hxxps://u[.]to/tbgRIQ

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/tbgRIQ

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Probable phishing domain 1 TTPs 1 IoCs

Phishing

T1566

description	flow	ioc	stream
HTTP URL	129	https://steamrep.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8f398df21c3b7320	105

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
552	msedge.exe
552	msedge.exe
5096	msedge.exe
5096	msedge.exe
4816	identity_helper.exe
4816	identity_helper.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe
5096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 4784	5096	msedge.exe	84
PID 5096 wrote to memory of 4784	5096	msedge.exe	84
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 4360	5096	msedge.exe	85
PID 5096 wrote to memory of 552	5096	msedge.exe	86
PID 5096 wrote to memory of 552	5096	msedge.exe	86
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87
PID 5096 wrote to memory of 1840	5096	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/tbgRIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce47c46f8,0x7ffce47c4708,0x7ffce47c4718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2508 /prefetch:8
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2488 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2552 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2356 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3500 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,15345512079937203550,8950078925497178878,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:1
  2⤵
  PID:2236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
a6c829786d2e17327b59643b351fc4a1

SHA1
1c479ebd122959e6b222b34da0bc36353f68b21c

SHA256
c33c646952c2d53a40793a62060df21ffc7d0aee776b39ab5171f4763fa6d338

SHA512
35ca4634903fcf41d39abdece89b39d26138ead8830ba70155c835efec838b37280b4f264538518a4b785cdd34c534d9987d126df9fdce5dcac38e6c37203e2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d4957372a1bd398ec16d6975052fc3bb

SHA1
88ac3d79aed242a278b81b04ab48aa3e369c2628

SHA256
f704a337e2cc11ffeb7b9c23c5096ff72fd1a1e0f3ddabcb9a0e3e2701433f41

SHA512
59738fa4030062947d10ee1ac4ab9a5c5e0b25b7505f7c3a08cf737e3dece17b34c0c166723aa98bf862905b90202c7d609446960cc792266a1e414fecbe6849

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c92f5cde76df347d24d6d3c8d47af9d0

SHA1
8447923480c2b3962eb373e6abec2f693c82a203

SHA256
401e51f9bc29f1a02ccb161c94e3ea7c208e85a9c00dcc2c1e826e7dacf8049b

SHA512
a698c6f5758214699a3e9602d393036d495fe20c32ccf8663203edc9721f76c27f68241f0031595209f2a6e8f14668a99bf4b3061773b774f1ebe67eb5b927f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
7addc129a6be8bf005269ab5cbae2b1c

SHA1
faac03567c638f3b0e7ca088477df5ef1de9bf5a

SHA256
9ba3b4ca170cb4167dd07959ce67b9124012f067d4f0beefe995ed4d6ec7b529

SHA512
9b8592f6eeb5053e646282e0a0ac52690c17b3d7477be01b2a59ad945e043eb9031328450713ff1939ff7c3e890a8fa76d06b4c81b742aa2045c51af687c5ade

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
093105507a6dddc31647c7d949d7d7b4

SHA1
3b20035cef229394ad64d91f1130dba49442ee9d

SHA256
42848e154ba5c6ba1a98d0a67ae31b1f8e4411f9afb852d6597e3f0cd3bdb4fc

SHA512
586a53df2dddb82043cf869aac49deaf75b53575c0445ab68716e86856146813a5da328a53e4790997938a1ff884665cdd4acfb720c107299d3ed262e11748c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b2684d60e4e761e80ab0e4797ca7b2c7

SHA1
98387d1fe4b508a484b1e51d947552f210fe9718

SHA256
5edb8e2dcf895805b90c1394cc46c1a6c5e68de924d03e2ebb9708903458af8e

SHA512
c5f63d0cad9af0f5d7b3a6ff6551fa9b5a86843af9d342c78053e8ee4793b431b6105181dbb123bbf123b362af63be9e7a37e6cfb7cfe443407d00cfa821e36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7de66e9383007e8cb75735018d60033b

SHA1
31eb4b712b81770536da2ac258fda1449770a00e

SHA256
d5ba2846fc34ebfbb42a869674a569f69fdcb847d653d0c4f56296c9760a120d

SHA512
e902e12173fc5c61863cd07cdc2cba1067aa8b12b7f05fc6e5f104b9f9a353d6ab2f8fd56a98bd3ef602c1b685b9021ff1e090c9bd4c79650b606d4a3bc83fc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e0d5937cfb1af551c5e248dd301e76bc

SHA1
9c94b6e50df7cd26206cedc6aeaa406bd67e806c

SHA256
260a977ca0151a3241cb050bb2d0b101b21728ec3359136987e31597ae40b6b6

SHA512
e1ccd018650f2709c145f35f02b0c88295262666f5630164feaa58d105e3314ee4771b8954c88d2aacee2ad6b2d8076f2e3984f0264b4d180699eea7873757b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
903a0c78973d9e4616f39d51c0852871

SHA1
74f8b2faa8afec880e66a90800d8ec124de039f5

SHA256
ba088e2168fd685cea8bb05dfefd74bbf0acd255ab6de84dd3cae9bd8abb6107

SHA512
fe99b100f12dd83ac3b277b590e95b66bbdc2cbe3c093de29653f322b47df5fd93af0e0c893e2db406e0027b4764253e9427814bb0ab869b06161c9a21d3a584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b65ce0b84f6d5211f2f1d078a872252f

SHA1
cbe962250924f57888b927d046cf0346f05487ec

SHA256
41dd218dc26ad9a957dac33d33f650c2203e7410366511596939f121a9059690

SHA512
111e240d7de4c34683a39f97e4d1da43538437eb389b982040b1ff9c3f28b21a817ce5043828e04d0a0e93a7ed60e3c3e63d09bdd61dc3e1f7d4cc91d56d7dd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5400bbe0028f3eccf10f8975de813aac

SHA1
f2a983a3d6a7997d25d54bb28ca7507d098b9264

SHA256
91e83ffc60f2c3a4d3b80b2cd10cb4489981f4f1c97db5f51dbbf6edfd8d3441

SHA512
058dd20008113debdba863f531e2fbd8161ce587b035ef1ce09fb4f31019a5a3395dc3152fa5d4619f9207bf10163357eb0e7645f8bf06c90051fb6565c65f65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
595abd7caf0894cbfa927a48ed90e02c

SHA1
a964c6d5834d98a401fe0ce3adb58ab03e2923e7

SHA256
61c5da0079ec584351ccaabc59f8123965177547f94520eadc9cf3b432886cee

SHA512
d2492663f7df2978d9c749c0626dcfba1525d306dd16cce3b61bbf691ef9a1c9026cb4faacc1eb1882ad27abf79ce3cd6be0fe605e1bb5a76454b07f5886fae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
59c7194ac8c420ccc8fae8ed8b2cfe33

SHA1
31411d7819fcc907a4f9c3a04b5b0fc3c6be4b67

SHA256
2f1f9b746d0abd4ed1a2a384e566acb4e03862b77a87b4d49a293de80dc6ae55

SHA512
53fd0f9235c1b4763db9f1f31aac06d8e0f2a9b48b2413b3f19520075a5b703f5ca2787e7f82db77ecff03ea015006a58d51b0f3700fec825d55de7b549613b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582fe5.TMP

Filesize
1KB

MD5
aafb51dec7b53c79b8eb142cbcb2f0a3

SHA1
6e195bfbcbe28dd080c41971e1083a55bcc63ffe

SHA256
5bea44ffa1761975b3a1c2ad0c8a35a3d20f780afc84f4fb9add29c37e2474c8

SHA512
6ad698e6a828a537e84a53d18c44b24d3098dd5b727819c23993b8cde451611f8218a0dd81ad5c397480fa318621a5623d456797deefdd2cae669f77074fb505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
15fd04cb08f05453ad92d66990dd23d6

SHA1
f99bf9e08d8f648084e50a7c3dae34b56128d7d6

SHA256
b2f4b5a49bb938a5a732122fe6686cde1fe563d63e213a3bf14638d5118888cc

SHA512
a2c3a4b90687f7e7b99210cf1e8cdb8303cdf83631bdccb6b22261c22df681680689fe29223fa3418b9ca7bd386013acc48e614b74a0d11039c2f39326b1a16b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit