-dll --field-trial-handle=7584,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=6824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=7848,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7812 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=7448,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7752 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=8104,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=8056 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=8092,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=8068 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=5660,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8416,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=8400 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5580,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7276 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6160,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7552 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8392,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5960 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=8604,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=3212 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=8552,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=7540 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5488,i,1632351419649739520,17176412717502015222,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
66B
MD5496b05677135db1c74d82f948538c21c
SHA1e736e675ca5195b5fc16e59fb7de582437fb9f9a
SHA256df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7
SHA5128bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
85B
MD5c3419069a1c30140b77045aba38f12cf
SHA111920f0c1e55cadc7d2893d1eebb268b3459762a
SHA256db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f
SHA512c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
79B
MD57f4b594a35d631af0e37fea02df71e72
SHA1f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57
SHA256530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1
SHA512bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5df2d1721cd4e4eff7049314710dc7c11
SHA1f5aed0158b2c0a00302f743841188881d811637a
SHA256ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93
SHA51211fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4
-
Filesize
6KB
MD5392cc3e5fa6d737fced0954918f040a7
SHA17ac25a1fab2cf5f7742a9569c1febbf5b66490a2
SHA25604f2045235920e6c6be922384399853281a3fb396f4de7b05c510c9d4e3522f7
SHA512c810b9e18eb23825c0daa1036d6ed4cf38850105ab1aa9587c1b9504a3c611e48e2f253f55e8aebca4d508b0ae8e0e88d9a0e5f2e84ed934d1f2438380517ddd
-
Filesize
3KB
MD5fc2e90fd523939466e8348f5ee2b2242
SHA1322e03a8bccecce2ac04172450a9b036e55a6e1f
SHA25654fef600ce6485d4f0e53edfd58cea8e8852dc193616a49b0ce04ff6d5f4fb8b
SHA51215ff20311a35803541af62b09aa4adce17c6d32ae96f7a8d0c75e541dc6533f0855692151caae2be24bc057b7c0644361caad96906a80441e093c619f6ddbc51
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD52b66d93c82a06797cdfd9df96a09e74a
SHA15f7eb526ee8a0c519b5d86c845fea8afd15b0c28
SHA256d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954
SHA51295e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5
-
Filesize
21KB
MD5f7347781d099219f7190cb89acedb468
SHA189b9e1a32824af255729f984937d5d701911edb0
SHA2561a231539ef4232a0d74801d938a048c890e51372a340dc7b7d40cd173e35515e
SHA512e8ec1cb0e31463a5b9d9d867885a5c71cbef4ab1fac16df336c3ce047a46a59871cf03ff810b3be6ff0cb07caccde407d5f2821715b492e1def6cf7ae211038b
-
Filesize
22KB
MD56f64558ae5eba11a69ca1310820f2e0b
SHA10ac36d07abba3188ae47b245a7547e803c6977be
SHA256baaaa42aac891ed0a612876e391146c7a8ea9b67e510adacbd63faf49aaa2545
SHA512235b922208123820f97a046eb72a0fdfb1e056ace38c19e2b511c1d99490e660a5330feafa65f09d49e4f4e5d22776c08bb7590808348c462893021bf74dc80c
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
23KB
MD5dc90608b899e454de0df2167d905098d
SHA1d5f03ff75fc8b5cb16f0c8afebf63c2e80c33380
SHA256ee13e2f2b0595cc481af3662dc3941491b3660c5f6e9585600626e9bf3877083
SHA5129993e7cc8bda66e248d8c692d82f5e480df0a2222926985b8be85a8cc563a3965431903c18cb9cff9b6aace5b57af04d40e40f6c96a0c51536396d564e561ddb
-
Filesize
22KB
MD50bd4c4b67522c68488739252c1c9654a
SHA16f6e26fbad8b3889720b24199296956749c70a96
SHA256aaa57b9a20c33d4911b593b84706ff2bdfe8f5bd3fa648cb5b3275642dd76bf0
SHA512bae3f966990fda844d265e2a53bca2aae33d45e3a1ca94b2c9c654b347ea1d9877d3c5eec83b9a82a7ba85d675d4ce0b6e9392f81a0dafe0683cb3ab5238d4e1
-
Filesize
17KB
MD52211b2529e2837ca0a360afe1f887112
SHA1c922832e51a69f4f811c14c952bf4010894d7f65
SHA2560c786a330ddb5fa720272f703959060d8a4ecb53692ff10ae54e6ef8c2fb7c46
SHA51225baee3a244d1c7e7d5771a11e130a1d0efc41c54c8b51479ecfe8c5748c88ba97c677fc88dc671d7cee0f4030b7ad9cc12746ff17bf35c36205f06d264871f5
-
Filesize
36KB
MD50981cd2c9e11b50bf61fd478484e5d51
SHA1c436a376efdbcefa7b07c3cade0976f4f8a0bd27
SHA25631062db285c643ccd71b106f95b1c4ac26623364d7831cad82c059d7d5ff5ad7
SHA512eeb0b03cb47ece0e427b06b1fc975a69dfeab8969dd0c7dda9a046a5fca227639e21615f2d1ccecd1933cc4098e8979a194769d3aed1cd60ff0986df0b333168
-
Filesize
96B
MD5f50f4cd63a4506c08cef38924db6b79c
SHA172b5754eaad4fc621b743ab3645e924c5fafd885
SHA2564a5762bbff1cb24a26bbc939f8196dcc570129ec64cbec48f7d55d133528976e
SHA5127b733ae15c3f96a6848bab21f0ddf85fc893597d1aa4a57462daf3e9be94ec6e25c31cb9fc480cbeb7681603c90b268ae00914643f603bc52183abc5f1d5873c
-
Filesize
72B
MD51ee4c174fc11343c2ce5e8fb6986c070
SHA1f793619bca5c14743418398f207461d56cbd43f6
SHA2568974e8afa8ada2e121f32b7a51e66f8307cc1c9988a80842d392eb2de5a63b04
SHA512dd6b7e9c523becf3fe36018436661ce030ab0ef6607d7166aa33fe9881664429e0495cb31d77c7bd85534503f8de1584cb9b798a8d522c9345c4fc4e37abc1c4
-
Filesize
22KB
MD51bd746b808227308b40179633797289e
SHA14abc1751453603829c1312f731388cf657662d1c
SHA25624862f014108c43340865a7e6711e01bd7415b693772844470bc77708805421e
SHA51211150750ba6483a3fb935d54b9283d5895d44732fbad0d19f1bf76e61f5dd2bb3f8a2719c819d285f02402e386a840a975ab29b0a434b92774b0c63592beda61
-
Filesize
467B
MD5307f0064fbf38d6d532a54acad777a30
SHA1b3f8dd8e453d57cd5e34789ff9b65abd435ded77
SHA2561733d8809cb8798dbe0107c743ede4f7865e4ad653d25ac20f6dec23f409cdc6
SHA5120245c5de26e24d3db2042249c83b2202d89b0040e2ae8c83ce939a7fcda0192e32781643133bf700d54722d25d0990abec35a50d729bf0f17691b3e616181dec
-
Filesize
900B
MD5189a61c6c62720a45b0fc8c3c1ec2457
SHA18e173df925f365f8e5ad0dad67033ee485f7d19d
SHA256823c24be1af6927dc53efe426d8198608dd3d5796d6042765b5cc905f8f1ef62
SHA51276da1b2fd9c8d508154c1b911e71ddbc8f1dd58658e0c6df081ee0a196ed0729ef4bfc3ce4a73e4eace3233ef5672d07282f94d3eddf29b1f4277f7f2422b4d0
-
Filesize
23KB
MD538cb9f9ae96e452b320167f2d905f2d1
SHA17ed19cc3c90d5faf1d1905a4787a12a3d3e2b610
SHA256e57e13143bdc60f16231119b059da1ecb4223e7244481b9864a6a32f8d68d66a
SHA5129c3af8318450cde5d8b8f7eaa27c1b70701c079acbdb5050eed80d161525cb9ed6beadbb477b5b6192c013d552990b0d75997cfd8f2bc94571da1d15da0b8eff
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
41KB
MD5b8e94c0f7f4d77eaf9e0882d22ed29ad
SHA183bb0afd22fe25b1fc37d57be7a2f555b62aa2a5
SHA2560570737ff0429dd71db09b6555834a7c7d61e5ab75e231e69341006bda9824e8
SHA5129f15ffe76c9f7ce93ef75be0b31f6cd2fe51c923dfe94854abd49d399255e20f033673ec254adda84def08160e9f45fea8f3dde4d6fbfd9f63621d22f13f344e
-
Filesize
41KB
MD5141116edcc870dada7b5fedd14b4f943
SHA1859a662360cf60ae5db47ac35568246407102e44
SHA2569df7f2ceb7a79e96fd8f93e67ba2f972917141459df6c0a937e4f36440720181
SHA512e830d469250fe66d018e93012f7e1be2ee9dcbd9e3a8ad4b8db2157d4507352dd84382b856cc6b2fa6a7891ab36bf4792d62b910402c7cf50aa83ad0f0abfeb9
-
Filesize
50KB
MD54dd36c743506c9f05abc396d8b5a763b
SHA165591bf8697958e94efb8314f4f75fadfda74394
SHA256c83a53d3f73b26d13160f38276c3ddcbb3e9f4580dd58c4c40ea42495f6997ba
SHA51280eb712558bbf0235c38871bebf2a3bdeef50aa0880e342962cdf7ebf0ba4ff2308d5dbfa9a727b86c00bd02925b873d9a5a72ea38a4a86c632fda572b38ba15
-
Filesize
392B
MD509a765ef4e260f60249e82484dfa7e77
SHA1db6817ba3639fd3404ff351132e3569e8fbfeb4b
SHA256f09fb7560ab0c175a193a1b5268c38062706dd6ac8224df65eafc42fe7dabc66
SHA512bc546c3ef55cd3b609a0f2acbb7e192b338a4930632f484a00b608ab51cc1165fbcb857c7b1eef8004e5028055c94e809491eecc845057b70588b824d487de2d
-
Filesize
392B
MD5290433f6d0e171605fc95f633f1c922f
SHA121926e53e60de9e9c2ba1bcf3cff5ec8d0cdeaf2
SHA2563bdb851cf694692e1b04e489427cd1a50f817d5bc0e85bf0f28d660713447954
SHA5128f00703504fabc42866cd42493a01b4cbd9edabe0c53d2f9b224c83d4ac76c122ee02fbf6b62dcc66e480fb23dd5a4e47f5b6211dac9c8c5cd0f39dfcebf52c4
-
Filesize
6KB
MD5bef4f9f856321c6dccb47a61f605e823
SHA18e60af5b17ed70db0505d7e1647a8bc9f7612939
SHA256fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5
SHA512bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
2KB
MD5fa68ee5532a69193cb0094fa0b737c57
SHA125dc0910dfdcf8b92bdf5fff7409df44dea2b6d2
SHA2567a9792b843f3108d879b453a8473a4caec35314b3473b259bc8e5a03938b0e12
SHA512e43c40e9e047aa151274b5749a9757547768f505181d2038a53a348a177a6d811a0ec96291c14fa20bfa2f42591f49d1e95d1b7645ab37053f405bf10524b021
-
Filesize
23.6MB
MD5929bcff7cc8c8fa388e6aba6ee62c4d3
SHA19cbea94adc141b874eabeadc332bf2ed4d87a440
SHA25668c7522537cee5475c0b2dd992eea58fc103e76795e0eb461e2c17e3ed786688
SHA512dd12bd98d5d4fe2c3b8748a1bea08310c895c60d05d5ee2490584b06394fecf2ee2077d6535c0d97b0f57d7d3fa5a7dc7283698a93a5628887557139048cc6bb