Analysis
-
max time kernel
146s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20250619-en -
resource tags
arch:x64arch:x86image:win10v2004-20250619-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://viaction.net
Resource
win10v2004-20250619-en
General
-
Target
http://viaction.net
Malware Config
Signatures
-
Drops file in Program Files directory 12 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1758713859\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1967439042\smart_switch_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1967439042\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_549996290\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1758713859\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1967439042\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1967439042\office_endpoints_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_549996290\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_369667788\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_369667788\protocols.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_369667788\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping3484_1758713859\nav_config.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959558756035473" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3008489981-1977616533-741913813-1000\{412CE28C-9970-4D36-AD75-B14C54534D33} msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 5088 msedge.exe 5088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe 3484 msedge.exe -
Suspicious use of FindShellTrayWindow 2 IoCs
pid Process 3484 msedge.exe 3484 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3484 wrote to memory of 1788 3484 msedge.exe 86 PID 3484 wrote to memory of 1788 3484 msedge.exe 86 PID 3484 wrote to memory of 2732 3484 msedge.exe 87 PID 3484 wrote to memory of 2732 3484 msedge.exe 87 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 5100 3484 msedge.exe 88 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89 PID 3484 wrote to memory of 928 3484 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://viaction.net1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3484 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffcf094f208,0x7ffcf094f214,0x7ffcf094f2202⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1940,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:32⤵PID:2732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2252,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=2248 /prefetch:22⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2560,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=2572 /prefetch:82⤵PID:928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:12⤵PID:1552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3512,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3548 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4260,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=4244 /prefetch:12⤵PID:632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4300,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=4248 /prefetch:22⤵PID:2824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5268,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:82⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5228,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:82⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5124,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5284 /prefetch:12⤵PID:4240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3484 /prefetch:82⤵PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3548,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:82⤵PID:1044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:82⤵PID:4188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6092,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:82⤵PID:2676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6280,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6288 /prefetch:82⤵PID:4436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6428,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:82⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6568,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6552 /prefetch:82⤵PID:3692
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6664,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6304 /prefetch:82⤵PID:696
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:82⤵PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6928 /prefetch:82⤵PID:3128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=7088 /prefetch:82⤵PID:4452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7080,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:82⤵PID:3236
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4544,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=4548 /prefetch:82⤵PID:3932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4356,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=4564 /prefetch:12⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --always-read-main-dll --field-trial-handle=4924,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=7368 /prefetch:12⤵PID:4580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7412,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5544 /prefetch:82⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4500,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:82⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4512,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:82⤵PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1904,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:82⤵PID:5416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5796,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5376 /prefetch:82⤵PID:2532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=872,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:82⤵PID:2156
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6872,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=6804 /prefetch:82⤵PID:5328
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6804,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=7452 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3420,i,1476002437886723762,6676831737756972043,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:82⤵PID:1680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:2828
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json
Filesize3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD54a992a10640d6344e7745700db853422
SHA10cb44e7aa71bbda1d7211c9b5f7d18bb41fba0aa
SHA2560bfcbf1f3cbd91c4315a06aeba4be45111ba1ab56b6727ef0c76d2866678ba74
SHA51216526072c8dba67b2e34d6e3860b950d5e9716d9c4de3d350b24bb2a973b219ccdfb7aa24df491eb371d135b5eb3101f5ca6efe4926c662737f166b0bdf84701
-
Filesize
280B
MD58ebbabd70d90d3ae259730e802909d89
SHA15cad6856c4af65a1865863d0ee02d3ba0f7abc11
SHA2569942fb8a1a2999eaab60c301d85d17b489e324f0ff97ed72392c53f7250e3fce
SHA5123caa44a010ebc67051b7b1f14a94d20e02090e67294ee07a0ef7651d1abbc0eebc3e6e7f19ad7479fdb731a08718357a74c8c5e70fb1a9d95bbdedff2e75c7d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8ba9ee6d-349d-44cf-a6bc-7a594bc491c3.tmp
Filesize14KB
MD53cad780534d336f274b0564da1433546
SHA15e9e149581ad8261e3beb7c73aada6083a4343a8
SHA256437ebfca33309223f88e879edbff36815f10cff7a78073a370c24ee8f7d51cb8
SHA5127a9458339554f624081dae0ba67ffa0e768f6131cd01a64251e15ad88f68bfb7845ac5e99755ed1de965cc56e423a3e6c24ce14757c1cb43e3717710963afba2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD53947389ee5a77b4edbf2bef6445b0eab
SHA105805a17f13ea4a530e3f0e80143e675bedb6647
SHA256921641f31c3969b574ea276a1be40a6edb0ddc23702626b65fd390630f0a67b6
SHA512446251a9c44ed4597d8d37e756dd01b3f33a6ba2950f9c0a0b6aae3d1afd437baa3503189438bb8d1d1fe551c64f3acdb6defad7064031ababeef525500d120f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57b1db.TMP
Filesize3KB
MD52cbc640c11e9b85e059708749f0c42aa
SHA1d01ecf7eb7c4aa537364fe78aa9901bb8919f11c
SHA256febd19ad4d58727a4e7dbad45bf3f1cc7daed27e2b49e2f57fc8e9a9d420021c
SHA512c9e4b00ddae9ac15f1b1b9c4d91c0f9915f85dffd2d81597995f21e030c93f63265c67415bbe77c655734d80c7bda5a33a4fa9e756d5a8043d115cbad76a6c7f
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.1_0\content.js
Filesize9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2KB
MD56aeca41772d86948149ff75e2ea18ce3
SHA1a7c95d27970e9426c871daaec393c8fdc84b7144
SHA256871be6f89f5e70f5507298dd7466f3a4902bf229a8d28e5881705178a988b7e2
SHA51226a9ad44e2dc2274872a2ac517804399a8f22668e4148ba24d9aeefed9754bb5626d45513063216e394b4ca8139eee778557c976814df2ad748b0944f38796ab
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\e2603dcb-5a14-4850-a641-0e16a3184153.tmp
Filesize111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
14KB
MD59e10d153f553d423960b29c2615173a1
SHA1970fb4a919e345ec58211c59b7883e032b65d21f
SHA2565c0f2748b6592d2dfeaf2a7593ff245bbd38129a4c68f76a64430b1a067e574a
SHA512cff582e3a8ec57f98e9bcbd60c27afb24fd924392055fc03182b2f20f760399f8bbcae565e5f0a69e6b052d7c4a707c56ff8fbfbd09dff671c2b71fbbda06d3f
-
Filesize
14KB
MD5f67d8ce1fe4d7b137088c9d4058e310d
SHA14e34d98fb31f115dfe0970d1ec2737847d953475
SHA25649f6f8aa67ceb7d2ddccab9952c03d69ad5252adbf2bae12e2e792a70d2f8906
SHA512dcc242e1399086fdc2a849864d24a554b32e52886398db56a89be64108464416dd2d55cca4f50ede4abe49d295ad3acbdd22178ee4efb77256742a826535006f
-
Filesize
15KB
MD5b4c5ca9d9bdb2217bd1830a75f405725
SHA17105c6d9d629a969651f7e5b3c0eb01d8ad2cfcc
SHA25620be3e0011d7d6df1bc18953b6552c5ecaab2217d862f9b29f3fcdfbe6fc70ef
SHA5127c33a4818159183cda483170116c03e1a6b77323ce7884c7460852f0e879c8f83bb4ecc5cb1b8e7976a06bb3c1ad591c1356f6bb28ac5f1b3029556289522cae
-
Filesize
36KB
MD52dd04b43c8074e899892a3aabbe92401
SHA1dee73ca8512bf017052972641927ec722b098582
SHA256a60744bba30452ce0d707b31a1571496acc9043319f32102f5cc46892fb6d9e2
SHA51298e4e6fe265260c2a1f4241c10c0916ae46fadc183940ff918afaa35a10ff61c0688e04d472a93766f9754f4211c9adb8cf7e21d103a2240f0ffd1aa148d1b9e
-
Filesize
876B
MD5e8b6ced96c30ce31097285b412cd8564
SHA15b69e6d2dd8350017795427cce551945a50d4d45
SHA256e9ea1a3697887f3582b36af53a3a083c61f46ebc46864ab107fc9a3368f9af2b
SHA512520b30375527825a170e3e7e2fbb93b28c041749c966758d9b9c1becddbd4825b1d01fcbbb73c0a5f2b71723e38e6d60ef3da8c6737718bb1450aa446f7e825c
-
Filesize
24KB
MD54b194a894c70cefe42ed3d06a57ee24b
SHA162ffbebd8ad7cc659a5442849d4da005f0132ae2
SHA2563c5e1fa3ac6310863cbd36048984a59e90a5101c24033f63582a48d66b57c5ef
SHA5128825ae3b7566a91aa4b2cd26ca697ab0348f242f8c67123798045c36ebfeb5e4e8d7d620dd95b9b898de6e114d81935a81735d1f83b54b1c1d0d5d98dc8ab942
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog~RFe583b00.TMP
Filesize467B
MD50bea6b3a00377eef0c17bc2c9a6adee1
SHA1d787b2a18fb856f427fa539459189dca66d61375
SHA2568b344f06a81cae5c6bee1624fbacf00a0db370bbc01ba7dadd96e5ec3684f372
SHA51269084e668f73e8fa577a7d53622ef599f66ff1ac76dffc19c842d13aec701eda5327ea358064680d84832f8d722c5b34dafbb29922d7456bff89e5974558e84e
-
Filesize
3KB
MD5904e6e94a1d46374c8630cfd86cc729f
SHA1e1d9c3f7813878acc6510d48d95b2bf48b2e1a0d
SHA2568b2e057387e9714efef3580a36459acf56aab53c806cd7d7dbb6e17cef977ef9
SHA512081e2a26252860ff8d8f7a9d0378ae56f0cc50574d13d2a121afdf74284963747ef874a4d73b1df7774cd8570972f4f513eefe0a0325fd088556d5b1ba946712
-
Filesize
22KB
MD5f768bcb451a187c18099961c484eef8b
SHA199472c2d1918ea56c632734bc5c8a89ae6d2551c
SHA256d988156066b7fd22de278fbc96759d2caea6552094ffeb2ddd9307806059c5e4
SHA512a4d78de6bcc1e940c466c41c31ee100235b32fef4cb3e7815a9c62dfae1eb3e4588d2c9e8597152ad7754527643c59ea8b811277ac58e4134a3dbf1507fe97bf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json
Filesize3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
28KB
MD5900cf7cfd9b997cf766693ba1acff04e
SHA1376a235d6c0a987a58799842ae3db4c7dc1eba83
SHA2569b3fa06376c36f27a9a07c575988ff7eb9e11874adc943311bda45ed45ddf54a
SHA5120819ec3659ef77742c40c2ac0e6126ea45f5c1bebeec77441dced49e56ef8030679b280edc557ae39529a64283c56fd356f120cdf0c56dd93c27ca6fd5624743
-
Filesize
37KB
MD5dfdd0e136e4c9bf7c30e8cc89630fc96
SHA185ded6485e955a43131cb493d8467de57643bfa4
SHA2567dce92e2f5b3952c7b1fcbfe8ae2bbbe8596888ddc0715d145ec3bb5e1c35642
SHA512de9bad159efb372ff68bcd316bca9bea9bf250c5aa02ce37cb3554b59e8b4545f824db9974c9c4cc28f0b836c6f4e663574cfa438de999a2fcb65411ea95c094
-
Filesize
28KB
MD52c7d96c5b09a8c15a0bf7235b19f08f4
SHA1445476b984e4d9f3e78524874808fb2c1a321ec0
SHA2561714826867e0280484b3be8a65d255723c4b9decc57c3e87b18c298e6d4ae3a9
SHA512d2be330d6e8915eef7fec8dceaa0cd483233d19a2bd313a23f0bebc61a6c68c58c4291ce4ad105406e6ecbba8139a0b685e7e1ad661f4493788fa934f731254a
-
Filesize
7KB
MD56b4a6bc1250559e5fde4eba76ac0f0fb
SHA1bbf6eba507c40df95f5cb6fdb74df13afafe37ac
SHA256ccca23a15b1e77346bfc24bec22883e364c811be7c31a5b3a36b153d2210f931
SHA512c3bccb32de285ee6275e9f858ade4b5fe79dcc4824869a8773c065e23e45f96fcf3407b9eb71cca33e4789229cc492aa86515e51be3ef16c5a6ab6259623c7d4
-
Filesize
7KB
MD52f231393664b6051a22ca0adda7a8a20
SHA14896856315f07c333d0c7a039d97d98c97e1658b
SHA25669d92743bc2a5542bb621c71dfe1a45fab9a17b7297e607ff23ef276d24d5a59
SHA512921abf18d82f4aa6826a00c9f5e997dbb71be8eaf2b018ec02f33d6a03007f3748ff9db4036c45fb876c1ab3395de7c6f22a50836191c6f2c6167757052907ae
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\WorkspacesNavigationComponent\1.0.0.5\nav_config.json
Filesize2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5cffafac665244442912ccb4ce1a24394
SHA1492d1169af0df42a3148b7d247d64fbad387d88e
SHA25678e02020b759dac796037047c801f4743e39e47607679f2606a40ccc74c9e964
SHA5129c12a5ce9f1c0c0ff764ef7248e9699955c384857e324198253b25325a0ff17201a908149ba56be79843f35cc65cbf37fcef5d9c038412f35e190f67448bff4e
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be