hxxps://u[.]to/58w2Ig

Analysis

max time kernel
26s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2025, 17:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://u.to/58w2Ig

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
74	5400	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_1008_549954369\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1008_59298710\_locales\lv\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133879167810710860"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{7A9A959D-87FE-421B-8C33-BAED84A8DF7E}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe
1008	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1008 wrote to memory of 1912	1008	msedge.exe	88
PID 1008 wrote to memory of 1912	1008	msedge.exe	88
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 5400	1008	msedge.exe	89
PID 1008 wrote to memory of 5400	1008	msedge.exe	89
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 808	1008	msedge.exe	90
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91
PID 1008 wrote to memory of 5384	1008	msedge.exe	91

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://u.to/58w2Ig
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ffc8795f208,0x7ffc8795f214,0x7ffc8795f220
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1732,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2180,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2484,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3436,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3476,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4920,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5132,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4912,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5772,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6060,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=6076 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6100,i,1770865927041564129,6599434373114745145,262144 --variations-seed-version --mojo-platform-channel-handle=6116 /prefetch:8
  2⤵
  PID:1460

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
49a799a3396206db4e4b981276cec001

SHA1
0f6726722de107c8656dfc237afc93e4a29a014f

SHA256
4f2563a872fa7849ecde01c31071e910f51711b2071ffffd533b590ce7ce3f86

SHA512
a62afae0805b493de3c4346654cee5671af16d41bb8bcbf9f1b3479465a6a46920892aa989934e6026bd0824704f9367da5db212c1000605d9c2fe0dfbc4354d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c7b5.TMP

Filesize
3KB

MD5
9bc31482d4a41b8d6fa5fe34c09c5c69

SHA1
c87dc15c195ac154b2a3bc865c3993f6f362b073

SHA256
4df1cc1ab2b64ebd05ac2ee3da4290b6dffa6bebf6727858b554d8bddb5345b4

SHA512
de658ccec0972af002b70348cd5d92cf6b5b45117ff660b291288caba146fe49288daef8876df3fc46b8bbf6b70e95a1c1fa28f5e53f237240bdb7511eb5d13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
fd2c5221a8dec1c49e2a5e52ad0e91bc

SHA1
8319df23ef566c12bcbe36c7658e25133d00fa53

SHA256
d35e38b39bab6573ce2e94ad5f4fc88f27e8fa166b86b38b93e558b51e0c6ae5

SHA512
da9b1e0183673225ac4bae1b146afab5906cf9819113589699026d049642fcbdf8d32780c0fe77215973a074c4330f53916a506b89eda31eaf65b7941c53bb02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
aa1cd21db5dbbd5b0c46bb8bd716871d

SHA1
5a20e55d7c185f6bc2542d7a6c48923e301b0bde

SHA256
f58f8d1e772a93295f18d9417596340855b849e67061cd75e916ce917cf47a16

SHA512
b4c7ed3c237e7009cac9ec336e0e922780b7b60d79c333efd8f4fedc5c7b4cc0c5d8f28292e4d64a8dcdf66eae57cf1f5855aad203152b35ef532b65ffc92b51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
cff5240de6e5bb4470c367e84ef91fe0

SHA1
1203e687d65c5d66a71f445eb9380884fce50d2e

SHA256
4b4288e891c5abc366c7eec4183b6cc59b2b925a1244db45e888a8f796d9ac96

SHA512
69db95d05dba9f67237d096fad4f02471c4a3bf709783ac15accc02ad20394e6987f1ce5105afc033b93fb30c4d868a654d90c1a611749b4f3cd9258a900c190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
d03b854c062cc3d09b9c9867c6433c2a

SHA1
63cf8f5c1d74949ab3929239e7fd2173f8671aa0

SHA256
f4669c0b1ffce257c4cd0c0b450cab821d6819164882a84a02247da232d4b40f

SHA512
d49fa7e5bc8a981a24db2cac007251212bc5db22c0d2c9e1793eada933ddb9fb253415146157c675002a21d7a79a44d92f1ddb3feb05c9868cd95b0dfaa2d7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
b71daf3fc7550c1482a476e880db49d8

SHA1
50610f30e37e3ea31a62ff942ef0ea134c5c302a

SHA256
287748839e29a0b66fd068c53e049869fb4979d07171db586cc0514fc8eb321e

SHA512
acdc69956074e92b4bcd5eb9bd1a20d103367205d01fd61c8c48fbb2c0fc91a9fb55b8aded798060cc594de01ff51422ed99feaab04b4916b4ac637bb4fcb244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
cd378a3dfc8f7615d38a6e1a410338c7

SHA1
21adbab4c0c64ff2dfe9c288bd323c0d7b70d004

SHA256
57f16f4507e92e3ace1c9f0a240cff7e52547e98a477928f4e5fd2254dd3fc75

SHA512
38c4cef9336fe1f949292db12972d45f7ca38f836b4320e13e4312edba6cb39f343927f0e4a72317c155cc35440d8ec613d86a5632fbd67a8fa00ad9de854695

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads