Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20250610-en -
resource tags
arch:x64arch:x86image:win10v2004-20250610-enlocale:en-usos:windows10-2004-x64system -
submitted
03/07/2025, 05:54
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.ladn.eu/emailing/newsletter_ladn/youtube_bleu.jpg?v=%5b%5bversion%5d%5d
Resource
win10v2004-20250610-en
General
-
Target
https://www.ladn.eu/emailing/newsletter_ladn/youtube_bleu.jpg?v=%5b%5bversion%5d%5d
Malware Config
Signatures
-
Drops file in Program Files directory 64 IoCs
description ioc Process File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ka\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ar\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\es_419\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\az\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\es\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1377045548\sets.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1377045548\_metadata\verified_contents.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\mn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\bn\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1032918398\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\service_worker_bin_prod.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\pa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\tr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\de\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\el\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\sw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\bg\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\cs\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1377045548\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1032918398\v1FieldTypes.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1032918398\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\id\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\pl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\page_embed_script.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\am\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\gl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ms\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\pt_BR\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\hy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\pt_PT\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ur\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\mr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_38825940\deny_domains.list msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1032918398\regex_patterns.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ml\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\fa\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\it\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\no\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\en_US\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\sk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\be\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\fi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\nl\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\km\messages.json msedge.exe File created C:\Program Files\msedge_url_fetcher_112_1078142653\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_93_1_0.crx msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\hu\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ko\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\hr\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ru\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\zh_HK\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\manifest.fingerprint msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\hi\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\kk\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\te\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\ro\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\en\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1377045548\manifest.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_38825940\deny_etld1_domains.list msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\offscreendocument_main.js msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\cy\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\da\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\iw\messages.json msedge.exe File created C:\Program Files\chrome_Unpacker_BeginUnzipping112_1706751924\_locales\en_CA\messages.json msedge.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier msedge.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry msedge.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133959956826072947" msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3001560346-2020497773-4190896137-1000\{A29F7FBB-6856-4914-B8DF-08F432372BE7} msedge.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2316 msedge.exe 2316 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs
pid Process 112 msedge.exe 112 msedge.exe 112 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 112 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 112 wrote to memory of 4672 112 msedge.exe 86 PID 112 wrote to memory of 4672 112 msedge.exe 86 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 4728 112 msedge.exe 88 PID 112 wrote to memory of 4728 112 msedge.exe 88 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 264 112 msedge.exe 87 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89 PID 112 wrote to memory of 1452 112 msedge.exe 89
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.ladn.eu/emailing/newsletter_ladn/youtube_bleu.jpg?v=%5b%5bversion%5d%5d1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:112 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2e4,0x7fff89def208,0x7fff89def214,0x7fff89def2202⤵PID:4672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1840,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:32⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2496,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=3128 /prefetch:82⤵PID:1452
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3440,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:12⤵PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3448,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4780,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:82⤵PID:5084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5008,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:82⤵PID:1524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:82⤵PID:6012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5660,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:82⤵PID:6076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5820 /prefetch:82⤵PID:5208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6116,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5944 /prefetch:82⤵PID:3684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5848,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=6128 /prefetch:82⤵PID:4624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:82⤵PID:3108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5780,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:82⤵PID:4700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5732,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=6240 /prefetch:82⤵PID:4864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5096,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5280 /prefetch:82⤵PID:5148
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:82⤵PID:5248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:82⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=6408,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,1538851419508168542,18427999022990003208,262144 --variations-seed-version --mojo-platform-channel-handle=6404 /prefetch:82⤵PID:3672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵PID:5136
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start1⤵PID:3476
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start2⤵PID:3092
-
Network
MITRE ATT&CK Enterprise v16
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
119B
MD5390af74c5ae643320cad0cef4fa8fee1
SHA122ce727f9bcff9a914eb1d58ba8384de6fbda7e1
SHA2561148c28e540b9b96237b35170a547a13165d6c7c039b8fff9e4b2cd774b92f5a
SHA512deaeeeffdddea1a9047e97d82e3bb701fb865adcd77ef9e985bb0ec5e4057155e7b83cad4f9f3dd256edf89f19d1075349cea5005dffff8420da4d0646be413a
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
84B
MD5e0909520982fc48e47a6451443b11741
SHA10e46425274933c153ebf5a03f25e693267a8cea2
SHA2562e9e6138305d702f3c9b89d6e9dc4931b548c69bb86db64e585fa2e37b8ef654
SHA5123fdf504cb0bf39a807fa15a8ec31a6efd8083888692935ec31d70b4ef6eef89b8527c6a75a46bf7ae3efeeaa507ac3c7cccda5246a2f073ac603a7ffa10d20a8
-
Filesize
176B
MD58177721150435a9b333475e2b8a6e691
SHA18aa8981617e8f3d8967a0a4a2d20315317eba293
SHA2568a4800ed5f63b9371a024c501ee2b031af94539e32e6753214e6d99c625c018c
SHA512540c4c52030c6a4e1efcfab5eb59760c696bb3e3f1b8f93c97a6368639a911ba3d395190fc0798d99f3c63e25b6dcf2ded482bbda34d36ddd874dd20c2cfdf74
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\autofill_bypass_cache_forms.json
Filesize146B
MD59357a694006d8bec3d0f8c9607b76ff8
SHA16335ce691999ec10de742cd07d074eb648631259
SHA256b6c37df977f149c5a444c72ea4469ce666c7975d34c6e2e0d9d8ec416f57dd44
SHA51287c2d0192f3a78b13a691cda14da507f260d13331b792eb973869bd6dbd0f207faa48f68882be691641b46c06ed12ee8b9728a3b596df67a1f9a4831b4369a44
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.24\edge_autofill_global_block_list.json
Filesize5KB
MD5adb5f6058f82680a26d6ed02b44e5a21
SHA16197ee74e40c742e184357dcb6dfcc7e32818cae
SHA2567655c9afb5f2ea39b18e302498b34009ca02b72451f82a6d4e7fb4d8d954f050
SHA512742dd8f6eaf1bd5f24b37e90d7a3dce7bd0a8edf399c2dec25cd92d2bd6e1d663ebab3c68234812f0144061d4f22f0c2c43de890f60e24d93133bbfe23a6d1c5
-
Filesize
509KB
MD5c1a0d30e5eebef19db1b7e68fc79d2be
SHA1de4ccb9e7ea5850363d0e7124c01da766425039c
SHA256f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1
SHA512f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a
-
Filesize
280B
MD52294f3d9a64baef128a25b87589d389f
SHA1424e387efc6a6a15e78b75f6993c1c2b3075b1df
SHA25636f7957c705b6991cf14d92a054f5f029666152a4064d59cb0ff3d928b29281a
SHA512bb23f81a610122ced958c119f398ccb753bc760084b92484f78a9459cc4d055ac6268aecaa350bc311fddbc08be89103ff36ebfa92e240e383ee2f155e899858
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
108KB
MD506d55006c2dec078a94558b85ae01aef
SHA16a9b33e794b38153f67d433b30ac2a7cf66761e6
SHA256088bb586f79dd99c5311d14e1560bbe0bb56225a1b4432727d2183341c762bcd
SHA512ec190652af9c213ccbb823e69c21d769c64e3b9bae27bea97503c352163bf70f93c67cebbf327bfc73bfd632c9a3ae57283b6e4019af04750fe18a2410a68e60
-
Filesize
2KB
MD59436b0b8c96e310021110ae48f048222
SHA1ce16860da3880d39579464f0e7a88446b68c434f
SHA2560877a6f488eb10c896f095179957d8cce1475626f6574d577a7b6a5f1c18391e
SHA51214f5f53942052137d950a4356fd25c44a76f183e430997caf966e1085630f8f76db3b1402caa07f4da82519c5dbcbd8a3c7c94fd021176aa76a6cb12fe0ea491
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
16KB
MD502109143df3be4c8aa638ca8d9ddcddd
SHA1715818a0233558d71345bca9a0ed9961374d2a87
SHA256f92b77069f5d2f0ccdeb2f6c1efaec8db4ec7fd03ab25b8e03610f91db550e50
SHA512dd602f5739063eaa80c35c6ebd563e433e3985b10362a14ae39ff1ac6346fca0b882b3065339dae11687868a53e094d1c02dc182e0db981e2c21ae660df9df28
-
Filesize
16KB
MD51b32e9283db1294158a3fe6e6f13d728
SHA122fc964bda9001d8a5c56024052c2a296e64c3d1
SHA25617de6003a013751909fc23a2fdcf59bc38fd92eb5ac5bbd4cde1b15fd0783e5e
SHA512d26f8a44d18f7e1e3c683e0c7cc3dc8adbf3db57e01a1515347db8d499c1c4f3eae9f215ffb3206fec3ada7cd7d28a7ac6724fd79dec2441cad72fc872789994
-
Filesize
36KB
MD5cbe878f1b1350c82df04879542c6ac98
SHA1a40ac32cd229295c8bafb48e2cf493ae7d577694
SHA256cd1863b57bf252b1409d2f9ba02e0027696c37f861499b7ff8481ba477007a6e
SHA5122bd91bfc127e9b018b71702234ed6a75a5c756d447dacc566dd8d1f5908c9d09e265f8cc3668d193d151c61f36988860c7d773b75a9616e2829f135a01bd6e87
-
Filesize
22KB
MD5ece4b2ae71267201c91b6e0787a1591c
SHA10b8783b57a7920abb7d15c4c78aab0375cfd39c4
SHA2563b74857fdfc314c0f821cb07a93f3547ecc53b31022de9f3d83d827577fc1ad2
SHA51259899d29e09650a5b3efb206c96549c6180de6144f4c0adcbb3e6734cab09e72d7657bc26f7122dcfae5d943d19418ad5551d81930ef1b10f581f7e1c455dd62
-
Filesize
460B
MD5f2db3f63dae055b59c53b365305867bf
SHA10d15b32fa5257883dc7132e023fbf30e38590887
SHA2569a01301bbba33018a8385ddad0fdca10ea86bcc2ad8692034366217c58c791b7
SHA5121a607ff6bb3eda6dd29028ccba77cd12908f967358f4c4404e0ea0e6717915004994de5656adaad1533580d54e6086fec12e8585b44959fe3f82b9c5edbfa9a4
-
Filesize
38KB
MD5227a79e2d10bd0c64800d86ed5c2b95d
SHA11a78ab2314ba18ca7363e8dede411d87f8312e2e
SHA256ef19fbccd0c7bc599cee8cd2fdca496de78460c878c88f59e3fabd72132d4a09
SHA512d49aef1695cb6bd15890c63e5658d1960bc7603d3d52b4a8b054a7c85563321a70bb5f256f2617c09e665864454ac10a65e7e25264025e18cf080b0a796dc402
-
Filesize
45KB
MD5f0b2d49b1054e06fd2e5a9cae5c9b11d
SHA1a66ab7ca667088eda56a8f16c3cf21db6fb2e1b6
SHA25618a1c995831c7b8c870a188fd42a670bc9bb87eda60c8d2151c734b93b9ce189
SHA512cc0aac6ab3d7d3a2583581976ad156864e0d35b1e5576d3cc59a810fa7759ebb2a40acf81173563f886cd3080045f48d6973d74907b195337c23cb15c19697eb
-
Filesize
38KB
MD590be05484e9d97144a777cea693cdbd5
SHA1efa299919e4be706949d1f7ac438981b2735078a
SHA2568f0c89c6844950797483dfaf0532ca93abc3248609a93160b5b5c149eaf2fc18
SHA51280f6307bf9a2d2a1bc4c81876dd659dd17b9b7937aa279f7a3bd7d8a86d63cfa9e65484fadbae76c1dc8aa3262bca67b857708d651d9f8a8c1878e9d245abdc4
-
Filesize
50KB
MD55a0abb07f026fe3318e46c3a0bc5a819
SHA1ff0b25cc2ea6e55c513a902f41e73a882d9ff4c8
SHA2567984eed4b82391591243910b78e8a635d23e261e0819665369ca38e046c13d4f
SHA512709fd093dbd2e967688208278d9a822526237984a4761ed68b897c6cbde68826b93cbe2a7a807adeb8b51b7b17f5125744a44b2ea30c1957f9b7dfc5c8e590c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.0a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
Filesize156KB
MD5b384b2c8acf11d0ca778ea05a710bc01
SHA14d3e01b65ed401b19e9d05e2218eeb01a0a65972
SHA2560a6b11a5b642bf6c1938189707e109a1f48eb02018cfb146f09e74a753567d1b
SHA512272dd92a3efbf6cefe4b13127e09a9bd6455f5fc4913e7477c6712e4c3fd67efe87bd0d5bf1ec6b1e65f8d3aa0ac99d5bcf88d8a44d3f3116527253a01dde3be
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres
Filesize2KB
MD52218450ad3f30a2fa95894702c31a037
SHA12a8fdcd73780b72862f5eeb1c91be7f70f2d94e3
SHA256f627ffe29b48799ca457383846cab829a01f94bbde1882f9b062325553658593
SHA5128b637a2653b912e3089a515d3e1a03dc7bafde5122f4edeb05ccf40bf4f2467b9358d74b6a44e92d2925550cb9f549be57454d4b9307bbcd53f02f4aed43710f