hxxps://steamgiftcard[.]cfd/1053910953

Analysis

max time kernel
89s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
01/04/2025, 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamgiftcard.cfd/1053910953

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
56	404	msedge.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\si\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\128.png	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5520_1839905414\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ar\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_879195583\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\offscreendocument.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\en_US\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5520_597579506\_locales\be\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133880158049622188"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1279544337-3716153908-718418795-1000\{0D99E6A5-E03B-4658-A8AC-19A7CA83AD95}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe
5520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5520 wrote to memory of 2948	5520	msedge.exe	86
PID 5520 wrote to memory of 2948	5520	msedge.exe	86
PID 5520 wrote to memory of 404	5520	msedge.exe	87
PID 5520 wrote to memory of 404	5520	msedge.exe	87
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 740	5520	msedge.exe	89
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88
PID 5520 wrote to memory of 524	5520	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steamgiftcard.cfd/1053910953
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f0,0x7ffadd86f208,0x7ffadd86f214,0x7ffadd86f220
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=2744 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2216,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=1680,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3500,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=3544 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3520,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4952,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5200,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5208,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5708,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5696 /prefetch:8
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6008,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5776,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5052,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6104 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5180,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:8
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=116,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6488 /prefetch:8
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5440,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
  2⤵
  PID:3488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5432,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6696,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=6704 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6088,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=4808 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --always-read-main-dll --field-trial-handle=6072,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5388 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --always-read-main-dll --field-trial-handle=4928,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,8405450486657413044,11268391802509105804,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:4748

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5040

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5520_879195583\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5520_879195583\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
998db8a9f40f71e2f3d9e19aac4db4a9

SHA1
dade0e68faef54a59d68ae8cb3b8314b6947b6d7

SHA256
1b28744565eb600485d9800703f2fb635ecf4187036c12d47f86bbd1e078e06b

SHA512
0e66fd26a11507f78fb1b173fd50555dbd95b0d330e095cdd93206757c6af2780ece914a11a23cd4c840636a59470f44c6db35fa392303fb583806264e652016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
901cb47aa5aeed1a4d7b405c02ce741f

SHA1
e321a028bef39e3a146bdf5b347ce3a3d20fa637

SHA256
3b91e487fc26fc38ac8a9e9da42881ec07ae749e896d8e4c9c85c0badc8b5e75

SHA512
dd0acaf257f3ea319c9847c1f42a592932ac098e66ff2b4efba6c416e80927e02523cdf3c49254b768fc91e8f46ec54fcb6ba2cc4089b7c8e2f6a04efdd916b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57dfd1.TMP

Filesize
3KB

MD5
3d8165a85085808e1e9c27d1d1bcde80

SHA1
8927c957d228227e91361e72eb868b973eb66aad

SHA256
48b937155a74f97bcb25aba994d89aac91abb8cd1ba4b1c0f30417378ef101c9

SHA512
fc8b4ceb8e541a81a2a097edeece68a5a10b6ef343e98e7efdcaf8fe408a0afb53b2f33de0e062308007eddebb1fc37f8253dd762efbb434b2aec97498fd91ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6b59e7be92fba5be0fe4bbd4af0e8785

SHA1
be9c3ec14fd491474283b5f943b2634e5c96a1b7

SHA256
199a1e915b79489d04264baae4b4b085c47107bc5934a82eaa7bc9d47f3154eb

SHA512
0d2cd180f99feeebaba190171fbb4716ff2943977b3a92c5e21dafa81bf3b272672107c2dce1b46d0248380f3f9e0c2d84889c9ae6bb2d298a61156bd710b51a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
f2986948638e888243370e4306138e02

SHA1
97c76792d973c250f7af30d97ccc981b6415e634

SHA256
664eef53e33c2cc90ede65d7426f166d631283db219fa5af058cb776a38d6fd0

SHA512
7b587dfd4262619d0e949ee01f9725fb6489a0039d525a29ba0a937ccd25c9f675006bf0eb74ae21875ed5ab470700b61aa2e872350656ef065ae0a8fb24376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
c1066072162b26d29af56f1bf9d38584

SHA1
d6730fe3781c38c8278c60fbe7f5e937f30a5fe0

SHA256
582bb032c0e8c0920f2d291a3dc57c6bff8e283170744aa956ffdfe1a3b759a8

SHA512
e19bbd2ec0e810cfb8d231555a59d9c38df884a672cac63264c29cbcc474586935228f35235e71ce56d23356022d4f2a9c3e96f95b4964d6dc0861472b284635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
370930acadd865a6cde903fb301f7556

SHA1
dbedb06fb124dfcd3912b0e196d6cef897e36c68

SHA256
40ad16475d8c1dd9057aaa66a6e8bbc5860c0c289edade68c3e8ce8bb6a69e23

SHA512
1f5a12709ff533a0cff28d64441c5326a84b3f22c9df4948403eb09bc846a49f0662109dc11790bac45f8b31ca13a5dc165c19ad549822769ba7e60a91cf19bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
ad9b64f2abe37dd1288b91972b1cb28a

SHA1
b315666ed8d01bb6ca6cdce71e20435f22af91a9

SHA256
eecbe25e1b18b066fdcbc7fe66e495b10c158bc35de0a67e3c72cafef70ba8d1

SHA512
d54b6ce7d3cee47e172cb450891eb135bc976293712bcb99a58b3d5c12b77616a8f7d05d26a4d62361d5092b92edb863303b2fdfdc76d27019f54dafae19182f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
31b0d997365e304cd38697fcc137a35b

SHA1
4141436d06de2a4952095db31fc0c5beed1a9198

SHA256
748341b0716bf4cbf3892962c2e231da4c8fc1a0de31f7fac025e2bede21d462

SHA512
2290c9cd5e4e8c5101e4141388a758ae36e40c9f89c91b94f657fe5a7f94a5c422553161710ba21fad194dfc14a93991de36a23f12d5b692db9eef8dcfa781a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
9108900ef50dfdebd97e8cf3d7b15615

SHA1
0ff9e6ff143f473ae052bcf8ddb7bcf44f69af5f

SHA256
4164ec3ac45ddc89246752af5d186d692a15cf534f29aac83f71a947a074a102

SHA512
e606933f665303ff93414c2bc399d19b752ff33ff3b8851d60b3bb2d64943ea1fab8574d6b5719d57137e32d9c2c266cb9f1e296a402e6d1ab0a5f5f79aa5d06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
ed16ca147c0bc8b22f78e4267755b74e

SHA1
3ced782925ea78fe45bd22c9f5f0f354e22f735b

SHA256
45b5ff99385a5bf622022982cd2c2244261e5a6a9f0b70730bd7283169a1a055

SHA512
be1d871f291fcfe95052e88250c70225063845f24b794b9358d13948929228297c7af91240a820f3dca420be26c5e1e133e9fa4cff20aabff716dd1fe401ee61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
6f7a86a3450f6bdef528bcb2585ad371

SHA1
c29ed4d69c63cbba2911aefbefb09d1a8f9dd2af

SHA256
ff9e00333f06682fa646f841944dceda1a2e8e5807500cea9321b219b3da6b99

SHA512
18d584f210d3e6b588be7432ba7c22354c961c6739bda088e0175896a6d219b2be939020317af8f6767d293b20bad66949757a33fba61e02467f7ac50749ab53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
eda7271b4093854b72ee5f902801ca07

SHA1
50317e4fd68ad29f0487651f979811429c1b53e8

SHA256
21b422255a56c40a434c9a3324d3b24f0e67ef2e53009b5db8e11b78d387c712

SHA512
0b0d79ad7b7601c4a5bb1f912e2e49df11f01c2eaa1dc025d05122051f16e76f4f0843757da7ff4ce96e17b9c9203cdf76512b6108bc6884944dfa2bfa918cb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
c23ca3a16629f2e80ec9c2047976c382

SHA1
9f4efde25403db1343e8e88035ccc7d4f7995d5c

SHA256
32f116e31332ac7c20eaf6346b5808a045aabb07d578ac038e3308f326e9d6c4

SHA512
eac1226f474e946fa035d026f3c6a7c4d4aaa9ff130f53319ca0ac869bc04e1419e299555b83190a9c61ff87b48a92f7e7981d204f2e4170dc87b7c08ab06b25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
237970141b64df22ab478a7117e16ae8

SHA1
a1fb02c785182ca217f4c18b8728fa1351a4262e

SHA256
5f5f26e6ccd68eb3e7d12d1079321c9e3384360f269b7692b961fb8a6c2cfb54

SHA512
7bb721587e36fb86bba149bbc4d896051bfe31c286227549249b2f246e8c7062b271d79c52d6fc4484ab7e416e11ffc30b5836b75f654a3cecf3845393b36034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter

Filesize
392B

MD5
c43c4911200395c2d6470afac2610ea5

SHA1
f33e57d565658b744a5ae8700aedee02de467e78

SHA256
4c81f94006c312ac15ed5ea65c63dc814e21d6d0f4dc07a349a7fbd218852a0e

SHA512
281b734c244ef163f33bffb8e1dc9a03bd8c52bfd4070b2b438438ff2c042673bb90ef3be820c15067910f578bd1d2ef1f89e1c73fcc1e7167ca48056f63eef3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\RevisitationBloomfilter~RFe58cf90.TMP

Filesize
392B

MD5
317e87d1e5a0bfeea54e398aeb3013f7

SHA1
393848db9933c9128bb514d61d2000b3e0c334a4

SHA256
0cdfc5907b54f7af90374f7af56a6f4e27f28d9c86406464d922b3e8c9fd294e

SHA512
fb7111af9c915f1616b03f1eee0ba0c388db49f98b07569df889e31311169a1d8496eac7e0c4fa6ba34a293fd9a6e1c7718afdde9225cab42c9d045b2e3d3783

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
fadfe550e40e6f4a2c6d2fa4dfd0fed0

SHA1
8806b7f237e78acf7491502a95a644fa458512bc

SHA256
d560b3a7b1b5ab896f94600f02c35c40e1b200cd5235ba76677536a83ecf015d

SHA512
48116695f460e2e553b5ff4055362bbd077fa231bcb9f2fbd2f15d1e90edc1938ca84878cc071136b2e41be84b247db66482b730c6dc98f3a24f7b5af64fe835

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads