hxxps://secure[.]campaigner[.]com/Login/FirstLogin[.]aspx?email=alina_meltaus%40biotech[.]senate[.]gov&pass=VuxurIndGYG3LDXfY2AZ1NZXGw8%3d&accountId=783406

Analysis

max time kernel
26s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
07/04/2025, 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://secure.campaigner.com/Login/FirstLogin.aspx?email=alina_meltaus%40biotech.senate.gov&pass=VuxurIndGYG3LDXfY2AZ1NZXGw8%3d&accountId=783406

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\en_GB\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\el\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\zu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\iw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\fi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\bg\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\eu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\gl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\mn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\sw\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_5776_1786443938\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_90_1_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\hu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\zh_CN\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5776_896528046\_locales\ms\messages.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133885145416533050"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{FDC33861-54DF-4C82-A3B4-7DBF6C489A6C}	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe
5776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5776 wrote to memory of 1532	5776	msedge.exe	87
PID 5776 wrote to memory of 1532	5776	msedge.exe	87
PID 5776 wrote to memory of 5916	5776	msedge.exe	88
PID 5776 wrote to memory of 5916	5776	msedge.exe	88
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 2184	5776	msedge.exe	89
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90
PID 5776 wrote to memory of 4744	5776	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://secure.campaigner.com/Login/FirstLogin.aspx?email=alina_meltaus%40biotech.senate.gov&pass=VuxurIndGYG3LDXfY2AZ1NZXGw8%3d&accountId=783406
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7fff4ef2f208,0x7fff4ef2f214,0x7fff4ef2f220
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1916,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2228,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2060,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3416,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3440,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5040,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4792,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5024,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=5240 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5816,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=5832 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5968,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:8
  2⤵
  PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6380,i,17968833131152392463,7676145623733920034,262144 --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5796

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000074

Filesize
216KB

MD5
50a7159ff34dea151d624f07e6cb1664

SHA1
e13fe30db96dcee328efda5cc78757b6e5b9339c

SHA256
e990d9d31c4c7d57dd4795e43baea05501fb6ea8b7760f89001be660425dd01b

SHA512
a7768dd7e315b07754a305080e0fc023765e5a224b2c3824e8e10f29286df63bbdefef379e069941fd8cd9c7c3befce976779ae2efdfb6e7da697b09d7f07250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
87ae587a3e31570d946c57efa654549d

SHA1
557712602068e32f27b5f3e38e2bfb6e8fe844d4

SHA256
ee56b7faed6887b931cbf370dfddf905e77ec486792ba618dff7c562da0e946d

SHA512
a1d67a4339f7151f11d7954ee063b973b405e7d832134ef94b0b2187ad8679cb4a2eea9ee6c0eca0c08007fb14e89feccf22d63e9b50823b74c22c3a979f4c3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
43b2d15f74eea42f01a5b0aa1b4e3d9b

SHA1
08aa0711e78ddd55a2dcc26025fede786cbb8eb9

SHA256
13dd3efbe883732582677ec201b116eb4cc7a514abda3845303f639d03891e7b

SHA512
b53d1c9cdf5f0bfb9e6902fc96a1f71c3190b45182617b05144b0e5838f059426dff5cfb0955900abc1f144dcfedc35463484d99dda85bbef202943c04a220c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
6e1b042b5d2112a8f7cec647ec57e448

SHA1
7f536c9fe6f97f050d7d6d53b674896375da5489

SHA256
e0f094460f1310e1dc8be592403619e0d2472e709ffcc9446df4670cdf1acfa9

SHA512
447e0f4cd542113651d4221d890efb7fc8344e62ab4f47ffe96490122d786441e0c9b2120b5a019e03b51804bdf8713c1a4fbac2b95f4e6fda3b05de54ee225a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
8c00d67b92f238e09ce6618303539f66

SHA1
2d274091fbc4f02f1febfe556b47f9fa96cb000d

SHA256
95805d9e3ad74c5f1674146d69adc0aa56ff6ceae986d598d2b8fd290f902f74

SHA512
601817f3e84946d8ba7a6c8f045c37eb948f1ab9c238360befc4a26ea30f77ae0db6e5ff6bb780b1b807710b7c8ed70b18a26e1480b5912ce3c563a431833385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
23547b36c3a108812f130cc05f12c0c7

SHA1
5a779438a706af26a0a4191ef5066cd425af571b

SHA256
9564742b8e36c5bfc83fc22fd23f2f29eb200e6e9a8770c392b88a7588fd2db8

SHA512
29757757b3b8869407a9204fd6a6bd83ea11887b4d687f989d15bc7ecc3c0be572a81134c3c19bd25a0911911ad85ede3bdb78f2cf546eefa0302723279f5710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
9839cbabe1064507a9c3347c4635482e

SHA1
7d703b1f9b3f6eb05b7e59e88a182ba247942aea

SHA256
f0a8af0e423ef9d00c616ad60bf8c000b7ed536b160582234c1b450ef4d7a663

SHA512
858ad64f87808a716f273510fa5651b5da85d143bf8ad6b37fe88b51be20863ca7f536779c3ad890b23a877a0d7d2da81cac75dbeb068e0f436b4975e4b67557

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads