Analysis
-
max time kernel
50s -
max time network
56s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
02/07/2025, 18:53
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://d5q4mn04.na1.hubspotlinks.com/Ctc/JA+113/d5q4mn04/VWbdCp5fxWsGW5Jc67c7Dwf1tW2nfwL35ytCK2N5t-njT3lcq-W69sMD-6lZ3nSW6X2_t25CjsNKW7njW161BSLwqW23CpLZ8-_zGBW76hKSZ906ZpwW8k5xsr7Gy0yCW99S9Dt8v104zW53ltgS7X6ygHW7TzdnN7lSlk-W6Z4Fmy7JQ8Y8N1sHpZCVT3KxW8dQMl67lBDXMW6nJtw33GgPh7W2RYF3c6w5yNwW5JhdTb37wnvbN1F-6jFjsVhNW4-C2TQ38ldcqW77QFqz7VyX-DW5h8HDs1SQ6p_Vb7BJ-9lvm1jN6clgMGtJM4Tf8R-Zp604
Resource
win10v2004-20250610-en
General
-
Target
https://d5q4mn04.na1.hubspotlinks.com/Ctc/JA+113/d5q4mn04/VWbdCp5fxWsGW5Jc67c7Dwf1tW2nfwL35ytCK2N5t-njT3lcq-W69sMD-6lZ3nSW6X2_t25CjsNKW7njW161BSLwqW23CpLZ8-_zGBW76hKSZ906ZpwW8k5xsr7Gy0yCW99S9Dt8v104zW53ltgS7X6ygHW7TzdnN7lSlk-W6Z4Fmy7JQ8Y8N1sHpZCVT3KxW8dQMl67lBDXMW6nJtw33GgPh7W2RYF3c6w5yNwW5JhdTb37wnvbN1F-6jFjsVhNW4-C2TQ38ldcqW77QFqz7VyX-DW5h8HDs1SQ6p_Vb7BJ-9lvm1jN6clgMGtJM4Tf8R-Zp604
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\zu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\en_GB\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\lt\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\is\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\el\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\km\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\offscreendocument.html msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\vi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\fr_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\it\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\pt_PT\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\de\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\az\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\cy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\da\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ro\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\hy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\gl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\fi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\mr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\bg\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\en_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\en\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ml\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\si\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\eu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ms\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\af\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\es_419\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\kn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\et\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\te\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\es\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\mn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\th\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\my\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\sw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\offscreendocument_main.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\hu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\zh_TW\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\no\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\be\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\pt_BR\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\nl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\gu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\pa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ar\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ne\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ru\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\fr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\sr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ur\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\sv\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\ja\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\bn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\service_worker_bin_prod.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping4188_1607277996\_locales\kk\messages.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959560446293096" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-815616237-4012932787-4224613991-1000\{388994B3-036F-4AB0-A7E7-D71432199B7E} msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
pid Process 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe 4188 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4188 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4188 wrote to memory of 372 4188 msedge.exe 86 PID 4188 wrote to memory of 372 4188 msedge.exe 86 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 868 4188 msedge.exe 87 PID 4188 wrote to memory of 3100 4188 msedge.exe 88 PID 4188 wrote to memory of 3100 4188 msedge.exe 88 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89 PID 4188 wrote to memory of 5860 4188 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://d5q4mn04.na1.hubspotlinks.com/Ctc/JA+113/d5q4mn04/VWbdCp5fxWsGW5Jc67c7Dwf1tW2nfwL35ytCK2N5t-njT3lcq-W69sMD-6lZ3nSW6X2_t25CjsNKW7njW161BSLwqW23CpLZ8-_zGBW76hKSZ906ZpwW8k5xsr7Gy0yCW99S9Dt8v104zW53ltgS7X6ygHW7TzdnN7lSlk-W6Z4Fmy7JQ8Y8N1sHpZCVT3KxW8dQMl67lBDXMW6nJtw33GgPh7W2RYF3c6w5yNwW5JhdTb37wnvbN1F-6jFjsVhNW4-C2TQ38ldcqW77QFqz7VyX-DW5h8HDs1SQ6p_Vb7BJ-9lvm1jN6clgMGtJM4Tf8R-Zp6041⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4188 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2f0,0x7ff88b22f208,0x7ff88b22f214,0x7ff88b22f2202⤵PID:372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2040,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2020 /prefetch:22⤵PID:868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=2248,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:32⤵PID:3100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2564,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:82⤵PID:5860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3520,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3532,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3556 /prefetch:12⤵PID:4708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4820,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=4828 /prefetch:12⤵PID:556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4876,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3572 /prefetch:12⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:1592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=5388,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:4292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5596,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:12⤵PID:2928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=3808,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:2628
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=5876,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5904 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5380,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6124 /prefetch:82⤵PID:1172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3776,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:82⤵PID:1964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6588,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:82⤵PID:1000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:82⤵PID:2196
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6864,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:82⤵PID:5068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:82⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5544,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:82⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=7048,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=7092 /prefetch:12⤵PID:6112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6884,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=120 /prefetch:82⤵PID:1892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5556,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:82⤵PID:3568
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7060,i,18149418327080273744,18415443688120835084,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:82⤵PID:4808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4756
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x510 0x5141⤵PID:5300
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:2328
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:4808
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD570513332cfe5b518148a0b18ef97f28a
SHA1164c8e2d8d70f81e62f11924bfc01d784583ba57
SHA25676ff45838a4c64f365dc15ef0e8660a32b4ef2c8829190ffa16d0fa75bd9e774
SHA51263ad5cd4f64e15b24dae9b01ede6fe8c7883a5b81708ba7093eb957329a8808e3915256044daae42c58ced7ff0881f0ebc9811e79b63af7d03d1b8a9945eb209
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD50dd57f01026cca9d62cc827b2652e2b4
SHA1193717b4cb8fdaacf2074d1a80cc2b0a04af0c68
SHA256cfc6d2fe2a5e6f37678919fbf69b77a37fbec6d9e547dbc881875b3a96920efc
SHA51292155d9a9a1d14b51822afe399118b6f297c4bbc6d269b8f0a012c5b62cd7aa6b42fb174a5791de43fb70892a782971c4f211bce7acdd681124685ecafa8297b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57e474.TMP
Filesize3KB
MD5c7b268d22e7c2d26147391af5fa35f17
SHA10f915ab55a06c9873895c71a4f3540076327fa63
SHA2566353bce984bcff42fcbe72d9b1bb5b55cfbb1b309d1ad73cc2629b11c8c83b08
SHA51256b28391ec5c5b3fd28b65c3836e9b99ec7af4a8bbef8d641712ea3a9352ed7850b49f721370b69376a49693c9b12881956d008ff0791a71c03ad598e95e42f3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
19KB
MD58f6e2ef0827c572c66ebe3bc70646009
SHA11eb11b18c3cd8e084df908f0026e11a64557da2a
SHA2567b584cf8a60e24f533d92470de7ec124aa3450676e2aec2ed88b174b218d2d40
SHA51227b2a558878625b48059df206bb49befcdff421270b5da1f4403ed4b7f95c4bc4ac33ee94c000e9ae875d6cbe6dcf1698eb7a42b2f216135e2a8d5b2fc9aca32
-
Filesize
36KB
MD5377ea36c1e9969cc92351c66d58b1942
SHA1c7c5a13089f7be47528247e09988ae8d1300be57
SHA25623d33bf99645504497c20de366da683a8246a37ef0a062b2d1b74cc808f51740
SHA5123185c39b690194704aa07f3b47a2963c5d5df3f5a412aea14638131f7366d4b539c2e3c62250daa17cf11b042189b7661df7e30b7b9b6004db52b4a534bccbe0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize96B
MD5262eda4d738d6f42a4761a64a2e2ac02
SHA140babaa52aac072ab50692f12ad011498d7c1540
SHA2567688ef832ec946dbbcf4956bc8cdf3de5e6909bdb64b9a73aefcfc4180c14a89
SHA5123f28cfb04cd75f4be20da35269e1b0fb7bbb41d7f6b3949bf2d675700bd1c20ee1e715da890483a5ec8d48f8076b601f3dce765e4dc40c9d8a0d7412ee4dbdd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ac5d.TMP
Filesize72B
MD5e541abfd7a49992c2a0f42a29d4be6b6
SHA1bf5d1b1bd07cd01ae80d1cc5c592892110504d5d
SHA256dcde4b662929bff45715bc7330aab373262e6fbf1141c0ad1c3876a6726ad60f
SHA512daf9d13a547b06c7203a2ead282db28e0b07ff5bc52ea684530ec1d1a8e23d05f9e60b70f6c2dc663cabd06c5941669378df31e3167842e553be28474bd764d2
-
Filesize
22KB
MD5baf1775e74f8ebd99c184f1fab0d2b0b
SHA1e0db0374f02ff1ed2a7e4b6e1a54e7e1a37ecb24
SHA256f6c8dd5dc4c589c53cad576c9b1a9cdfc8b60d0fa833350a927d41ea2944883f
SHA5128c03be7fb196b716055355caddfd40d6006f2c98fc91be0c6dc38f0ae52da8c7a838de89fa7588301b838e7996f3c41bcebfbe6a31767260da075252a5556028
-
Filesize
38KB
MD58f88c3f9ad715ee60e88f584a251ead2
SHA1980ce25bf450b7492b03ef85c5c80ad94e075ba6
SHA25636b13282a76c219a9c31b97c6d8e58b02601299ccfb809aad9161961df2bb6f9
SHA51238c09291545c3a1d9af6f437c806264f22e3471f6eed29626ab120e7edc09dd995d997567dbe20d1e31b84c431d8a40413b1ea9b41f6baf78bcf2cb50c0860bb
-
Filesize
38KB
MD5e2afbfe205736483a550a836982eb29d
SHA11eae17b27d7c24ccc36ae2f87720ea7ec3db7962
SHA256335d961a8034dd29246e07434c5ef650293eb55a62abbe167743c9241ae844fc
SHA512b0885f0f5cc3fbd835fd6bc789bb27c16cd5287004ea837bc70c3fdb62156f504befc46fb0def019eeae689eb9d8b2282c1492d9f1b40074f1b3a536ea973e2e
-
Filesize
45KB
MD569ed4b0a91e9271db1a8167b6c27e54c
SHA18895dd8dcde617bccab9109d45097236f3bea83e
SHA2568f61ce81b379d1f7554dde2960c2357f8bc683980cc34fc6c05816a2540fc161
SHA512eaad52582634704ad0c44c8143a1c951542e1eae9684881bdfc875a026f100f35df6e6730b8cb35495baa9dfc8d258fd476065592272b8301731c9a76e97f4dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5e70966776f936535e47983256362530e
SHA1846919a4376e28a0f588c2067540ece7688dc476
SHA256b20f121786db269d9dbca6d4bc28675396491b124638e7a8244e98561aad1476
SHA51292a35a619b3d29e2aa0fc787b3d3fdedaae6623b183f353949855da087759c20c559650ef88ea29d0900d0f50c3e27e73ff30f25aef10c9f9eeea0c10236dcdf