hxxp://steamticket-50[.]com/1053904196

Analysis

max time kernel
119s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 19:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://steamticket-50.com/1053904196

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
95	3244	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_708368992\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_579611796\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_579611796\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_708368992\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_579611796\manifest.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1036_773619076\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1036_249873836\_locales\fr_CA\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876624453251141"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{C03AB3C1-359C-404A-B1C1-2BC1C8748C4C}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe
1036	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1036 wrote to memory of 4400	1036	msedge.exe	86
PID 1036 wrote to memory of 4400	1036	msedge.exe	86
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3244	1036	msedge.exe	87
PID 1036 wrote to memory of 3244	1036	msedge.exe	87
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 3128	1036	msedge.exe	88
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89
PID 1036 wrote to memory of 2492	1036	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://steamticket-50.com/1053904196
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ffa13dbf208,0x7ffa13dbf214,0x7ffa13dbf220
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1960,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=2720 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2684,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:2
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2260,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3444,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3452,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5008,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5004,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3412,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5416,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5524,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6064,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6220,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6160,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6112 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --always-read-main-dll --field-trial-handle=4284,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6476,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6388,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --always-read-main-dll --field-trial-handle=6600,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3868,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6596 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6332,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6612,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6772 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:8
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6120,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6056,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3624,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:8
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3616,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6808 /prefetch:8
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --instant-process --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --always-read-main-dll --field-trial-handle=6368,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=3612 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --always-read-main-dll --field-trial-handle=6924,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --always-read-main-dll --field-trial-handle=6956,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6860,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=528 /prefetch:8
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6948,i,8900683328852399258,11519156253826567477,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4792

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1036_424597202\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1036_579611796\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1036_579611796\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1036_708368992\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8a38a654cca42959299658b2d2cf3d50

SHA1
9c491662eec55142f8eddca27dbad6d22dab9ea6

SHA256
ebb89dc10081cd599a69c82fce32ff27d43c49dc7e296bf9da5731a9687ee1b7

SHA512
c260ccebdc90b6924da250d4d59936008e84b85546789320d8c62e0a08dbdc0487c7441a0a1127ed66aa40f7f5b55e5f72752c6c89fc904ab4c26339f4109c7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7aa51ef28f0712cad943406cc5aba966

SHA1
4f6e2d6b4e890fe745288141207db5e40de2007f

SHA256
d872573a4a411281f233c3da01e632550fedc2aaaeb62acf109d4459085bf44d

SHA512
c2c878b3330375969b5d5929b59f20d5c8fac7bbfe6d80c30c69627328080039c4b19acfae2f25bdba1d8fbfa0c1e0e71b8ec9eb7a7585331d32ce7f2a37e624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe58391c.TMP

Filesize
2KB

MD5
c48edc055e09eb635ac0a140a0444b04

SHA1
449d0bea43e165f518c51be194477d90a08f4df0

SHA256
08e4094f0c5db2bd9439ce2971a636e7b7c2e0bd5a8a9f8a501bcda1b3b11005

SHA512
b3ea6568770a45139a2e6d170143ca8296f4323734facc5c83003736da5d318e56c04b666da7861a3081058829e82bc2c0dd3cd9d6bc17f7de07618d3819a994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\devtools_devtools_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_ntp.msn.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3db7b229abe1d66d69cdd0e8962df114

SHA1
dad1ba2f2c3788f5aef8aea5a0e7230d06f1ab2f

SHA256
5af0b4c23f89010b3e3141f83e7265f4a69ee260554b43cff504a52888057317

SHA512
c5d8a876f99e773185234ad199b9eb0ecc9b4873f6dd33ed786b8e3af8494b4fda186b1e00fab7e880f7a557feede9482ccce8a1f5d730987c2e549069128c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
1781b04eeeb60278c7c18009be09987a

SHA1
f3dcfeeea6a93525bb72e7fdb270ef76c2189c27

SHA256
5c0c1ece086d0f14ff8b13ca244fcccc824170ebdbf19bf83cb7e8c685d8cac2

SHA512
6b41f7200dc99bb87fd503eea3636465aca1a8c8085543a8884fdaafd5d88548a1252f8c4b17d0043ee5b38fe5670eb9da90f7e5b97ca06100e9e457de415f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
d34d4e62e7e661992026b8fea970de7b

SHA1
6aff89cb1531b0e250726be683b4754da90d8773

SHA256
065f654fdef472e31f5db12966ec758f921eb56c2db0ef0287b470840f1c70a7

SHA512
bdea6e1672d5422ff09c361c9120e79bbd7b59d8b5ac2c005908e89e6b933afd60a3008433fce06bc9a9a694fc5dabf783391ed63918518edbaceaa6a77eae96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\b063b10c-aa74-40e9-8097-2e7a6b21975e\index-dir\the-real-index

Filesize
2KB

MD5
bdf055f68941fbc4d6116fd39f4214d8

SHA1
71551c8f85fff3115fc0451dff07cf12003407e4

SHA256
26382a47911d0e9cda8bd1a919fac08b6bf693c568d18c039e6e58f95b7b4e4a

SHA512
3d1b81a23750c85801ebce8ec7b0638d8ff383ffc0b815cc6a41ac92ef32fdfd1e32277ca6e47aeed5c7998ade0276b9ef2efbf5292404eeced5f2555961a010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\index.txt

Filesize
253B

MD5
3cd12d07b717c8b2ad9a16b1d1d8a3d1

SHA1
823d465298d00c2ffb1aef19ae4e30ce1e6bd577

SHA256
7e025132f2b14d146cac178b651471ed5c7d2e0302c0e3b63392469a1796e46d

SHA512
4b936d30b50cfc6fa728adb37e40baecaf07a8950105b1bff19831001a067f76ccde4609bd415d2c2b410d13ac50b6a246c0a2c3a339e6f07b183492a3dea7eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
f0e6ca22ca03aa3c3d8514a29d83c672

SHA1
bca4a8e3f870098c3776f6f1a5098d542a322974

SHA256
bf080999762bd04e7bbc182bb8a2ff618b5539b78d8bf98f1d424d9986cc06e6

SHA512
728868296b6a990303dfe00fe2500de3f9f88cbb35a70f118506f3d0a7b4de0e67cf2bc697aa329921d964d6ff170dc05a544fd9a8baf1c7b6f9243d8e1dc061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe59188f.TMP

Filesize
48B

MD5
ebb52d2e68a40b3206bc18f15223ba8a

SHA1
2d57e79c338884bb3f1274f0588221a9ad449f2d

SHA256
a7f54998e3c9ffce49710f31ee0f33eb4d7cdba22aa6afb0be89b6ee135f4aeb

SHA512
57e7e8c642f17fc75f50413fd18f6ef70b5726d643583ca2e2ef2af3883e2b3a53491cb83927493fabce97ddd3cd73b2087f0b943a8905b6785c25ee4adaa209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
38a563ffa2da1ccd2efa5f9fedf3ee34

SHA1
944151ce0159799a5ad6df1f397c83d94d634b32

SHA256
2f284ce9712ef2f638beeb774cccd00578095812290c269e10c0bd0f60592187

SHA512
7ed5aebaa54e5eafc8c848fcc313e45bec290f6364a6859e23ac55ba7e2514aa9e07b3cb3f6b94bacc2d95fef4a021dd7190af4c41a3cccfd93f7a8e725aa44d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
d800084a2714f44d5f51be6c3723ef41

SHA1
d57875d24ded49889f30ff71eff8e73c32fa6ca9

SHA256
7a5d307e28f4dde74ef6a09a09175068821f7f141bc3960ffca68cf74d6f6197

SHA512
898afb668884a5361040220d10e0ae97b886c8ac33cc834d80cd0174da43001c4c5f80054b62f0db160126c6e68ed7d55cd301400ec28cbadf234edf94d21ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
c67ba0bfc291f26d0bd8eef015dbca9e

SHA1
bf220dfbfa63639de3a2ecc9548dba39785a60a8

SHA256
3c692f1f75d298776a7ad251df1cc2041ae398f2c6ee933b727613332d4836e2

SHA512
cfffd48d1196150073d65ae8da84980541c7a93ff1f930f8984324306fb8886a9c1159badac4e43ed477d0e68b861f3af668e7a58f5487a17e732c8d07e8cebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
f5e3c15f4da0b6f1aa5ecb84f97f59bd

SHA1
2062603f5116a71c6b538c04e3570282764e8470

SHA256
25365daa1c5e461895d59d670af31781fa416284d03d3bf01961bb39cf9dc6b0

SHA512
fcacf52cb0ef1cc3bbbe456da36131f3aa74303cec4bf54a9f72fc034f852c35c3bea313a7bc325c92f6a72c87e9bdea22017b41c75f4d2912a7fa5f69ffce47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
59cb43825a76687a10ff3e2dcc04e6c9

SHA1
21fada5695879fbd65daf902911eae330d9eebc5

SHA256
853348f2eac3e5b7b3bc726172e5171176ab0a36f139a843330138c128a28f6a

SHA512
5207a420e93ddcd7fe7e2679b6e8755a771d3cbbdd219fc803563d922dea6f3ee4b3d8ffddaab6574be5ec94c496ebebc6cbd38a37a5ddd76fdeea94a61e191b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
0664e42d4a712eef5dffb7be99e30b4a

SHA1
f6da9ea5c5b16da229d0355e2c44a44ce2fddf29

SHA256
4c99f8d9245d30a6f3e27c20601079accf4a0753e58bd51be83638aec044b95f

SHA512
9386560b94c0d8bbc5b84fb5b9d0fe97aa428548b0917db8a19f7b050d04c4ebf0a88442d609083acbcd254327ec67036c328eb6dad13053865d26300b2126d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
93889aad3d796985529e4c1088d24ea9

SHA1
2bd94e7ba9e8642c5f616c73508b6dc09f526a86

SHA256
8006f7ddf55446d81a4ffd85958c947c4d1d7092d7bbec1e3588f2d189167587

SHA512
ea28d3e39accf80340f22bb81105e730066ef478296343d95dcb7751b624e4498c1734ab8299c422591190a22b7f9d1392abc1512990934599816260a696daee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b8e15f07bc605593f6a425d9f4b3653f

SHA1
1b541fb2b355dbd5c58be574d542faa34aeb9d42

SHA256
cdf0fa3eeb930d668e3a0c3575ee79ccaa71adf1c4f645dd833be7a78213dabb

SHA512
011b4df7efd0aa995775d896e1c9162621f4df992a4c046fa2f6f792559b6399c121d9caea5bf840ec9241c1a4f6e3d3504e9546bd9864eef50a35baa98bfef8

Download Submit
C:\Users\Admin\AppData\Local\Temp\147b863a-b1b5-4b50-a566-6dbccd700ad1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1036_1314401611\cc79a0c1-b269-4570-ae09-9825abf1e9f3.tmp

Filesize
2.1MB

MD5
4cd67032e35fa92f5182df10df289906

SHA1
9210bfc66bd808ffcd7c6443e160dc8d6754c416

SHA256
efdad7555293ec2d14399c2c2fc9d07228de1f6e3746b27da621b76fe5ceea07

SHA512
f3d83f6e77e4568d2dae539c95acf0a886926a001b4d80f0ea602387530fc333f688ac031b3057e1c2b0375426cf47ae33315f7da9ffaec601102be0bb7221cd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads