hxxps://tinyurl[.]com/y2yyr8rj

Resubmissions

18/04/2025, 14:03

250418-rcs9lsxqz4 10

17/04/2025, 18:11

250417-wsnraaxzbz 5

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20250410-en
resource tags

arch:x64arch:x86image:win10v2004-20250410-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2025, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://tinyurl.com/y2yyr8rj

Score

5^/10

steam discovery phishing

Malware Config

Signatures

Detected potential entity reuse from brand STEAM. 1 IoCs

phishing steam

flow	pid	Process
93	4576	msedge.exe

Drops file in Program Files directory 21 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\deny_full_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\deny_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\regex_patterns.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133894586071787436"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2362875047-775336530-2205312478-1000\{C82BDF4A-BF38-4654-A670-33945891CDE2}	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1244	msedge.exe
1244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1244 wrote to memory of 888	1244	msedge.exe	86
PID 1244 wrote to memory of 888	1244	msedge.exe	86
PID 1244 wrote to memory of 4576	1244	msedge.exe	87
PID 1244 wrote to memory of 4576	1244	msedge.exe	87
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4648	1244	msedge.exe	88
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89
PID 1244 wrote to memory of 4664	1244	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://tinyurl.com/y2yyr8rj
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x344,0x7ffcbb0ff208,0x7ffcbb0ff214,0x7ffcbb0ff220
  2⤵
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1848,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Detected potential entity reuse from brand STEAM.
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2300,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1880,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3544,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3528,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5032,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4864,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4816,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5676,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5624,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6200,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=6160 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=704,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=6340 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6236,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=6400 /prefetch:8
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6228,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=6436 /prefetch:8
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5328,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5252,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=6568 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5948,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5304 /prefetch:8
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5308 /prefetch:8
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5300,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2868,i,11462306853913015891,9221360670188846979,262144 --variations-seed-version --mojo-platform-channel-handle=3668 /prefetch:8
  2⤵
  PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5080

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:5784

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1038541429\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1244_1436084540\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1244_638216362\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping1244_938753634\manifest.json

Filesize
119B

MD5
cb10c4ca2266e0cce5fefdcb2f0c1998

SHA1
8f5528079c05f4173978db7b596cc16f6b7592af

SHA256
82dff3cc4e595de91dc73802ac803c5d5e7ab33024bdc118f00a4431dd529713

SHA512
7c690c8d36227bb27183bacaf80a161b4084e5ad61759b559b19c2cdfb9c0814ad0030d42736285ee8e6132164d69f5becdcf83ac142a42879aa54a60c6d201b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.15\v1FieldTypes.json

Filesize
509KB

MD5
c1a0d30e5eebef19db1b7e68fc79d2be

SHA1
de4ccb9e7ea5850363d0e7124c01da766425039c

SHA256
f3232a4e83ffc6ee2447aba5a49b8fd7ba13bcfd82fa09ae744c44996f7fcdd1

SHA512
f0eafae0260783ea3e85fe34cc0f145db7f402949a2ae809d37578e49baf767ad408bf2e79e2275d04891cd1977e8a018d6eeb5b95e839083f3722a960ccb57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
6ec80650bb87997281d6b2c490e5939e

SHA1
40faef4ca4833df8dd17c4a05cae8e4fdea72b89

SHA256
025280e5fdfd02d49c42c93e14cbc699b80eb10e21d31bd0aaa8a9b1067a80b5

SHA512
be947097b9fd14a716388b25cf4c253ee4d074a8b13370873b575ce5beb3843f1961df08e94eb07958657c64ae27bfb9f75ba9b2e19ac29985a5fc6813d500fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
82b2ef95fac095d84b234d39e2ac02fd

SHA1
0700d4f2e6e254db13d53ec2be0023740080910f

SHA256
d601895cf62872fee56b2c230db1f9920ac274bfabd039cd5a0ca9086da10ac2

SHA512
c5c7dc47d4f3063c5d4db95359bfef63041448b56c0089db35a3002bb3959097f87d430b95a103ea10b223f8f8dec557b92a42b04ac2416d916c4d318f112cd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe580097.TMP

Filesize
3KB

MD5
a7b621e4661a9719adcadbb17fa6ec7f

SHA1
f6530d1f7d1f4b76d79581681d9e0ae7393cab78

SHA256
877a3a48b9e43911e79eb75b01c54c92f89620835ee9fd70a0cd1cd22c10d829

SHA512
8f6cac5a8c92634e7008a0fdb6c8f9c7370179d179424a30d9658344f9c5aea5dedfa1bddd87cf06a5f7b964c6dd94e4fb7e15edb0cedfc86572e1b31962d082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
56eec1332fc0f5a73ad0fc8fd621b754

SHA1
46703d4e837294df084e44690ede1ddb45fae209

SHA256
f41376db5b3264e8e699574911e96979c1253192645ca5d165ef6396254898e3

SHA512
ac869c26ff5f935e792f5dbec57376d44a19ce077dabb8dfcdb9f8babe80274e8f02e7a07811f4dcef1a4aba681012ceceb281dad2ef2d1f880eac07bab9b5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
cca5a45f749f9179d36617ff9e4cdbdf

SHA1
1545ce9c1cf7b66fae85f9ad85630fa008a80fbc

SHA256
f5686b6ba9c2251424733d34d71102ee8f8fb93995f5269bca0f65dad0117b6b

SHA512
721115b2bdaa948378ad096e0711f842d1251d0bea7c7213971d845e19d9f206e85072ac13abfcfcd30962e6fe4d2b09dea582ce614e37fb26f7c81a1be9b608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
77df4b8495f1d47675d0437634c783cd

SHA1
c66b69aac33ffc63a5a5530c7cc3c05298547e19

SHA256
d3e1ba96941dff0055e436a13378635bf7c087ff180c57c6d8ec75591b0846e7

SHA512
1b59c1830b39cf5e19d63bda9df2b49f8bbd96faea4f5b4e69ae3f0bce707756b75e96565c3683f38e2e93829829f2e3ba258af071c91391d71e9e2afc595252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
6433ab1f0ad5a2c43fa21ffc58da1cbc

SHA1
1886684ee1ac45540d70dd40bdc91a8d40882178

SHA256
5c5698d680b052b57b49491f7d8880b662da011abfee53110dd8fd6f4501acbb

SHA512
cde6c6d6fd445aa69e281ab640660cb54a7a80c9044d866b8053e09a230f95667268dfbccd99e43520f862b272a23d0b79e202bb2b61368a49a987e87a4f67b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
847dba19a58700543c805d7a0746193e

SHA1
d01289bab3e059b34c78c72fedcee61739392979

SHA256
069c7a9fcd6215a13c892d55f62f47e58bfd197e602987ec0b4b812c4fbde547

SHA512
1e4f648c9a9dea2cdb562e6a4b756355c663d277738e0cfa6e4bf850a9220f9fcac9e64246f573cdb7ed5c671349428397adfead64106d1d8c5d2250ef0fc2c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
8aa26cd1074788d3681af9731b2aaf57

SHA1
0532d81882dd8fdb677c9935b2b3a5304750d148

SHA256
30984e37433126a0e58e2afb1e9f58a36f6b3cc9d592f05c4aa65b398ee50027

SHA512
6ac7fbf211251c1f913c40b5508d1fb4b69c6968ff3a0cb866a3e4a903193c0f4107352b458c1f920bc0554799dc1862c10609b7486f78a978c9f86bb6ed4f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
467B

MD5
316b937d48b20a1ef16157cad94b2436

SHA1
818361d24c07f1d0e48396a7580aa5a0b346e18e

SHA256
920e2efbaa7c5eeb5bd5f0bb365d81b97a0fa0b22f492d4d03b5cebb1bbb0773

SHA512
a5d1b73285e1063df02751874e213a1688503f83dca9d71d8e54a1bece2b14735c9f0a3958978c1b1233f01c14f2b638b551d785507055e5fd619bc37a4b9325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
900B

MD5
b58f0715e8f2c456708e7a0f22efc401

SHA1
4edeb1ac197a9ccb9d016e31716e0d156c49970b

SHA256
1387c96885df346752bb01b6dec62505b6cc3d7171a26e53c6a576e9ad040e1c

SHA512
229beedb09ae784ec95389144d45965ec5ad98076fabb365f6a98bb1829191f9ded142a5ba4c084b6c3eaf70009fb5838cd00b66cc70d56b7e83abac4cb2f1bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
20KB

MD5
fc10a6063cc3950e61b3c90381fdf695

SHA1
01d30e2c9b2785b34367791feb7b05f729864cde

SHA256
bf82a28bb440446a4a591b227ee10ac1bbfaa5551c46c62c0175c9429f24dfa6

SHA512
ae4e26fd7ded8d38a5bf27019c7e79be367c78688861daf6a23ad5a57f4f2d774cefa5763fbe83c593f0d32ece6e633ac8b3a250b4917577366e2e537b206520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
3f8927c365639daa9b2c270898e3cf9d

SHA1
c8da31c97c56671c910d28010f754319f1d90fa6

SHA256
fc80d48a732def35ab6168d8fd957a6f13f3c912d7f9baf960c17249e4a9a1f2

SHA512
d75b93f30989428883cb5e76f6125b09f565414cf45d59053527db48c6cf2ac7f54ed9e8f6a713c855cd5d89531145592ef27048cf1c0f63d7434cfb669dbd72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
50cea0adee80b1c80f140ae617a28831

SHA1
9ee144af7c4bbb6c42ea7feaa35bf8863bd31154

SHA256
724ea0a1c714d8defd3ebcbf9b8eacf54146f58cd1072ce4e4bbcf1ab723e36f

SHA512
f951a2a59d9966dae374a2c32ff5fe56138df6c986550858d7222d81cf7509a6a6bb0f877f40397f19a5b6c22a69088064c3ac5ce7407b7635675b634bd08718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
00c1f30c3ba4fc39cb1ddc33740bdc65

SHA1
4395e85ae043184c208a68ac02c34bc36e7a98bd

SHA256
98229416364bb9001c517e08b40bd4be65e7212c2cd586a279062020224c685b

SHA512
f3eb9410c0003a438b25c75d6404289b5a98a4a5661de3e88f016d6b1927f927c2da32682a14415c068602dd5ee95fe4c90e996f5db66e3948bf0e8ae77ac106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
f9141ff3ac2e727ac8e65485d78e7742

SHA1
14d9dda33af10b8b8e9d25af995d8d3c5ddf86f1

SHA256
efa11d0a0eb74838f70eb4c503e48fc3f624ffde219eb4607e27a5829bf45db7

SHA512
19d81fd7f980076dda6bbd477cd03bcf2ca8f14399dab9bcec2bc07c118f908ce85c41ef9b3e2945243a3ac2d4c358d88fcc056bc282917a019a92a4667bf36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
36e745aaf64e188299d343161236608e

SHA1
dda1a8f8c278ee54b955d3a1859a07a41bdd3c2b

SHA256
5ccb090abeeeb97d14d2823ea1b7a55bbf66373afcd0915ba498edbb32e6c703

SHA512
61dbb8cf84bb430bfde4d5f4492546ac525b241f60a2a6018b6596f4d1c30d866c4ac0e58234ed7f44f7757d3032f254cb2c7da35cebaf72de8de60fe406b907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
b380f096a919785e576b832b19efa50e

SHA1
c019c52f82d4af68a832bd4df2fcd7da342341d5

SHA256
7d54420eb833b7e85a87eb9ec6af079c117498f458b3dbaf86d4fce1f35a59e6

SHA512
ecb33196734447302421b931bb07709be02febd2d36bafd8b7850840373a5557eb73fc9d0a42d733baf5d13f901bf74889773b32f10271e71e8df1850af3c48c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit