hxxps://steamticket-50[.]com/1053904196

Analysis

max time kernel
49s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 19:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamticket-50.com/1053904196

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
91	5596	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping3188_1532172820\_locales\sr\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876625967373555"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1062200478-553497403-3857448183-1000\{ACC7116C-AD77-45BB-9F95-7E3867303372}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe
3188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3188 wrote to memory of 220	3188	msedge.exe	88
PID 3188 wrote to memory of 220	3188	msedge.exe	88
PID 3188 wrote to memory of 5596	3188	msedge.exe	89
PID 3188 wrote to memory of 5596	3188	msedge.exe	89
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 3720	3188	msedge.exe	90
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91
PID 3188 wrote to memory of 5764	3188	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamticket-50.com/1053904196
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f4,0x7ffa9750f208,0x7ffa9750f214,0x7ffa9750f220
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1844,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2552,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3464,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:1
  2⤵
  PID:4260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3508,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4840,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5568,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5616,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5668 /prefetch:8
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5640,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=6064 /prefetch:8
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6084,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=6208 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --always-read-main-dll --field-trial-handle=5888,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3760,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3728,i,7420906635204548356,6379125591061441111,262144 --variations-seed-version --mojo-platform-channel-handle=3712 /prefetch:8
  2⤵
  PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3240

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:3116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
690f9d619434781cadb75580a074a84d

SHA1
9c952a5597941ab800cae7262842ab6ac0b82ab1

SHA256
fc2e4954dbe6b72d5b09e1dc6360ea699437a2551355c2950da0b3d3a4779fc1

SHA512
d6b1da8e7febf926e8b6c316164efbbac22c7c3d9e4933a19fffba3d1667e1993cdeb5064aa53816c0c53f9d2c53e204772de987eb18adbb094a0fb84ae61fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
804e17b52b742bf4ad81ad8020d8ec53

SHA1
e332d879f008bb5f5dfc17fd55422f227ad27124

SHA256
67dc563959075383ea5061f30a0b781422cfec6fd84b2176991e304839330cee

SHA512
7a4b7cec923a7cc1fdceea883ed094071e7ee0f5050504adc1433561894ba8310c68093dbc752ef5d8f3222f4ebe658fea0fe44437268c3f6bdeea5480a48781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
800efa2c247dde49f3b5d5ddb508a690

SHA1
cc58f47c51a97ffcbe0ec4761560292d022486f0

SHA256
bcf6cc926a6b364014baaad3f4292cf2976d63bdaf25248dea6b39af6b840d4a

SHA512
ff2f19a372abe54dabbf34c0016d8b9e47ec914cea4c714e0d8acbe68d6eab965d2df617e480af90887d667fe0adc1cc1c3e9f6c251067e50b706b0f67b120d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d8ad.TMP

Filesize
3KB

MD5
e14b5ddd4c96a52b7ecabbc0c53871f4

SHA1
bf28a97664bd402b46eadd989feeedea7e4ebd23

SHA256
d666dc7bfbaeebf618881edf6cc1210bf01c6796cafb69082f56a954052c2c27

SHA512
a3d1774d017960d830c9c07e6e540ae59fccc1357dc471f04ddbef70e837bc2308650ae1195fa6945c5fb90f5b82e6fbc7f52fe0a51637a1761f6698b54ee376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
8c5f37923d838f1520dc40ea7aa7a6b9

SHA1
3f0b775e28e7980f00d31c3559c250b03ac2fc0f

SHA256
b4873e3096d316197ea54d61756a08c48788a4de263ac9ec3d22ebc358a199ca

SHA512
08e21ac952a812f0e82ba70be97112ce31da28cafa6885c922dc3a7c34d5f4d33ae93ba8629d3652847f7421e67f5252488c9e45b51237c2e592add30a16e7c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
f00abedba4451fb1fe47fafb837be179

SHA1
81160b8c51cada16873f9534375ef9c9dd869318

SHA256
4d42931457de843b29f9e1448b41e736fb1da4dea203232e139b6051d14350f5

SHA512
cfed33cf018a714d1cbbf7d5537393c20f929983216cbb81d7bb0de1054c395289bf80654b5bc4a1d98ee228b78853b8ee52780c87cce45b9f39243ee807cf7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ba3b0f99f45fab4715d0271e7f71ccfe

SHA1
32eed91c5054507c73a98a92bfa22e9d9d174eef

SHA256
5f7219535838ea1ed7970b36f4feb8a453d4028f22d8847e09395a089de0b761

SHA512
770e1e86877480128c921f74c24e135be8f2563840087469668d97b048b8df43d95780025093b4d10c162151633ff84f3b6a910328c0d253be6dfa2f3bde7612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b92980e5fe6816bf1a216d18d057465b

SHA1
a902a3332f0670a8087ad9064a577463e8fd88df

SHA256
784c4b49a89ae5f9f601e61e1c0f331570cbdedafb7d95f5876908346b670ae4

SHA512
6e5b4153b4a2471951fa6cc7cde76dfe5d3682c6cee31ccdaf4d13e7b11de8520cb45a3b2dadf50e00808bdb12e3616477777d70e74de99a27b381fa519a45cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
894ef5b76f822f61469cc3b609add6f2

SHA1
d56b77e409aafba683864bbcc343e5cfb524323a

SHA256
55803182cae409dc3599d53a967dd0e6efc229247dffd6d7ae3bed19301abac4

SHA512
72d9b56a9d29960aca56a3862da30b0d6e36f59fa8535e8c9f7e40cab47ba38787358b5451cf61f3d2f844b4ef56b1317031a5f5db7d4f7075967238e9d7828f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9d9cdc4beadd96f1d94389a1dee83056

SHA1
5f6f977964a4d4d89806b39c3d331839fa100099

SHA256
f40630fa855c27c61e31b916b60a7bb484aceaa5cc0fc25a445ebde04f51b2fa

SHA512
b7422e63ddbe726722b478ddaed4364dcc638ba3e4b35e0807fdbe362697f195f5a50428134aaaf8aa3f2bc95e181efb0b2c4b12272a972e3ae67e6c5ac80ce1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads