hxxps://u[.]to/Od4TIQ

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
20-12-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/Od4TIQ

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM.
phishing steam
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4224	msedge.exe
4224	msedge.exe
1036	msedge.exe
1036	msedge.exe
3032	msedge.exe
3032	msedge.exe
2828	identity_helper.exe
2828	identity_helper.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe
336	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 1128	1036	msedge.exe	78
PID 1036 wrote to memory of 1128	1036	msedge.exe	78
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4432	1036	msedge.exe	79
PID 1036 wrote to memory of 4224	1036	msedge.exe	80
PID 1036 wrote to memory of 4224	1036	msedge.exe	80
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81
PID 1036 wrote to memory of 4980	1036	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/Od4TIQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff8a1313cb8,0x7ff8a1313cc8,0x7ff8a1313cd8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3948 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3908 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1144 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
  2⤵
  PID:2824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6956 /prefetch:1
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,7925640601305260278,3579272409796188341,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4340

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4c1a24fa898d2a98b540b20272c8e47b

SHA1
3218bff9ce95b52842fa1b8bd00be073177141ef

SHA256
bbcc378fcbf64580e7a48b4e7ca9be57fa0a1f2e747f488325685bdb18d73a95

SHA512
e61f196e7f1c9a5fe249abe9b11eea770fb2f4babc61f60b12c71f43e6fe9354cf14869daf46abc2c2655bce180252acd43c10562a2dcd31fa7d90d33253820e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f1d2c7fd2ca29bb77a5da2d1847fbb92

SHA1
840de2cf36c22ba10ac96f90890b6a12a56526c6

SHA256
58d0f80310f4a84f687c5ce0adaa982eb42fe4480510399fa2ae975d40bb8bc5

SHA512
ede1fafea2404f16948fe0b5ea5161ccee3ee6e40c55ff98c337eac981a6776b9c73dc030a5c59e4347aec91259f497539206e71949c33adcecbf2c846709e14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
176441e4bea94956830acbd90b5812b7

SHA1
6bfd6949de08b74c4b7c85af9f0fa17151bff924

SHA256
ddd26dcec1a2ea861b2870bd6023f95ae8ee92b85f8757bce02b97205b62a74a

SHA512
abca2d7b7463351278f41843429f61df2471c631631546c6ef6a748a3813391edfb0268c17651c132fc932d7e6452cfb95af4be8883c149086ff46865b83a94a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
43KB

MD5
bdb6986bf5be8e8074fca7fbcb306630

SHA1
dda00e0e38ad449a2a440d92c90bded3570b31af

SHA256
9b93749c9f941efc90496b374b3473a712a877f856a79b739a4423fab61a68e9

SHA512
ddeda642636d555d302bbd4bab41241ab2c67736b91eee2aaa618c04f18007573f5e19ef165d3b2bd57136cea02edef3ea1aa3acdbadf224bd3b3d65a70a4c22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
21f4955f4e7a07d5cae4a46fc74ab263

SHA1
3e3e25ca71bb03ce2c9b2a495b346b9653568b1d

SHA256
0870954849b1ccc0e6a9754cfbd3ce33f791cde77156d1f84519713ac47c37c5

SHA512
ec857db1522f15d6b769dc775550eb0023e27c080de45f6c091bae25b8524ed17fba0ca84af38459bb1d772bf479327b031e5ef677d3eb7f65c703c03fc70b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
216KB

MD5
fec8f66d44eb2f5bc2d1b8b35654741b

SHA1
b087b5ca5074d8f649b51afc93a48de8e8625ac8

SHA256
4ab4dc3d67919c0e5934ec45feb1f22f457760c68881478034cd956cd5d5dbd6

SHA512
049f8bec4f0151d83b1072403e2f95caaea82ba53260494703eb9ef4c786e21ad11d825ab9d4ba19695890bbbdd9cdb9c3c2137b422b5b7336ade0eb3c459d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
205KB

MD5
b85074fa4f869286b5a9c6989a6fe99e

SHA1
42cd6fd540a5cbd03f48daffca09c4f77424673d

SHA256
5680c783736e90392a192fc31316db26179688b92eab774ae4f8e5c1208d8202

SHA512
b24c84a50c1e9c719e85bdda7e549860528d3a3b358ce66fcbd5be026c48b88b17a1b22315e4d9126901c2b6e2a45b7934e06bf4b584ccedb8876e872ec3a700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
228KB

MD5
b2b36f313a9a915cdb4ebbb40240f213

SHA1
397dcc5a1510ac58b21a146a97907a32f434a1c3

SHA256
47d57ad220f2def275a3a49d232f823af59c265bb82e8199880a7556e506fea1

SHA512
eabb8aaab9da0b36d1f39a8cdf5dd66ed472831da59dc1dc3a2811540f5ab9e05890c3158e5b7d55a8b1496ea2254adbcae416700a0e243266d0644f78500420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
17KB

MD5
d7f20e7973c054a1f9b6889b0d6c32b9

SHA1
5f7cd72f492ed2d6d5f7b325ca4a27588c35c3d4

SHA256
518bd81a163e773988a481b6a364dea4ec9963cd666a12833064bb6879f79619

SHA512
f26a0a45cb7072bde26cbaa9e18cdb72407cefb2f00c3b3b6e4d738544ddba2d48adc78dbd6f6ce3c3262da261c1d71b383f8653da6ec262da5770e150527aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
36KB

MD5
80c484a058ca2ae0f9bc62a38223d496

SHA1
8315360b781e7161b79df6bc8def9a66db7530a9

SHA256
d7530b224b4842c08b3bd6e33a059d33cff50653f06b3080504785c6c3997c7a

SHA512
5b3aa4494da9bed0fc7e7fefe00e8343e3e63322b7923bbb959a0d274716da283cbea5ebc4b59f4e508b8167c32479ffa3ce8b36465c6563bc20101aad9f8608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
117KB

MD5
4f7c668ae0988bf759b831769bfd0335

SHA1
280a11e29d10bb78d6a5b4a1f512bf3c05836e34

SHA256
32d4c8dc451e11db315d047306feea0376fbdc3a77c0ab8f5a8ab154164734d1

SHA512
af959fe2a7d5f186bd79a6b1d02c69f058ecd52e60ebd0effa7f23b665a41500732ffa50a6e468a5253bb58644251586ae38ec53e21eab9140f1cf5fd291f6a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
30KB

MD5
8dd0f80de826bc2fe213d526eff65b76

SHA1
96d5b411fd81e734d53ef30d0c1d41ae05fa5092

SHA256
6dea7254f903a2b4dc7aa6a8e82920e68a5688d88ba840dfd2a71d5fea8e541f

SHA512
0414d4f2aa92420debad51fbc8a6fff4ac040bab42cf4feab461806559436bbbec5f36b839ab7a65b5aa4a68786176e7eef2f2935d649a16dc0ececea0271aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
587a3f3b25518b3d0b2c9327473663f6

SHA1
80a7499b90d0afe5766d32b31372f9aab07ff139

SHA256
4b6534ac5d83f1e25db59d03423d884bc154d2a7774f755acf548f7c3ee036e3

SHA512
3acebfc8f91e895784c872ad96c39d830c80361e762e23dae25f98145cb6c7fef785218b7d3211993c0a84fef31bc702c121e14da6f95bc1b06acb6c3eefd65b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
6ea3e802430eee34d03b5072b7064ac2

SHA1
82e645f99e00c476980fcb9955c55236709e9348

SHA256
40f254c0ee845ab53b233eda56fef4b5dbb5694d65f50ab56a41364bdcb34724

SHA512
a1e00a9dd71fe8ecc33850ff5435ea38ad029fb413cb6ffe3499f826f792c642ef23da2808ec1ba51848a8e323382e18d86fc9cdfcd928b2cb2d259720be31bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
40c1e31c2183b6e92635921d745f7338

SHA1
e73977daaca363c39a4c9ec41badd1cb02fced4c

SHA256
1e6ca8c88cc8c4315fbeaa9a1708c4c22e65ef64424165e1a7d9207cb2d95ff0

SHA512
d1b21851f94958799075dc571e93e34286f2b75d9345052d08c94cc16301f4296d528eaf0e388f24bb1274369fd0ff7500f44974f2551652341d02ea7db0e4cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
df015edb793a29027a090a93301d098d

SHA1
862adfdf7fc36f5dc4777687e3007648362545c9

SHA256
12e68da1c444bff4e2aa592c4a0a35798989f97fc0e1b745a934c011d21e40b3

SHA512
83a71c28a8ed3be21da0af976c5b3fd218ac52ea4b6c0f5f8778581af6668b079907a2573b9db9e89c19231ad94754f12cb2c2d370bdd6bc82fcd570be35fe47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ea6b941118d773729973a485f11fc8a2

SHA1
d2d7226b28e05d0d87528532ed445f598da9375a

SHA256
722470ef1fe619955150c7cd004bb6d04196f62ae585e56028ba75188f3065e6

SHA512
51d135c766e8c4faa9162d1d80fd730167902372f16d6d8a28217b7978256fa326f4df640c35d88efbbf6159d45630015a53b5394677d170640d4de7489848bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea0b5d6bce62b1142fd54fda006b0c8a

SHA1
a4d42fc1c25684e0d487415ec3c80e8df93f218b

SHA256
1c07a4a878fd154271ae162cd1c8c5080e3ea74a67a79a1ac06be8eccc2a8e32

SHA512
06c1de574693231035a970507f1f05f07b01f613620f9d8107197cbf90f495b5c6ec14f7e6b4135fac99904f72502e3bf37ab566518ee3346e27dec2b86d3acc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
746a4c7b013acc2985233b59b482f386

SHA1
d944bcb9faa2eec2fd8ae58d6303ab03939f5dde

SHA256
5c8dd16646502119f217cbf53ce392046b7c1bdbdcb514421513d4070de4df23

SHA512
ecdf70d941a36b4b9967a0c0a8c54be68b43a444c797016f53d4298a4105ab59c720d17e4d75f87e4299d7ab40e17bfbe61ea80ee94325224672390c6c5ab1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
318f8cdcc33d753a7dad2b1cdb304707

SHA1
06cdb8d4deb6a9fe5e2c978ef66d9021b86ef350

SHA256
ef9989a9ef7751a9a82cd6c51cbb7d3e3d58f0b1cc13f526b1ffcd75ae3f8d83

SHA512
e6e1d4d533432d26d4f7fbec0573fb1223ff907cdf38b29093a751423a1bb26b311556e9a41e18060b5f463fb6339fcefe4f2403cfddc2e7b97923e47c258232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4d1d5b4381f5e5dc36ca79d797026871

SHA1
b232e71d49e244bffca512bd1c8fbb63bd1acb58

SHA256
c11ba2139708168f9b16af70bcc6916278dbc80503e95c22900c5bc20308208a

SHA512
b920d30b3936ada22bd90319a95890348ca460f61bc0cedacaa5b70e47a64411bbe132cbd77fdf5df8b721eab217a30071efe1186b792f2fb0b73565bed3fd9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3ddc5a60ff36ef8b6371c25f9b825a9d

SHA1
eb02b41284de1c98fb8600b57ff7374f6a60ac84

SHA256
433a66cc1a80eebebcd74d9f9737998ea1d131d19b6d3793b0632fd1489f6ed6

SHA512
3f37ce98a56c09fc2ecd03f1e11a161ea0496c64a9d0751b9046e3e61c5664015d3777fb46d055f98811e4589e5daea17f847a2de9c5dab3f012df94441521fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5c7ebfa3b5e81d732132329497fe935b

SHA1
6dc140e2f039e60599acc7cc7a037c86ea467531

SHA256
9b1cc39213a20af9a7d080032eda2e541c171ac94da0020d1e07737fd13abb84

SHA512
6252093094fe13abdc3c79b5b1de85589e7a9d7a4f5b28834778e65bf2fff9c33a8497824daec1c03c0316441b3958e55e9916cc5be48d10571d78a448defaaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0e09c3773fd27c9573c18fa70ed8fc07

SHA1
9d6737bab67a05c2dd24700ff9ee249ca29094bc

SHA256
760b1a8940ebefa1b0397e58c1edd59420f09236cfe7bc1ce2cebdb58bea8ee3

SHA512
eba498cfc8331dced83c7f262004704b36983526c70813255be73e5f2f73c5f56b8fcf2b88b84fbd2a34a9163a834a7499cd0eb42eac7d967920ac03e70eaa42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
dd4effe40522731b995f76e85ba27b80

SHA1
9d918af5ea4149c04ca896eaa6d059a4af770f77

SHA256
bc5836d991d41ee671df226e64b39e332d3bfaf000e7388c022859f7bc6237d1

SHA512
2dd81cb2056e3abad2663d21708199fea52a7149fd86771682a4fd3c45d5fb831979b2c2c14cbf126445183732b1fda271137bba2508ea77e499d9d58b819429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
69756eb79c3f4fbac1b54368d7297fa9

SHA1
94e1c58daab7303c4d4952365a5ea7cc44ab602a

SHA256
f5ee79adb4e8c501bb7d8b9937dcce108f47dae7732037250d72fa295f27a2a5

SHA512
934efb33c0f1042188de0561672608026babd47c0392abb2f218891c7e4e08e981362f11ae282c8f1570aa4f4a76146a147ae255ddf7fd8da188c350f22dcd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59168c.TMP

Filesize
707B

MD5
b849cf399b8428d10d6e333821248b18

SHA1
238474dcf6cfb49c1e8c3f7fe4dd3602a7503e4a

SHA256
88758d0e478a71f036b3f7e73fac4a6fad73769a4e8df5130876c0a2f0af9d35

SHA512
7790916dfa2d59fa046da2e2d62c47b59af903301c130e0567191d8e57e560f09d45f8ec5560beac5b6a57a8289c33af78f9a0786ccbcc2916b51b7c2a399670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
22a5c3fc7aff0373271d1d6f586357a0

SHA1
aa188f95377f28dd808bc953a24edc76a28f9c86

SHA256
b24e187cd2260d760e1f9f381e72d9ed4a3aad24db23e4dbb8d8e4f1ca04726c

SHA512
43f0f5a0196d24da262491d89ebefa3ed04cb9f988b06691cb5c3342d8cc8eae9eb1afde49cb4f1cb9c4eb263ad286d1d594db1f53ce97e0d7c6b1344532e34d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit