Analysis
-
max time kernel
67s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 19:22
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/pizzaboxer/bloxstrap
Resource
win10v2004-20250610-en
General
-
Target
https://github.com/pizzaboxer/bloxstrap
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs
flow ioc 60 raw.githubusercontent.com 62 camo.githubusercontent.com 63 camo.githubusercontent.com 57 raw.githubusercontent.com 58 raw.githubusercontent.com 59 raw.githubusercontent.com -
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\offscreendocument.html msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\my\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ms\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\fr_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\lv\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\kn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\no\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ka\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ko\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\be\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ne\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\af\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ja\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\th\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\pt_BR\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\am\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\tr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\de\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\sr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ro\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\zh_HK\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\si\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\vi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\pa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ur\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\es_419\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\pt_PT\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\et\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\uk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\hu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\zh_CN\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\lt\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\bg\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\zh_TW\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\id\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ru\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\en\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\iw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\128.png msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\service_worker_bin_prod.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\el\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\az\messages.json msedge.exe File created C:\Program Files\msedge_url_fetcher_852_1911333934\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\eu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\en_GB\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\en_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\mn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\da\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\zu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\dasherSettingSchema.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\kk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\lo\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\en_US\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\hi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\sw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\sl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping852_648829546\_locales\ml\messages.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959577790598861" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001560346-2020497773-4190896137-1000\{164ED0B5-2C3C-4D9D-A455-D5CBDCD7A81D} msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 852 msedge.exe 852 msedge.exe 852 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 852 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 852 wrote to memory of 3968 852 msedge.exe 87 PID 852 wrote to memory of 3968 852 msedge.exe 87 PID 852 wrote to memory of 3116 852 msedge.exe 88 PID 852 wrote to memory of 3116 852 msedge.exe 88 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 5148 852 msedge.exe 89 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90 PID 852 wrote to memory of 440 852 msedge.exe 90
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/pizzaboxer/bloxstrap1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:852 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ffa6b64f208,0x7ffa6b64f214,0x7ffa6b64f2202⤵PID:3968
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:32⤵PID:3116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2616,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2608 /prefetch:22⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2260,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:82⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:4552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5392,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:82⤵PID:1176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5400,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:82⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5140,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=4744 /prefetch:82⤵PID:6020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:82⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5836 /prefetch:82⤵PID:5096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5728 /prefetch:82⤵PID:5636
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5744,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:82⤵PID:5608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=5780 /prefetch:82⤵PID:3644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4248,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:82⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4756,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:82⤵PID:388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2116,i,14671270947181186016,9676346309529982845,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:82⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4816
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:4996
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:3728
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD52294f3d9a64baef128a25b87589d389f
SHA1424e387efc6a6a15e78b75f6993c1c2b3075b1df
SHA25636f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a
SHA512bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize6KB
MD502ce9ee75bf1fbb818bb1e5060698b24
SHA1e515b02d0d86af761dd8ba60e117ea52c12ffca8
SHA256133da34bf9abec62d2b346f9c851a51dc9a365862a271983824f9d5c38530d15
SHA512202e4b51151742b3f5e5ba4a07dfbd67084e9293647a5e9dde1bf8e454c74d8a4b93758ea9e5e22106f255f95a511b708ce08efc98e5f7d1f6c5821f0db1eb27
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587b74.TMP
Filesize3KB
MD5f89442fc9bb2551ff60c2f1ecb66a529
SHA1496a07f132b004405928381229d1de2d6b071862
SHA256b082533fb4eb45c2b2fcbe77956cb5d7327d1bc0f581b3fb6d37427a4560421d
SHA512569d517b019997d69502e7152abda4bc031af828d8d166fdcc1f6395fab1add0f43620d72698ea1abe1f6281436bb0fcf13fffb92449615f29cd90598dd1dee4
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5cde9046278d3266b05e899e8c68066f2
SHA1d6a6ddebdd66815c48a4dff80902b0c1555e51c3
SHA256ceba2b266e51b193a9742e1ad6457791bc55b6fee292268c1327f5374dfa413a
SHA512362787f75fde7e3b5a23e47677911860e6bc0cb979937fd032af3160349f2e08582a1ffb3a535b0290da63a2e81a0dbba24f4105da1f1667bae0155eccd8f2b3
-
Filesize
36KB
MD57278aaa23c5df0569cc0443ad7119eb7
SHA17a40e79d1c9e5d00dbc59de73e29d62d6534d576
SHA256d9c7185ede5a507eda5ffd0e40f32a22f9db2b4d3ac2aa7a2564f9d0ec7f9fa8
SHA51241938722f12aee4df1bb057462c192c7a18bec484af4dd4c0b5211d697a7468a3d1cdd9d8bcce0551f27e8a7e1ebfcb0e4cec481570c1aed06850660df039ec1
-
Filesize
22KB
MD5c28d41bafb3e6f4d8e8928b0b16cebbc
SHA1276a27aa6392a920936f2f20dbdfc1b218d32307
SHA25674836d72edb6f0339fc8972fe19ad6a910141704ed7a22633d478abeeb1d009f
SHA5120199d5eea9d945e099fdc10f85edd164623e844f5eff4ef96ed8602e9a45cde554aae45b386259c6991174cba6c6b03ba6c1bda1aad5c0179924c6b87b8f4a06
-
Filesize
462B
MD589c34b37eecfc776af6a6991c8d70912
SHA1f7e0c601523264f968052f0885aa46882348acd5
SHA256d6483468b314d7981ede895c0e403b25df41be0bae765a64085218e541ad136b
SHA5127c99f8d27ae76da7096d7ad3e56ecb6ed6df648f8614bf743307369a5f48895a05ecd9fae5c3d01807b39701d2744ca15eba400bdeb949088341ccc5aa421293
-
Filesize
38KB
MD523c604380bc301518081378fcbcda41e
SHA12c78c7133494868616817733f8bd36055da78ca2
SHA256bf02bea2dab4426bb4e6732110ffa628dc39504502e4ae4a7feff8205a50dd38
SHA5126429d01ebfd3d479bee7f9a737b98138ed9cfdfaf4c0a095ae788731a54cabc424b62d06fbd8ef920086dffffd794f7b0d32c9f0a85800a22a109b46b02e9d3d
-
Filesize
38KB
MD501c672b92c8ccaecf8069c5df4963d1f
SHA1135b90afed5519d424a79d45d0defcfb04e13e16
SHA256a7383d1309b9a94b6dd148fc15b2094475649473922c73b7acde725c6b42349b
SHA512c860f9b55a0ba76033e612a7fa9c9d6fc4a132c777ba779ff0f9585269250d97bead198caf97edf16bab67b01db17fa15f29101b20d70457d16a5ab4e4958350
-
Filesize
45KB
MD5196d7830a1ae7cc11dadc6f8b8508caa
SHA195707f47257cf33b1cbaae9f143faa6e76314dd5
SHA25646ae0b16b8c9a875c89cc8de8139c64be37af710ad10cec1bc8af245eaa0c003
SHA5126c6b1e5558d5fe156a69b0a89fa7c5512509a0b9fbd330a57d2012d3f7f4e7abd2dcf8a97ff4e123d7d1d55190cc37a717cf88e6e0f09cd9830f6c033ac1625a
-
Filesize
45KB
MD588348699ea5eb69f3cdf79ae652dfd22
SHA184b1b3a0019e52cbbaea8daefc361da6ffc85c18
SHA256e8f5c2ba7b2b6bf1a561038a225698c1aec34a2c823106e3668fea55decb6a41
SHA512479275feb4a04d2bf7e8cc4e71a610f5f5f704b52cbbb670b9880bf1dfdfeb5b7f9caff184bb2739be694a0e9f53d4b084d2ddf7d9cb212098871083d4549971
-
Filesize
392B
MD5def7a8a797d8fab52aa80887070bd1de
SHA10c70740c02037606fa7180773d30b70fd28411f9
SHA25646968f8a217cede7072b2d6aa831cd1889be5cf61cf762d72803f44127d85661
SHA512270b7197b4f3e82766dd11166f9008f51ca6ef55c9a2a1974f51a7d61f23f6011ff513b95664ce5cead8c326c83eb99b570bedc84955cdf12fa8c24079dd7f53
-
Filesize
392B
MD5e80dbe373b1308b3872738bfa9960d47
SHA1df67f8fe24647a15e2a4260434dd3c08637423b2
SHA256a72720bda8d0668fe9e11e77ea4d7e0fb2acedf70847d1e10bf6b183515ac207
SHA512ee8c74b4356d3a1283e66baffa60bf6634b62130c8fd1843aee7480e4ca8a792318196bf56fc9fb42036fc887dd47ec31dce2e147ce62808ee3ff6e3bbc87b9f
-
Filesize
392B
MD556a09b49e9430f6e431d70f6fe6e224b
SHA1bd460647bcb387208e69de2367ca4d110198855c
SHA256820a4ce8f91a8e42c702215bd15d7f1908ad04e53d85f0ddb90cdc4ab9514954
SHA512519fcd078d80d06f9da7e6644853bccc7790303de17d920bbeeb2840aaf325e96a9b3e9b0dd3d05e343ebbc96697abcd1d2b5d34e739e2fa4b68af59cc778485
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD53b138effd747715618582ab9e91cbb39
SHA154393d51eaf9f5aedb3eb5e2ee8914ee87e3b7dd
SHA25662bd20c24d06c6edaf027b66ef099b06de2600d0c421a4541955031ac9218424
SHA5128fc38257b8925a4007ad43fb4ddaaca6cd0d7cc6e401d70746a70209dad557266964d0ec7ebc827d20859a1eb6b6400bc1199f450fd93630a9926618648b9ad5