hxxps://steamcommunity[.]com/linkfilter/e[.]vg/105757229058

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
14/04/2025, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steamcommunity.com/linkfilter/e.vg/105757229058

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
96	2280	msedge.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_2046774789\protocols.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_2046774789\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1852521184\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1852521184\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_2046774789\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1852521184\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1852521184\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1852521184\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\keys.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\LICENSE	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133891343606911953"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3975168204-1612096350-4002976354-1000\{31DA207C-A415-4B08-8CA7-7CFD9468B265}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
5172	msedge.exe
5172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1352	2224	msedge.exe	85
PID 2224 wrote to memory of 1352	2224	msedge.exe	85
PID 2224 wrote to memory of 2280	2224	msedge.exe	86
PID 2224 wrote to memory of 2280	2224	msedge.exe	86
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 1976	2224	msedge.exe	87
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88
PID 2224 wrote to memory of 4152	2224	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://steamcommunity.com/linkfilter/e.vg/105757229058
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x2d8,0x7ff878cdf208,0x7ff878cdf214,0x7ff878cdf220
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1852,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2248,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1384,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3080 /prefetch:8
  2⤵
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3472,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3480,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:1
  2⤵
  PID:5252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4360,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5184,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=4964 /prefetch:8
  2⤵
  PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5196,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
  2⤵
  PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5868,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5896 /prefetch:8
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6296,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=6324 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --always-read-main-dll --field-trial-handle=6148,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=6292 /prefetch:1
  2⤵
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6312,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3792 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3580,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3604,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5500,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3588 /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3792,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=3252 /prefetch:8
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=6628 /prefetch:8
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5256,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3996,i,9720750485702279636,17404361603628110697,262144 --variations-seed-version --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:776

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5964

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2224_1307310274\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2224_2046774789\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2224_2046774789\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2224_856606226\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
65044109d1beb8ed8d59560642cbc519

SHA1
0084485b0aa26069232fab51ee603682e8edfd17

SHA256
a1e0b448218678b30356cbbe4092ea091435e7450822a9748361b6e8b198962d

SHA512
96dcc68fe92f98c4329a8335cfffdb0849a52562431045ccc42076bda0abf3842491303fb669246bfd04e64113688d3f90000a09571dd76ff84b52e34e45f9b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000095

Filesize
37KB

MD5
231913fdebabcbe65f4b0052372bde56

SHA1
553909d080e4f210b64dc73292f3a111d5a0781f

SHA256
9f890a9debcdfccc339149a7943be9aff9e4c9203c2fa37d5671a5b2c88503ad

SHA512
7b11b709968c5a52b9b60189fb534f5df56912417243820e9d1c00c97f4bd6d0835f2cdf574d0c36ecb32dbbf5fc397324df54f7fdf9e1b062b5dbda2c02e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000098

Filesize
119KB

MD5
57613e143ff3dae10f282e84a066de28

SHA1
88756cc8c6db645b5f20aa17b14feefb4411c25f

SHA256
19b8db163bcc51732457efa40911b4a422f297ff3cd566467d87eab93cef0c14

SHA512
94f045e71b9276944609ca69fc4b8704e4447f9b0fc2b80789cc012235895c50ef9ecb781a3ed901a0c989bed26caa37d4d4a9baffcce2cb19606dbb16a17176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000099

Filesize
121KB

MD5
2d64caa5ecbf5e42cbb766ca4d85e90e

SHA1
147420abceb4a7fd7e486dddcfe68cda7ebb3a18

SHA256
045b433f94502cfa873a39e72d616c73ec1b4c567b7ee0f847f442651683791f

SHA512
c96556ec57dac504919e806c7df536c4f86892b8525739289b2f2dbbf475de883a4824069dbdd4bb1770dd484f321563a00892e6c79d48818a4b95406bf1af96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
538791a4557bb7b50ea7edf14a60f536

SHA1
ecb435274a68f76a10d47b81ef4829b9a58b4474

SHA256
f87256797643ca29635eb3ed42683e2de30fa77ae38177b72db559050b2a404a

SHA512
e7ae35315b43a760d33da6f0c2a7208200407a5a8db16b0852c02e3cb6a0e3daa23ca62e554cac4b5604ba060cdf66ee9e4d7377bd65337afa463badb8550d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8e8cc8db772e99b836e4dc0e9149f1f0

SHA1
73ef8b91caf76e1a9446d2e7d8523f0dd5dd017c

SHA256
f405703eaa000a48aa4b8294f9c2f80d1a1a18f2b9f7509fe00c2cc2e81dfc5c

SHA512
01690a351fca822f28c313760e96d75c3b556713375bc5f5bc6ec5211b21dd9483421bc1b0f888941f6adc749fea0fb87ca304785951b0829f013fb7cb4e6f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
34aca47e3e34d2b7ff86b72055f86118

SHA1
f73369298d47b2bd1317a020a47a4d549ae4b974

SHA256
e9ca439b16aa2ae9e9e52902fadd383475ed0f4433ea89e66495e7cd7dcfc5d6

SHA512
896c739687031ca8dbea0d44cf037416e60f8de747e3fc1b5b13d02276c7468bec16ad69c1928957198f5b9e150bd4222ebe91cc4add1b9497bd4e7a294b5883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5e4832.TMP

Filesize
3KB

MD5
03149f477beff5eef19fd2325e9eb9d1

SHA1
89256332ff0094ddc895aa96627fab0a72e1c3d1

SHA256
a202df816008cb88116f98dec6140a873781df163132441f0a8c658734338198

SHA512
13efe19c80aede167f124f102fefc181ec29e3f8b6e8d2e399efec712afffaa9dedf79230544ea6ab7dddf5f38797a17c6d7cfeb1e50a1e3b236f516996c9a4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
668507017ef0593b721b2f69f64e6029

SHA1
31230c81b9978fa65fb71e8ddf07f0dd607928df

SHA256
8496f167739b23e3be385f07ac581dc58c328b3b18a113dd7bfd1af6d04349d3

SHA512
6e2c718de94377277cc05e170b56af520946cdde55aae979e98d37500d7ce4a980f13fc78a94dc1da03e0859f9bb1763e3bdbb414fe27fc3b7d81536af445290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
7cebea1f6a56941cdf4c6e547b6c6c27

SHA1
c208ea7021c73b2484c6578b8511c47bcb6a3415

SHA256
d356c8b5e8c248ef4d88360ba7cb5df5256bb3f83c6dcc412f6c2d542b19afb0

SHA512
b69e9be2b2a97d9172fd39fa70a4a65d28e228bfd6a5065b334197ef0755b6790d576263148211fc05e2a7e1bd7feb8999b82b0d4b69006d9abea67f618c7f31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
a7b84f427fe18868352cd4aaff0cf61f

SHA1
bbc8cd139e3e96e84b49d8c21dbb531054ef2863

SHA256
ab1470d72635c395ee28a2ee13ad8f530d8505d88b145a7623175d531b1b6867

SHA512
e3ecb9a1c6610b51a57e87e79853b7c8ef4afc8b723c68c24cb5d9ccdb8ce220c0e5f8ed4816626a2c479166cd4b1d7549edbb2f23b6120f3a3cc4c377d5f75b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
411KB

MD5
249504ebe3eeb407b75f792735b7b8a6

SHA1
2d58cc12f761ae36e06ad1d92ee4e9a34c4826e5

SHA256
e1c92fc5d3f154c641441f2826b5cdeb2e14a4c2604d470d92832162f566f0b7

SHA512
82e0d55a92c053d7883946c69112d6e303d8747db71e93e0484a2a369a6e843d7e8f1bfae8c10935dfdf5751922a61b9e4e3866f09af8533043bf8b723766835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
412KB

MD5
033595e09cd0238778de540f01d07b70

SHA1
92e31a063befc2cf34855cc831731a7322d11c8d

SHA256
efdba9240953c16b3d1cfc2754f83bbac875c65c1765bf825935a97aff7e03fc

SHA512
00b57780c7fd9b25b7276758d40f30d26f8d9e94fe19e521f9226a8753fabfb9feccdefc2e13353a78e53ae8c94c0a5e1424d7cd6f51bf863f84f477755c86e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
b5caee7d93cda6c365f58f31909e53e0

SHA1
79d2bf0863789a38dbe9a4c6fc3ab55cdcf6cf12

SHA256
4223e09b46f75a3a32c3e04e03d43335b174d388188b8b8d6b5fecfb97eebf80

SHA512
023485d1b918f3c30170357ba9910743a66ca83154d2f61ebce41fbc13582ceb44c10bdb433521a7ea3496f184343f8e9b987b843ca1edeb2eb3276ebe3ede00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
56b24a54902e1e193c5e07c0eba42580

SHA1
aeb2de12c795cb1555c23a8f5ac76de9f8a6d867

SHA256
5aa5fd67e2fa17be46e2fa9f1bfde4a085772c9f3745d66c92ae25233e927d44

SHA512
27918b4b099a7981d4b3d846da1b6e2ab57e3cb9a8a87896ac9e8f529fffda50fb6d25d88cd86132964b45e7a3af73d7498d7b98afd7eac49fe6e1bdf9fa1c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
9d6082e112eb270938c4a718af87811e

SHA1
098d42a65f63fedcbfef4f56d5198783551752ec

SHA256
c9377c8b52bb895e7a08ded7a40e35bead6db812502cb3c8ff98868d12c4d2e2

SHA512
34a6de6645104c6a7c6e0c077eb2cd4a4bd476b271fc9fcc4f456a43111f57213eb38ad8c5961498f5b8dfce3fa4c962eb6a48b4617e299d9af4e0b4a3c504ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
7b6160fdde698a6607dbe1cebc4d0a31

SHA1
09d7ea948ab2a46420f8273d18bb9720dc555389

SHA256
61c6867426920bc020f55579c3ea7f929a650dbda812d955136536ab4d0c0cbc

SHA512
e72207d1aa66cd58def350a500752853f4a09272d85243e7bed7cf7dae02d598bdee21d16dea485500e12d903d70fe8a006f2d99fbcfbfe241d8d8f35565aeff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
866007405a33026dbc787856433e170e

SHA1
36bf0abd0fe8480dbbd412bdff395ecb3699488c

SHA256
7af3a0f685b79a88cd7cef845bcb9641e70a5bf19c1d7ab87df1f61695c3126b

SHA512
21ed1bd6dbdc7033126280a30de64335611aefd75183401bbd89ac67c145b54165b64c9b1d9984b947656a9fd200dff8515868a15a76d985a0545d32df79896a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
6b238332a12b6b6a11ff09d333361d26

SHA1
d3421978388af6466daf763604edaed5399c5b1b

SHA256
84550b3167e3c44d5f54785175f711063d739fd94bbff9d6f311a759f197e1a1

SHA512
cd3a45cf2a69eba6da13d30b1566d5f0e9d4106029e87989297f771583964bdf1b207149054f077138508a41eb8be194788c7974101392e6d6ad01ee2ce0de3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
a899ff109e11790836b6b5993e59855d

SHA1
3ccedb859506942f55b5374859145d034aac273f

SHA256
c1e6f9f3d889e53f52bf08bce40a76ec22c0eff5c25c1af7561d38188b2f5c30

SHA512
e6d12ea1963e4d4866bea5721def3fe443d814db2d05775cfeb20a164aba80bf41d1fcd1ab7a9364f4108d389a8a8019031d3efe1678f3d19f2c8bffb6365113

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
e356a31c7f7380b69a2056a07d046916

SHA1
49ae0a5f19d6ec29696263b0def1440a94dca33e

SHA256
85e09fe77f91f45af1ee663d6415bd30d0936b63d465be76cbf839db4506f115

SHA512
a2927f8a604511209c6390b1ebcfd55538ddbd992222fab2a0d61aa8cc543d00e3552e6b3838747e2253e623a1f1a13898287779cc6dee1f0e2317305f447f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
bf2f7de6d20a9a54c0845bd4349c2822

SHA1
5859adaaed4a32a5858fccbb7e9ff69dcab459fe

SHA256
3fe5d00dfb830dd381e2f8c9669f818d6b7006d32e34b33e4f445a92a08c71a9

SHA512
3c03cab970d1d9779137b890669c24f456563ada5d267269e4478c06cc761aee1c6fb36d3a0a4f9e3e3e7037414e2451225f59e4ff3c874b1c246672425ebf2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
e61a16e83301733ff145cc2f8f830e0f

SHA1
361b7f44206027a74ce07c2688fd94820c5af595

SHA256
5ded27f80ad561453ae1862500f5b8e5fbedc348e224913e8e22cffd10e18ffb

SHA512
2baed54ff60ac271ab24e88df2ddbfe58b5c4e815bd6867989b254736f30db20b49df0847d3f0bbab7ec4c50f099fe3df71e9828e32ed157999b9fc13f2ad7c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
c19d2e9867a44725e6832c7e541ee471

SHA1
b4446184c811aab99eb97a7706c5222ee0eb334d

SHA256
727844bbd3d41516e997c7d7a640160407cc34b759e788144b454e2132a7a5e2

SHA512
ac86abc6a5fd3add4190df4f50bb3bfb8a24673b9efdbe70dba5f26c3928d162629e327b22eab0dd8586759898914c762329d01de55bbe3a3c3d0284bcb9ac1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b1486c602781113c1b9416764c880808

SHA1
ed2b3b81d2f64247c9bd4a553dd30993fc889af4

SHA256
ee070d72f427fe1ff77a5eaa6c7fca37b1df7f34da1d3d3533c61eadfb0d253c

SHA512
6f78b10a83e79a785766d31ba71aaf7b547c44cea3f83e090ae6615b652cfd2499fcdd7ace0a2dd8ad20a156de842b517bbe4a634c1b1de0011d7015d8f9ddbb

Download Submit