Analysis
-
max time kernel
53s -
max time network
41s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:25
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://teamcuratedtechnology.com/68383-414165/182302?uid=ZtBzSSVfJwYS4Z8t7mVBfmogJLy9&prom_type=regular&prom_id=323656&pld=26L81sNgpwNGg5
Resource
win10v2004-20250610-en
General
-
Target
https://teamcuratedtechnology.com/68383-414165/182302?uid=ZtBzSSVfJwYS4Z8t7mVBfmogJLy9&prom_type=regular&prom_id=323656&pld=26L81sNgpwNGg5
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ru\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\km\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\kk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\en_US\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\tr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\fr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\fi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\te\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\sr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\service_worker_bin_prod.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\sl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\af\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\hy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\be\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\zu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ko\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\is\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ro\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\fil\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\hu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\am\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\my\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\lt\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\pt_PT\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\en\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\offscreendocument_main.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\th\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\hi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\uk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\mr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\en_CA\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ca\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\gl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\cy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_metadata\verified_contents.json msedge.exe File created C:\Program Files\msedge_url_fetcher_2052_1798062948\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\vi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\kn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ur\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\iw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\nl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\el\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\128.png msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\offscreendocument.html msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\de\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ne\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\az\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\lo\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\eu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ta\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\id\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\pt_BR\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\es\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\en_GB\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\pa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ka\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\sv\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping2052_359729229\_locales\ml\messages.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959939654320248" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001560346-2020497773-4190896137-1000\{EFD8B31C-80ED-4BB3-B440-8E13F479E7AB} msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe -
Suspicious use of FindShellTrayWindow 10 IoCs
pid Process 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe 2052 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2052 wrote to memory of 5000 2052 msedge.exe 85 PID 2052 wrote to memory of 5000 2052 msedge.exe 85 PID 2052 wrote to memory of 6004 2052 msedge.exe 86 PID 2052 wrote to memory of 6004 2052 msedge.exe 86 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 4504 2052 msedge.exe 87 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88 PID 2052 wrote to memory of 1712 2052 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://teamcuratedtechnology.com/68383-414165/182302?uid=ZtBzSSVfJwYS4Z8t7mVBfmogJLy9&prom_type=regular&prom_id=323656&pld=26L81sNgpwNGg51⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2052 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2ec,0x7ffea055f208,0x7ffea055f214,0x7ffea055f2202⤵PID:5000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:32⤵PID:6004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2168,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=2164 /prefetch:22⤵PID:4504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2460,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=2476 /prefetch:82⤵PID:1712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3428,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:12⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3436,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5152,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5100 /prefetch:82⤵PID:5176
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5128,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5160 /prefetch:12⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4804,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:82⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5472,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5656 /prefetch:82⤵PID:2284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5480,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5664 /prefetch:82⤵PID:2340
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6276,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6272 /prefetch:82⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:82⤵PID:5652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6272,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6464 /prefetch:82⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6364,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=3652 /prefetch:82⤵PID:6044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=3640 /prefetch:82⤵PID:3480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6556,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6640 /prefetch:12⤵PID:5404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=4296,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:12⤵PID:4356
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --init-isolate-as-foreground --pdf-shared-library --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=6840,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:22⤵PID:2264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --renderer-sub-type=pdf-renderer --pdf-renderer --pdf-shared-library --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags="--ms-user-locale= --jitless" --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=5352,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5288 /prefetch:82⤵PID:1152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6460,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6792 /prefetch:82⤵PID:668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6784,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:82⤵PID:3688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6760,i,7168205586566802427,10511440566249434753,262144 --variations-seed-version --mojo-platform-channel-handle=6316 /prefetch:82⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:4528
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:2848
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:4320
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD52294f3d9a64baef128a25b87589d389f
SHA1424e387efc6a6a15e78b75f6993c1c2b3075b1df
SHA25636f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a
SHA512bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858
-
Filesize
775KB
MD561e0d7efea45541ea38ac6578943241e
SHA18b1d21954cd0dd072959cf4144d2b44d23510229
SHA25604d3beb8e8c983c6aee61a918bdbec979fb6280b91ffd85113fffff8337d8cb5
SHA512fd706ef8ec131eefd21e6651b7f92e5119c5b65cc658983a8558f44a2cd90c843d31a88df610b2b5cc08c78cfd85eca4c94325ebf37e413847777aee96898bf3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f799a4fb3e95644839b8cbb2b2ec9306
SHA195e9c4cecf6bceca648b2c24f9a35f058b818ae6
SHA256cdb50b1ddd491ab49cccb711b6392d8ac2584e2aa595ab9cd703a8ef973bd87e
SHA512417f7d88e92871452aaee59ffe80f3a7b98810e6e39d3a67b5837ec39f953fa5f4adb8dcf4a20eb346c54d60983b2b56f7fb3aa641078fa95314aa49507cbd7a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5810a5.TMP
Filesize3KB
MD571088794648ba69864605c04bd5c01bb
SHA16fd207aa0cbbe50a357ad97ad685b4706ba7c6c3
SHA256a328f1dccfedf7d07b6a1f4012145db2999dad551908f24ed2a167ea9809a029
SHA5125b39d30977652bbb23a4b49137d97327f24bbfc0e1f16d6014bbafa64e54e6bd610420183d5207da32f0d61a81d9db4a76480ffe8a2968751100993e2ca97a69
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD5c98295e659d5a09a7efb6ef9bc22c3f3
SHA18c854e0177c62b29236e8a044f403f66f5d49d4b
SHA256bfbfa18d71f327c974628c5bf26188ff4b82236aa6da224f621ccbf6bb5254d1
SHA512c7d7e727aae19386f24b97149898cabd3ce6696c73312de97a40c359c34be984f6218e2bab014973791023ec9622a98a9015aed73ed1b42c7644418fb69d478d
-
Filesize
36KB
MD5dd50a63c20d453c13ab9e03ed77f3fc2
SHA1434ab92f9d30d6f16ed5a8d46a407bab6675b06a
SHA256f772e507169fba83118b62f4bf795ac9dbc5612a299bfaacd5bae1ba2461f3d9
SHA5122f58f80b2fdbf869d4d012fe8f42d120b4b55e97c294a348b339ff6549775a3c0bfa81091850b60b70fea44b231396fda0fb1418b371567ef11a0ac93bdda2ff
-
Filesize
22KB
MD57cd443e449bea97574bfcf99db4806c7
SHA1cc9ba3d6eb3279062a58efcaa101d52034b5b755
SHA2563730543181a5fcf203b8778ef3c59f01e0d7c822ec60455a153b14362a2154bd
SHA512ef80361bc0ba3ad153ef1d567c96386556ad54a4376092ac41002aff6aecf0510303fd5799320cfeaf48a96e12b96a199ac47712298b35ff6627fd6df03bd4b8
-
Filesize
45KB
MD5da87149b4016cb749434757cca0dd038
SHA15ced1938760f85e35e8a4d5307bbb6aa0ec459a2
SHA25684ac189f6eb1eee9d2b2f07f09510aa2a757c9a046c45859eed9bef1bade2e44
SHA512550b8d4a88103d79935d5255336674725390b36fdfb3cb6439ab78f06ce1ed2d96613598d85898378fa15e29d9a6fbac36daaca97123a0c2b4d2c313043f9bd3
-
Filesize
38KB
MD50dc2957035dfdcabc62ed62d0ed558a4
SHA1f674d29f9400bf113484aeda478c806098fb39bc
SHA2567e602c96e5532e2f86500aa5d2c37d1ff2fa91fa21326526019d6cde6232aced
SHA512a7e2dedc7dbf11bd888f75a0e5ab1fb9f7e9fd6e7c82b403d0b1952d70df9f937c5d7773159de5beb8bc3970cea1c6455f4063c1674d09d9f2e83640f13de5e6
-
Filesize
38KB
MD505fb36b91c5c40babad36df1ff31652d
SHA1d6a9d23d0b5e81fe5352c3ee1140d8d15c94b389
SHA256fb72b525cdbedce1362523d301555a71c2afb76b09de2bc6e06ff9b227d68574
SHA512f99d101fb1659b508353cd72197af3fdb5b880ab8ea648da2ef086309815d8eae024fc06f522192c67ce2556c06fca044782ce9b955b87cb467ca9cf268a43b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD5001ba6de16b18bda670f875f0f3d14bf
SHA1a980c986492df57ca3cda8f22bf0b18ac34ec1e5
SHA2563854f5f110edbb70b19b890a16f8c42ef0c4e791fe8c25b6906a69ee03903fad
SHA512b7c541d0ce2116b28244f8d4045ef8c387c25e85d40c832bbe8d355e8af0c6217e46a1b9e0792867204bfc4639e11bbd45193b026c5d08a3038966a5bebc32b1