Analysis
-
max time kernel
130s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:52
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bazaar.abuse.ch/sample/fe0e093058074512febd0db6385e626eb256208b498e5ad948fb6a9fad43ab00/
Resource
win10v2004-20250610-en
General
-
Target
https://bazaar.abuse.ch/sample/fe0e093058074512febd0db6385e626eb256208b498e5ad948fb6a9fad43ab00/
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\offscreendocument.html msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\ml\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\pt_BR\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\en_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\dasherSettingSchema.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\pa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\fi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1640649808\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\deny_etld1_domains.list msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\sw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\ta\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\af\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_945891742\edge_autofill_global_block_list.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\lo\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\kn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\ru\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\mr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\nl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\deny_domains.list msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\hi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\lt\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_945891742\regex_patterns.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_945891742\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\service_worker_bin_prod.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\uk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\az\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\es\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\km\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_945891742\autofill_bypass_cache_forms.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\zh_CN\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\lv\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\sk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\de\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\te\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\hy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1640649808\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_1111112359\manifest.json msedge.exe File created C:\Program Files\msedge_url_fetcher_2036_224651375\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\128.png msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\kk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\eu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\my\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\it\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\mn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\fr_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\bn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\gl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\zh_TW\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\id\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\iw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\fr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\bg\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\ca\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\am\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\en_GB\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2036_317456909\_locales\ar\messages.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959559779797148" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-155457276-1657131288-1088518942-1000\{AF941429-F9D6-4ECF-B2E3-105A062AA5BC} msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4732 msedge.exe 4732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
pid Process 2036 msedge.exe 2036 msedge.exe 2036 msedge.exe 2036 msedge.exe 2036 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 2036 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2036 wrote to memory of 3220 2036 msedge.exe 86 PID 2036 wrote to memory of 3220 2036 msedge.exe 86 PID 2036 wrote to memory of 5896 2036 msedge.exe 88 PID 2036 wrote to memory of 5896 2036 msedge.exe 88 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 2932 2036 msedge.exe 90 PID 2036 wrote to memory of 5352 2036 msedge.exe 89 PID 2036 wrote to memory of 5352 2036 msedge.exe 89 PID 2036 wrote to memory of 5352 2036 msedge.exe 89 PID 2036 wrote to memory of 5352 2036 msedge.exe 89 PID 2036 wrote to memory of 5352 2036 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bazaar.abuse.ch/sample/fe0e093058074512febd0db6385e626eb256208b498e5ad948fb6a9fad43ab00/1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ffe25eaf208,0x7ffe25eaf214,0x7ffe25eaf2202⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1904,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:32⤵PID:5896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2280,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:22⤵PID:5352
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1856,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=2920 /prefetch:82⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:12⤵PID:6124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3444,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:2372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3424,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=4984 /prefetch:12⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=3448,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:5032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5116 /prefetch:82⤵PID:3260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:82⤵PID:1792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:82⤵PID:2068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5936,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5956 /prefetch:82⤵PID:628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6036,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6048 /prefetch:82⤵PID:1268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6436,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6164 /prefetch:82⤵PID:4400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6108,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6508 /prefetch:82⤵PID:5876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4908,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:82⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:82⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5136,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6668 /prefetch:82⤵PID:4088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5572,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=5612 /prefetch:82⤵PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6192 /prefetch:82⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3920 /prefetch:82⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5588,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=6312 /prefetch:82⤵PID:5440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3948,i,3007617396471736682,909119023806038247,262144 --variations-seed-version --mojo-platform-channel-handle=3900 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:5536
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:5744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:3656
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
12B
MD5085a334bdb7c8e27b7d925a596bfc19a
SHA11e4ad53dc335af5c6a8da2e4b4a175f37fafe2f2
SHA256f51a7acfffec56d6751561966d947d3fd199b74528c07dabdcf5fcb33d5b2e85
SHA512c883cb43c97a136825c6fd143f539210c234c66f9b76dfd8431f6ff014094e20b9410d7462aadee2344df8ca158def6b9a807e7cadbdfa947f6f8592e7283e34
-
Filesize
176B
MD5e7314184e67b4501f5048c2e5f181d96
SHA1f741a8a1b8c18c8d4974f937ef589b134dde5419
SHA2567bd96fc0239229d64cc38693c64f2524d95711534c606b2b39957af8411d870a
SHA512773ff8228cc87677e3f74667b61db59decfccb6ca4da80a5ac5e0aff0e3102e08e6c1561df35b9ed64c8b7db8dc8ed27210c2ca0139ec85d17f9e3f57018a086
-
Filesize
119B
MD501cb8b111843d1f1dac11d249c24c8b7
SHA1c4f1f6f219f325caee6363df7f459323109f2f6e
SHA256b13947842a1d3e66e62bd32398a3780c18127a520e7212a4adbf006a9abfd74a
SHA512075d54cdbd80078d4bf66f3c5814a055058f2535629cc7f5d88fa5c69d5c931dfd2c456a0bc634768d796af604ce4d585c7904c1924d35df7855dfd7e275d403
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\autofill_bypass_cache_forms.json
Filesize175B
MD58060c129d08468ed3f3f3d09f13540ce
SHA1f979419a76d5abfc89007d91f35412420aeae611
SHA256b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92
SHA51299d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.21\edge_autofill_global_block_list.json
Filesize5KB
MD51c865471f98902a3818e8bbf46360342
SHA1932497309e942f67080b84dd37dbd634117135d4
SHA256b3ed570caaa1e88ca7fdeaa6569b5ed172adcb64221766cc73fd7e6b07e0c65d
SHA512d77791b1a55cbb09a6dd88911be0219c712d573238666e09b0c18f7b92573db2a54dc0525d3232851f1bb9c008c2ab542bb4fcefa09b7a4be50fcd8bad4e231e
-
Filesize
509KB
MD5c1a0d30e5eebef19db1b7e68fc79d2be
SHA1de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a
-
Filesize
280B
MD5a8219bcaf7176916236cbfec789cb19d
SHA1c0ecfcf1f890870b2a94b57f88f160cfa13b2909
SHA256ddf8dd6ff5315b074f05e8db037478239d3f789d09caa984e0b995c5f16c7e52
SHA512167286afc9b5ce19b36be3bb3612f2df5d8c62ffde354a13809e991806346b117c15a9a5f9227a8e0bcd1e263cdd857c8d45ced7361dd4ff3b813eb0b4d56e80
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b79dfd0-e49c-4d54-b046-28c66b09f98c.tmp
Filesize16KB
MD5761854dc3f97575438c6f49bc91f9227
SHA197de740da38a32544edff08b828a0b8e81e9bedf
SHA256be42accc2e8983f76085b27625f54c2938bf85747cfb81e553054f5c6d319dae
SHA512f7ab9d61b5c24cbb9b8faae45e313473e89fa9f5a8017188ea93f8ae01b77db72d3cb7f8849ab2165af42492f30f25a92cb9229486108c4231fb7d722009b4e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5e46ecd1c4faea2bc4cee135212ce69c2
SHA1dc04a60a28b1b1aecf857f4572a0e803dbef17fe
SHA2563aac477b0f6b2cff7988a034767e56c27c127ec2bb419cf3c1ec643c8a446b14
SHA512387bc676308c2c9bd052500d8ce9500e95c5319f4ed6709ef01f7dedbac7cd80fd853e2965a5ee13f8ed8a1af0cecd5e3d7f9e460bfe017fa13ae0034085337e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57eef4.TMP
Filesize3KB
MD53baf29c62020e12b2e7d7fa339994a4a
SHA16bdb69c4293461287cc382279c929801b851f811
SHA25663ee34b440dfb7c1232c6ece68ebf34ea01ad590d47eed7a7ea6442cd3620c0b
SHA5127f0db253e6fedf7059f8313830e407708b376bcb1febf795aa8d338ccb05b4fa136bc53d1170d20e1833883a6b78c2f555f7f6def57314c45a3331ea1400e682
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
3KB
MD552b1b97cf6317908832af7ebdfc9e2be
SHA1e82c6be095f82e229f53a5797413a8285fdd2c07
SHA25686d8571c4980be187eace8cc4622b0fb1ae3a742b9d520e5708768a69ba6c045
SHA5129a34fd8a16893bc2e901b896c978882cce10fb5016a07f3a0334f84ec19b5a94b45a751d1ac0afef74919d96fcdc83d9bff13a1f53a44d1e881ba66dd676cc45
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5905f459c718c7382717522c7685c1e6e
SHA1efdbe0e82a1e1c8d535913ce38611e655b21d221
SHA256d817b659e9e6b048a56125ae9443e71b64f50328ec4cc8867d0c4419874f2fb7
SHA51217ab80a649f59c024a44707b890cf5dd205afb57db83a23f17d8d8d5e1611b1076631574cbf4a0f82f1bdc57d86596a4053ad2939781e8cbc21c7b6b42f23c56
-
Filesize
36KB
MD5be682f75a282069c8dadcd1370fffba3
SHA1a8e93da8771b052e90b6115aaa8cc7882b9364d1
SHA2563eefe2348c5d3fcc6c2697d96a5d9dd8dcf1d6899c041b29e42521ec6cda2238
SHA5121966e89b4489adcad67d4c5118be606e999a7171f196538cf79af5f4f71058598f92e23ee10193b0d6293d21a2cd18e14df26633c15aac49f6471ad19bfcfe16
-
Filesize
22KB
MD51bbf84350c4ea49d4fd16d533023ab07
SHA1fcfcc93070792caeed0476b34f0a34e3364327f9
SHA256029ada40fabc23cf1344d2558a8e817da7936b246567d81a39cf5c24da192eae
SHA51222b277a0ced500858430eeb870fc02fa55786eb6e6d0671fca40cc395de218e0c54cde54c2e4f9cd3d9a5b1cb769da1e0d093d6492f708e9066aa606cd586bed
-
Filesize
462B
MD524b80776be6675499e78d077214a4708
SHA1fc1cbf25f0dbd023c93440bd3018ee0fdc4824d8
SHA2566c89003563bcc3df717bd88df4cd7ba8d5c4c4c0c9703fa2a8e014d5ada8b2be
SHA512d12ea6661ec950ff230293a5906e818a0fd3d6b8a61537b75609ed0ffb143db89d3de8efedd399d6eb5345d7600f3d359445f02766174d79facddcbf2ec9b30f
-
Filesize
50KB
MD5187dba4e47873bfac4235ee9a9bbd2f2
SHA1b6a1f0d487fc17e31bd4344a5ec395f6375ac0e0
SHA2561cb13be2375277907cce99160c39760e0ae747981ea7036a9f5f2c2a712018e5
SHA512f146e12ff0aacd4837912a5dbc8a389d8e83156bcdf80de962df72bdb1171ef4864aaa9a848ffd3fff10ea2142052986545d82631cce74704e5cea25e71789e4
-
Filesize
38KB
MD59a9fd50be15a61ad1425a55cc4a839c2
SHA139665b57bb2bb1dee774e97826d1383ca512c533
SHA2568b764008b0f7dff814cd9e449bd213a2d4f50d891a172e9df965fead353138a2
SHA512bc4d60124645bd4f568356bd69a74fc607ca4993fb31b7186ad5cdcf504ee28c9c3ed515e385a442b75e58c321667e42b01dc386cd70c518149f042b2479c0a7
-
Filesize
38KB
MD5f89a6f36f2280e358a31a0a6403bbcd4
SHA1aec8a82a9cc2ca39ef19bfa31758d672db9e1b5f
SHA256d00f21aa19f163073429b60f1cd59e7fc0503fe2a563ff9478d1201ac8c3e32a
SHA512e03feafeeee25d6a02526d31024fc2fe245d15539001b9f44c28d6d203b4ce7d0877ced568d4226abaaa3dae04d68303c489be1b03676a46e2454a661796b9d7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5e78d95908a7d8d8ac97c332db0d0f7e2
SHA16ffb2069df7f280e45d9f7ef204ae3123953ef7b
SHA25685ccbe0f3698718df053135825bdc5455f4862c765f462b1b2c51fde99b5dec5
SHA512d93bd594b879ae91eed2a220d6e31c26d7d5e9654e066d825087d0bd4f735781bc440c89c2807a3a74b3ee8dac60006af0d8484a88665b5d79e21d51b92ca193