Analysis Overview
SHA256
f75e8e5a49ae2775ba362b1d31dda98a23302360ba3da67a3d3ca53751d914b1
Threat Level: Shows suspicious behavior
The file . was found to be: Shows suspicious behavior.
Malicious Activity Summary
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious behavior: EnumeratesProcesses
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Suspicious use of SetWindowsHookEx
Enumerates system info in registry
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-07 17:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-07 17:47
Reported
2024-11-07 17:50
Platform
win7-20240903-en
Max time kernel
118s
Max time network
127s
Command Line
Signatures
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 105b90403d31db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf6000000000200000000001066000000010000200000009a5574a54eefb48b6f21744332e138beaae4ec4c0a667147feeb17d24315612b000000000e80000000020000200000004d6870c1f934b790933cdcf4008964d088cbc6c537f82a638a37310a01e2bcde200000002d78154aa11d867cf1466c58cc1e48b2bd7d185104cc037ee6ae788ca589657840000000130ead4be3c1c510d829328646effa98a487498f64c2b91554c3569b80db79f9640a74d05d56fa26955542a34f98021468c459e001016b188e109b010c205130 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a7e3310a2b0e6e498bd88e48ec67abf600000000020000000000106600000001000020000000765bffd35073c64044701eb0ea696ac5d999f5092424a3fc50a07ec94dd16caf000000000e800000000200002000000059d5be708dadb646722aa5b79b1399faecbae5e0a9eb0c1ecafbfbb4f819d3eb90000000a627308152b4c12a50c51e0baa3fb7c3530041db64616bce30f22ac7209f8bddfeb69db0d1001bf7e011874697aee28a4fc98568eb675b81f0c71725ebf06c2deeeb4470ba929cbcdfcb5e54202a386c60062887b307a7acf5fe51dc754343ab11b1a7f7411f16f2dfa7cff1f6ff4590719059b7b6b470a9dde2ea461cbba8fdcf4bd772ef390e39097f2764dad0d8c8400000002faca92bf19ffc9dfd6b13e5a547860f0d21f1d73621dad4c89b0eb3f823cef927055ef56226ca4db208f707d953568321d30a94a79a251dfbbefb46bf20c5fc | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437163540" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{69EE61A1-9D30-11EF-8C85-523A95B0E536} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3063565911-2056067323-3330884624-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2384 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
| PID 2384 wrote to memory of 2336 | N/A | C:\Program Files\Internet Explorer\iexplore.exe | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE |
Processes
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2384 CREDAT:275457 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.fastly.steamstatic.com | udp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.3.52:443 | community.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 151.101.3.52:443 | shared.steamstatic.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\CabD694.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\Local\Temp\TarD6F4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 35ecfda3810684588218bc670837cd8e |
| SHA1 | ebeb2e7a33f51be5b0d22fff6961d0849a299f5c |
| SHA256 | c64d68344f8e8f22516524a217ec1ab2370a93cde6d7f152d08aa11f32dbd5c7 |
| SHA512 | 4d53dd0f3ef6611cc9afe1040e66495c0b0df929a5578e9121d277572c9b1673a6b2697810ee9d563847a1ef5feb517cfe01fbfb063e7b34a2d6d0379c2d3b68 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 05197eb13b89f3bb3ba165840b890d48 |
| SHA1 | d74de809e90e3c47bb88be7d2ecbcd6961e63600 |
| SHA256 | 16f0928f8064ac3b5488bc0989acd2d771736f174a2dd55eb18a210f0b245ce0 |
| SHA512 | 8c7c2213919d4f34d9df8052fccf6233c14c4c9164bc90f89782328d1cf28181ce101c3cc272289dec3959bef63417269f8d1472396a12d98ddf434d2bb89849 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 72f41f7ff78c728ccf3f87b3798bedb2 |
| SHA1 | 70751bfb9a4e8fe6f3c6510760c1e1c1832e5932 |
| SHA256 | 1cd33af1f928a2708088faa7a1291dfbfb32880e9af5dda187973c0931c98f0b |
| SHA512 | 0cb374e5d0659c6bc3d80111cc73537d0b65e077778390bd0f2dd43c3c7782561f68e45edb27c24c5d1d1910afc8d871d8bc8f8651e51b5d607227d401548a07 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 964ac49fef78759a76bc0888cb6852d3 |
| SHA1 | 8cdc2eee8a7e8bccd799b39fe8597b44130c0c59 |
| SHA256 | 47d0c2fabec2afebd7512e5036344b1b10818b204a4dfa4ecf85dd18f0eca053 |
| SHA512 | 09b8e4d93a17668bb4abb5283fd6dfbd23242053fde4bce4682ab7436958abdcd65f3b6140c66ff2f97b3a7b5b9332c3244e48d2238aae8d2423efc2430694d0 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 92b419453f400101d504f0c7113c7cb6 |
| SHA1 | 600fbc08296909d57371e19bb6075d5bf09c4dfa |
| SHA256 | 69acb9a6490b67ddee938fc3b77dd815fe5e98b42510d40aa901d9a3eb1c7091 |
| SHA512 | 1cfb97cb6a2c0e27eb269b0f602c44a32672901537d516a563ccc45dd0a9a593a23162cad098ab7afb34e00692f365c4e18b77d51b4a01698822eaa0d8acb493 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b330b049ecb325d6d397820c01afed7 |
| SHA1 | 196bb16a8a9aab8a8a6aa6a98da80377068595a7 |
| SHA256 | f31f1ac6e2cca022b6e438e691064ab63fe59fab3fe28befe988ecd7d03f25d7 |
| SHA512 | fb676e259c74e5e172ab2d145d1edbad43d8ddfea19af5a242f83ef80edde11e7436e5f32e8d5c47ac3ef65fbfa3ebe6114566ef8f0313d6cf070b9f7a25c50c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 1d30240cfb4a3ef8aac39bfc762c448b |
| SHA1 | 335666e76ebc01601aab10df4be935568e0de654 |
| SHA256 | 140569110690f22e6d2f7014a8035b25c163eaf56c20e4ec4a70e8c17f0daed6 |
| SHA512 | bc81bfd847878cdf900aa6c9511e6f923894eaa0346145c0a06abdbd887b3a8875e520108431624be67a682d02ba0c413e0f31fa0303463b3019cbd1fd14c829 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5386487327a823c37e780e1fc0066ebf |
| SHA1 | 3a24e21c60404b3e39e05edea6f11385e34c352e |
| SHA256 | 9a8a5657e7a63642e892ecddaa34dbd1e7e00d51325b57ce794e8d34acdacff2 |
| SHA512 | 6cc0e1d3fbf2d8feeb88287bb615a679fdf72d53e2e78aacf2caa1eb0925df1c7895fc2803baf853d720431c6e3d2fd1debf543f4b91ec4de5240e1d2deefdfa |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ff48e31aa5faf55041be73bad3c844f |
| SHA1 | e19f8dcde42aae400f7c56b23b97f5781184ebba |
| SHA256 | 1ebb91ff992234483c33f99e679447aaa4b3c70035f261e4ff0341dbac538687 |
| SHA512 | b58c2ec590dc2d82aa243e5403d02b500ddb04f242dfe986cfd0ea869e2288bc3f8d52fd96046d555ff2c7a12073175aeafa09a8703298350afa4052cd836697 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | af01bb255de09d5938008acbfdb522a8 |
| SHA1 | 4faff5a3d9056ad090f89670907b390bd610fbbb |
| SHA256 | e16b922599764983a904860b6b627e0471c42834e38bba3b10953c4e746766dd |
| SHA512 | d3e9a6a4162973757c53c679ed0a5bd8e725ac9eddc15e65de7745c35b12f5a3fe4b63abb861501957e814c5c85ec9532d3179ac54ad7f2ae77cdd4d311d41b1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a8b41cd63e8523689f154608ac8523f1 |
| SHA1 | f18697c2f68a5011da432ab5a1edc13a6143429e |
| SHA256 | 57df3e757c5758527d561e0b73321b7dc96cb53abc48dd656632f9abbbeb4afe |
| SHA512 | 36196546afb75ff1f308de3f85b072f28869b971929b2d9c5b3c953713a91449b296a3816d31d133cd59b738818ad6ebf38780f2372dd78c1527eac2e9035419 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 2272f6fc8d939ab7fefe0fd11c0b575c |
| SHA1 | 25b23be5b967f05d928b544639f37ca54373b78b |
| SHA256 | d6a02e4d0c15dc5790288ea47acc28dd97ff281dc085c1ce1aee27475302093c |
| SHA512 | 30d8240acf354a02571c24eadc3baf5c4c6e70a8f4e70275a1e75b91fc389a5d8df29c3a25bbc6d2e88f833fc8c137d435c52749aa53119c441c4c0d5dfc320f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a80f5f0b1fb609fa38edcaebd4674b0e |
| SHA1 | 3aefa8797bfd4060cad9eb1197e4d3149ac65d00 |
| SHA256 | 13827c21638c9756f8a453b315f926193541535c8ac5a27912b351855112a758 |
| SHA512 | 0d1d388e3cbd4f4b6f23fa419c5732b168e55f193e47205dfa693d424cb0f5e4e271f663d7d24e0ad45bed1674316fafef2af6481795d41064e14b80290481eb |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97a6d9e53e58aadb5c51ca01031803da |
| SHA1 | db4af7f06930821a1c218a3319978100caeeb4d9 |
| SHA256 | 9218bc75f208568cdd5872a57d0837e0c649f726b7ade0e947583df9b391786e |
| SHA512 | e147b6adcb4e8fa0ae1a34b6821f036752e5e417a07c18e24ccae5e6385c92bbd7021a42f6f4b7a5231c252da839b47351dd02b4725431d66d367c58870b814b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc693c1faf70f8884a3a08fc369227a5 |
| SHA1 | b8dfafb64981d37d925af13479df528ca6a8df11 |
| SHA256 | 6543691cb44070e7cabf62499e3ed8fb3b4f5f6dda97574fd9f1ecccd37cf083 |
| SHA512 | e1f103040da5d0c0e9e21b58b8236ba1559aa272c5dfaed41960e5c3eb8c5c67a0b637b9dfa071788aa0fe7874cc0c676cbd5163b8ba05d372492fc9c434ae44 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 206f1124059943e0003a31e59b671951 |
| SHA1 | 246109e617b65c6ad98b1cd10060de76616d2139 |
| SHA256 | 57625b3ab54cdd62fc5001d2603dcecd75ceaa47de681ad9967627a27621042b |
| SHA512 | 7f194ad9ace1172131cbc73d828c139a1ad644d99768a2a3ce872b5c82298823a276434f8d992afdce673402b920b554be716d60fb949877e135451e4b487931 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | edebf7b4d2c868add421660d66c2e55d |
| SHA1 | 0b76de7cde6ac9556381990ed60f6a5108d4b459 |
| SHA256 | 08ea3b609e8af65a36a7d6713e8321c59c77c48cc9b89c032c0fa8f8f43e8ede |
| SHA512 | a970e426b2f6b50c93a099ac97f15f0312dfa59c54d4f91b8fe1b45247e005dff54cf3187234b2ce7763e5463c71e3c6704e9bb53c62f61c1f1feead0273ca6f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0ff229ce62e7c1d6258e1bbb5f7b4626 |
| SHA1 | 1e34218b24e0eef68ae57d71fc9b443f715576ba |
| SHA256 | 60c1683e64e50273bdc26e0c1e34ba88483b31b58743d91ecf2bcf3fc8f3709e |
| SHA512 | a27db56b411a000634e2cab3bc6d1994f92031238c4ade637ac859dd446f9c9a717fa9f8b6850b44b22369be19a16ca7991d9e43b6b0acfd8ab7ef83c6662ce4 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a66941aec9d6b0e266aa9619c299fe7f |
| SHA1 | 8f1ae4e7b08336bd8634619660da9294472d5923 |
| SHA256 | 19fe6bafc94497fe8264ed2fc7d195ab989b474bb2c918f1736d88b501845af1 |
| SHA512 | a6f672dc8a169cf1022cafc6bc40b848ebb21a7ca044de67cc36c8b15368494b1bdbed820922fad943c2e1a68ad082c509eb068551e996310df22d283cca01a1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 97196c4abbe474cbab3dfdf88a9d3654 |
| SHA1 | e163e50bad6285697040206ce7bb386540e8a455 |
| SHA256 | c7d7411b13397d689a173ca12311ad1503ea11983c6eb8f7de2ca73e02ffed81 |
| SHA512 | ca4b8f712ef0397f6dc3fe0288385428fb7b934d5381ad5a3e9d511498713ac14311e19c1207acdb6263822b06edc2a645836658c42a7bcdb3c8955ea6984612 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | be37522cfa5cd3c10423e6cd6bf2506e |
| SHA1 | 961efb2597b262762e72b8ec390ec186c6e602bd |
| SHA256 | e5cf507f7d6903a4e2bec37530470c139ec6cb48de9bb5b35284f0ba0f6adb95 |
| SHA512 | d138e16b3adf0682df812a427a2f3270d8344ac45cf05126190dd8bb56281f853d10b398e5a4e20f26bffc367cc6efa15725f7f77ad699edf4c80eaa5cb1ad82 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-07 17:47
Reported
2024-11-07 17:49
Platform
win10v2004-20241007-en
Max time kernel
94s
Max time network
101s
Command Line
Signatures
A potential corporate email address has been identified in the URL: [email protected]
A potential corporate email address has been identified in the URL: [email protected]
Detected potential entity reuse from brand STEAM.
Browser Information Discovery
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9da5d46f8,0x7ff9da5d4708,0x7ff9da5d4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5184 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3100 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,4126958338991815491,12993006295331047771,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | community.fastly.steamstatic.com | udp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 151.101.131.52:443 | community.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.fastly.steamstatic.com | udp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 151.101.67.52:443 | cdn.fastly.steamstatic.com | tcp |
| US | 8.8.8.8:53 | shared.steamstatic.com | udp |
| US | 8.8.8.8:53 | steamcommunity.com | udp |
| US | 151.101.67.52:443 | shared.steamstatic.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.131.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 52.67.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 109.234.82.104.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| GB | 92.123.128.137:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 137.128.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 198.187.3.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | is.gd | udp |
| US | 104.25.233.53:80 | is.gd | tcp |
| US | 104.25.233.53:80 | is.gd | tcp |
| US | 104.25.233.53:443 | is.gd | tcp |
| US | 8.8.8.8:53 | 53.233.25.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | syteamcommnumnlty.com | udp |
| US | 104.21.18.169:443 | syteamcommnumnlty.com | tcp |
| US | 104.21.18.169:443 | syteamcommnumnlty.com | tcp |
| GB | 104.82.234.109:443 | steamcommunity.com | tcp |
| US | 8.8.8.8:53 | steamcommuniqy.com | udp |
| US | 8.8.8.8:53 | a.nel.cloudflare.com | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | tcp |
| US | 8.8.8.8:53 | store.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | code.jquery.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 151.101.194.137:443 | code.jquery.com | tcp |
| US | 8.8.8.8:53 | 169.18.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 1.80.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 151.145.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 137.194.101.151.in-addr.arpa | udp |
| US | 35.190.80.1:443 | a.nel.cloudflare.com | udp |
| US | 8.8.8.8:53 | cdn.akamai.steamstatic.com | udp |
| US | 172.64.145.151:443 | store.cloudflare.steamstatic.com | tcp |
| US | 8.8.8.8:53 | cdn.cloudflare.steamstatic.com | udp |
| GB | 2.19.117.29:443 | cdn.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | store.steampowered.com | udp |
| US | 8.8.8.8:53 | clan.akamai.steamstatic.com | udp |
| US | 23.192.21.216:443 | store.steampowered.com | tcp |
| GB | 2.19.117.13:443 | clan.akamai.steamstatic.com | tcp |
| US | 8.8.8.8:53 | 105.209.201.84.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 13.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.21.192.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | cdn.jsdelivr.net | udp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 151.101.129.229:443 | cdn.jsdelivr.net | tcp |
| US | 8.8.8.8:53 | fonts.cdnfonts.com | udp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | community.cloudflare.steamstatic.com | udp |
| US | 8.8.8.8:53 | community.akamai.steamstatic.com | udp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| GB | 2.19.117.23:443 | community.akamai.steamstatic.com | tcp |
| US | 104.21.72.124:443 | fonts.cdnfonts.com | tcp |
| US | 8.8.8.8:53 | 229.129.101.151.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 226.21.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 124.72.21.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 61cef8e38cd95bf003f5fdd1dc37dae1 |
| SHA1 | 11f2f79ecb349344c143eea9a0fed41891a3467f |
| SHA256 | ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e |
| SHA512 | 6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d |
\??\pipe\LOCAL\crashpad_4868_QHGLTTIVFPNWWDUE
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0a9dc42e4013fc47438e96d24beb8eff |
| SHA1 | 806ab26d7eae031a58484188a7eb1adab06457fc |
| SHA256 | 58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151 |
| SHA512 | 868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1e0e423ef0e32139eb38d95f2b8220f9 |
| SHA1 | f9975082c21b3d7b2cfc18e6e441aafa1c753849 |
| SHA256 | 126c0e5d990c5a1f86089b6a254e74fc41ae50ce1c75e34421b3865355254a07 |
| SHA512 | 16423156ab0e572980dddcb2db110e77f7ae31b47f0cad4a2d65fd286b6d048287aff044384993838b03abe3878bb6c329e0daf5d6dbcf448b10d54894cb7baa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8825443da359579183b05dff4cffc9a8 |
| SHA1 | 42509bd9a1e8244cabc991850edef1f787ff8621 |
| SHA256 | 77d3eaebba36c7e54131161c88349d80eb4c5ad5f63348c2e5c755715b83c024 |
| SHA512 | 6d5756407bf30c0aca2f6db1f280659b57880fd85a5572d20377745c44351c1bd86fa26816ae327a69e30947e94a66447db1076df1a4216f0f53792ee6a0dfdb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 4dc2a6de648d04878665414d9c7b72b8 |
| SHA1 | a6fee0ef504fe15e5288f87674df26594c51a597 |
| SHA256 | 4e8ebdb28e19d1315d5727bfc729d07d5e58afa47d7e63b4ec0e762962bcacee |
| SHA512 | c3432c7c4a3cf28b7d2d00db9f4141a5d2b251f7ebff3351ba325731800a17450b4bc98a4bb04995bb992e41688c30f3f02483e0e72bfee42277b120b2b3b6e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 0cd51f2a227b04fadc30078e39293755 |
| SHA1 | 45bb4f60ae2a46802875506f844b7fd23a5bbb2b |
| SHA256 | 6c0013ee793af4b12750caf8171d64e17e32eb694e1be7fa0be67032706c678c |
| SHA512 | 8ed3828b6cbe2de73a569c2d8131d3cf3551de7469a0cca06dcd7acadced2c341d2e00b36a018f0ecccaf1ab489566e3334bcfb988cb3c042f2629ed86c1aa3b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a
| MD5 | 231913fdebabcbe65f4b0052372bde56 |
| SHA1 | 553909d080e4f210b64dc73292f3a111d5a0781f |
| SHA256 | 9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad |
| SHA512 | 7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 40e71a0d336a12ca482ff1ed7aca37d5 |
| SHA1 | 9f2242138830b70759ef9a44a36b74b7e9fe8489 |
| SHA256 | 02e8e06ea444ccd6b70032903af3b2cac00fa42b498db837233d332fb89aca34 |
| SHA512 | 8d8413935b00988247cf7b97f6a38832b24af6d9afb6a14bb9dd7e421f95fc62389c606bbe4e8be282dcb0a648ad57e0d9bc0d795c3f30753af2bc605fd0ad71 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | d79cdb2f058ce2a2ca6295bf12b26736 |
| SHA1 | b28d7b0b65c5efdfc7bb08f80283a38c7cbced6b |
| SHA256 | f503e9f9e0741c317ef7e64031b5564dd6643104e51b052178ec3ddbdcfeeb2c |
| SHA512 | f7dfdabdb8fd6f772337cbb4c86034a4cdd693be9bda37164a12177a107cf00f3fefef03ea7a3c28b4ed7dc30885055d6b281acb3fadaf7390d96088c481c93d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | b67252c37809564478469f293f428d84 |
| SHA1 | 82baefd5ad600120e91e098e5396ea43616ecd2a |
| SHA256 | e3f0dedd72d4282e1ca2835261281ae1b399bc82fa15950e210675244ee9b953 |
| SHA512 | 5604130acc30cd4a61702c2f9f0222d48081857b04c07b087e13e823c9068cb2128574c6effecd6b9da99ec0b00d772603360db3924f689c2a62a3b90f8993e3 |