hxxps://fly-corp[.]br[.]download[.]it/download

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2024 22:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fly-corp.br.download.it/download

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4996	msedge.exe
4996	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
3924	identity_helper.exe
3924	identity_helper.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe
5276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 632 wrote to memory of 4440	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4440	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 3340	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4996	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4996	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe
PID 632 wrote to memory of 4264	632	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://fly-corp.br.download.it/download
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9ef746f8,0x7ffd9ef74708,0x7ffd9ef74718
2⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
2⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
2⤵
PID:5088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:1968

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
2⤵
PID:1964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
2⤵
PID:3644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
2⤵
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
2⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
2⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
2⤵
PID:6136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
2⤵
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
2⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6000 /prefetch:1
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
2⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
2⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
2⤵
PID:5200

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6060 /prefetch:8
2⤵
PID:5676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
2⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
2⤵
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13172073442294683566,15590092176216997929,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6264 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1028

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x308
1⤵
PID:2332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\557fa685-62c2-4d44-b1b6-ecd694145640.tmp

Filesize
8KB

MD5
09dc08ae4476aa6148f2b4ab9d0b181a

SHA1
0f05c10213163f9809813a021b9fae849efbd10b

SHA256
bfccdf7c988c5fca7e3dbfa01ed1093ac322069969cfb1582db6c1266e880d20

SHA512
3052b83f38a420a1cec9b16a17d0c2b0e29d2e65d86db88f70cb94de0dc765e93fcd1c75599d5201378ba23e8a0d29c8256c62829f9c15fadf95a3144f334b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
43a859a3878743c08cad46001b747243

SHA1
97e73be649cdcfcbacdc7ba16f0a22b93407ae26

SHA256
ee0464bd5e44fc807bee3e87c0d7136dcedc531e488d7b6bae4e8a640c80afda

SHA512
934022b7dc2a77744f7e94425093aaf37c9beebf65bce312cf6be6c06465078d3b00fef817d8e92ebb5b9e182b1c0055a3a93eb9f30d18104256306710a83b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
8fbf0ccf96149fb8f06cbc1303b1dbee

SHA1
3aff2623d8e33795b4d32bc7b07c482b27bf45c4

SHA256
75cd2e1f2b83a93ee310dddce8296430487eea79f34e6c2a189a55d3c634a420

SHA512
951d0a018c54508e593d9af7cfd8f498c44639cc1739326d908d42340b3fca664116151fab67e5c996089986890d0f7d0b9bd4a94ae183125a967a0d799277a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
743e4193735e51b6baa1423282f695df

SHA1
e1753233b93c8b0c8797afe5e021f59a3eb1fe28

SHA256
c52ee1bec4336ed0f68b628281c3eed167b5c8550fc2cffb808a247d7d8e45f0

SHA512
f2001cb7702e21253e22454cf5455a88478e579b8a49150e4d6712c01608576e3b3be5e379d69f1f8464e0e48d4d741212c891e59c03ee6d30fa9e189cf10bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5b941e9b444bb6acdb1064205d2a6d74

SHA1
312205cb579adb3633cd67e40606e457db5a652c

SHA256
66dc599b9d9e0060e60b54d2500f5d39be1633bc69c8f8c2288936215708f8ea

SHA512
776ba89bcd3e62771666fccf725355983f1487a0d61657f67c7ebc1b9acd34875956da6660aa1f2a82599f0855e36d47650bd5ce6600153b37d51db6ea9e7e51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c0938c8b18917bc5321b2f40d64de4cb

SHA1
42e3c5493ae0337ea613ac9ba0df14f49f03431a

SHA256
bbc36265abe10bd41e2ebb299499ea7cfcc3de6b44accc496cdfb7624d0017d8

SHA512
2776c6b3ba5c5707aad867d588ed37a5d73b82e2caf86d356b572440973f8c75f8e3fc8e547b4d5d6492ee6b67136fe22a444d626954b146ff60bd38968ac30f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
367fadc78b9d1ff3b9654fee198c28c0

SHA1
e3f5730265bca14886965e2a78466f1f61674e91

SHA256
54af01563aeb684b37a581df0539cd86c6d61c0cf4e7de16cf544b19c6bfdca4

SHA512
d0a6884c8ccbd9d6054de7a1d42217450b775478aa1870a9adb97f51895fefc269ff059fd85788757159e02a18859b0593f196165c0c88d65f36bf71b4f4d664

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7c66c81eafae42ab9727b48f9aef00f6

SHA1
34e8433f766011f767c17286c6e3eeca499c8352

SHA256
0c4b8bbb28db52cc3366b599475843b34b4e449811ccdc1b999da4b08123e91c

SHA512
5721941fc4f264711f7c78e343f8b7df782a04a7a27e7790ee3fbacc9e61734b2fa43d2dec9bc67e7a1ce60d0d4aae355f9c67a4f1a6e4c787d0d58b5bf1011b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4bf096eaacf8ef9ef1a5208c432bd487

SHA1
60952a5662fdb807b4a3566cb317829df13d1a80

SHA256
3e4ea21eed5f755d0b62d8077d79121ad3f0f5d5dd3d3329129f5e48b8682a3d

SHA512
7bb5109cd5fb8e00f3c2755b7a60e0cdff69a2b2fb5dd08cabd2c8908f42c25765b48bab5e13f5c5d154ad18d1ce9847c41166b07848e996922ff33cce42134b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a159dae74bba25b24398ae57f4157d33

SHA1
b7be1cdba9040406aebe0ebf943fd08a37bf957b

SHA256
65dd978a64f12facde4e7ffa58caa8e476e41f669738fffdc9a6e2ab58e65180

SHA512
389f97a4552ea0b523d3d8555fe80f754b9706e89c199868193926ef1567fd432e786703483b2ff03be31aed436f2318459555d8bf55cfd53d8a9cedd514bd42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57df63.TMP

Filesize
538B

MD5
c5c30b15f14620479191ea93b2ed9548

SHA1
0da61b79386e46645ef11d1431916ffa6887d5b8

SHA256
5bcf4110bb20e8ea6898ca3a07ba1a86d385fd77bb1b7ad8407987aea1c2abe4

SHA512
e805429242e96caa9ed5880e49f5cf50857fcc4627f6d1d8b969f9ed2c1c8148f15ec3c3b140af2d7226fb7ff62c9133e4fd6629b9ce6f13339323dafc88d105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e8f88b5bdcc2090f2d54daff8c0018c6

SHA1
7a5d7a176ca4bf2e7c8fcbed0db0681dafc0bbec

SHA256
77523b941be65aab433a8f1332bf559f818c9e4f5d210a746af40f0cc9212724

SHA512
f51ef7a04469b0919a7333fc80e6085916ac7deec57333ded0512de85dcd972f2ac1e683aab2b181a5810f00df1ed07506fe761115811027c8efbf67f96fa8d2

Download Submit
\??\pipe\LOCAL\crashpad_632_TQWNKAQLUOWQMZOA

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit