Analysis
-
max time kernel
517s -
max time network
518s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
21-05-2024 01:10
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://orfeo.minsalud.gov.co/orfeo/validarcorreo.php?idenvioanexo=MTg0NDEyMA==&opt=2
Resource
win10v2004-20240508-en
General
-
Target
https://orfeo.minsalud.gov.co/orfeo/validarcorreo.php?idenvioanexo=MTg0NDEyMA==&opt=2
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133607274728939277" chrome.exe Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
pid Process 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1604 chrome.exe 1604 chrome.exe 2520 msedge.exe 2520 msedge.exe 1080 msedge.exe 1080 msedge.exe 1644 identity_helper.exe 1644 identity_helper.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
pid Process 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1160 chrome.exe 1160 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe Token: SeShutdownPrivilege 1160 chrome.exe Token: SeCreatePagefilePrivilege 1160 chrome.exe -
Suspicious use of FindShellTrayWindow 51 IoCs
pid Process 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1160 chrome.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe 1080 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1160 wrote to memory of 4268 1160 chrome.exe 83 PID 1160 wrote to memory of 4268 1160 chrome.exe 83 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 1600 1160 chrome.exe 84 PID 1160 wrote to memory of 2652 1160 chrome.exe 85 PID 1160 wrote to memory of 2652 1160 chrome.exe 85 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86 PID 1160 wrote to memory of 836 1160 chrome.exe 86
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://orfeo.minsalud.gov.co/orfeo/validarcorreo.php?idenvioanexo=MTg0NDEyMA==&opt=21⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1160 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6b7cab58,0x7ffd6b7cab68,0x7ffd6b7cab782⤵PID:4268
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:22⤵PID:1600
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:2652
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2256 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3016 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3024 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:3868
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4356 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:3732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4328 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:5056
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4508 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:384
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3428 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:4720
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3432 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:1620
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3884 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:3732
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:82⤵PID:3424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3920 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:3188
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1868 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:3112
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2428 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4668 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:3908
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3444 --field-trial-handle=1928,i,17499228688024461023,10022185786923130351,131072 /prefetch:12⤵PID:3104
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4280
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1080 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd5c4546f8,0x7ffd5c454708,0x7ffd5c4547182⤵PID:4020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:22⤵PID:1444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:82⤵PID:4528
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:12⤵PID:4332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:4616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:4524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:82⤵PID:2900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3532 /prefetch:12⤵PID:4860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:2392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:3828
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,9223706856104269963,11342153398082602310,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3000 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4032
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1876
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD53c565c2c2c91718d8402170ec307ea2c
SHA1bd2323f07b93cca4e4cc88b6d426b2dc6d644427
SHA2568d1cc59e99da79a9181ccf05ed7dff94e456729edacb1533c97220a482ef46eb
SHA5124afa07932c08dfd97a7e64a4a5f6955e9d188eae65473a96a9979910919b4fdc2f7813e3266087bc0eec3ee6936e99be9a88a66914a56a3b54f1d94569256216
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
7KB
MD5c2e3893663c1410ddf17d19f77119cbc
SHA14b94f90fb661c300b0fca0edc6aacec56aea8b7c
SHA25614c3a37a7d00a39f3959eac8d9aa8abbfcd66543e1ba2f5096545900e04c04f6
SHA51241ddcb97d9b04af27b4a1ff506d9421bffca6d3e935004a6ec180a82bdab0efa3f68f3cd0cd10252d804f35ebb3bd11c8ac877541a149597ec27c770a0a1a1b2
-
Filesize
6KB
MD557eac595541104f109d0766615f74786
SHA132a87ca8b8d710d50c088007a25ce89b1aa6c083
SHA256ace126cdc7d4eb0f14c25a5c7ffb9a88f6163eea7565e2e1cf7b938428d8016b
SHA5120f4bd390549d27d681cea5d4151aa4bafed66d59370f3d96519ad00275197caacea1b2bf45e48232dfa9e63bc22933fb51ba31b7da6e9b13a56fcccda8260214
-
Filesize
279KB
MD557419d9b78c80fe7c010cdda725394b3
SHA14e9bc26fbc48cc7c2892e8cf0b7d97436c55570e
SHA256018abd4d82158d7953b4412e3dd3af516763b86187521a576f3fd01b98d2eb22
SHA512bf0ec078dc2199f64b2676fdfab566e5bb13390cbe2f75bd60381b8034d0e20b3ca1aeb260ba84327ddd9e8ea09771791e2a7534dcd220d3ab897d32e75c478f
-
Filesize
257KB
MD5cbe9644f45afbf3fad739666cda93ab0
SHA151066e0d9e7d9116236633679599ee9eea2080b3
SHA256610a89f92064e4f25a55c7bd8912325637b1a5971388eb498860ed4f0fd2cb46
SHA512fb064395858f470babdb9d85d636402278a2c9f9eb5282eeb9b061bb0cf06e0562ba72d65e69ece401978d6e965e0f64c62b488f4c992dce100134a842e496f4
-
Filesize
257KB
MD5029545377f6cf66baa5dffed4153298c
SHA1d6a1f3161f3613a2fcd28dcb119b4b4861fb86f8
SHA25640762a3e89a9a72cb0fed7eeea49f54366b74a022ba69dc772eb13e3534a2b8b
SHA512d35825a8a50ba08f2525f8bbc2894350375f52990ca43c3000f7b2a935777450fe42b5a7da9345e9a60735a30f651a2e92d12a11f87a686271beedfd698a1936
-
Filesize
257KB
MD50b014cee8dfea1e3ec61a99801c4d4c6
SHA1c3dbd6d59c406c5a309ea235acb7117018e9a5ab
SHA256751ca93e7f9b5b9b2d2f5df8c94f4847ec690a0ca4c1f0ff8362e4c117850649
SHA512d488b2fb45e9773129a3dfddc5baefb389b3bfb95e3f53a6b32c4eb598808e5ff5d4930b4c79a2e5b169add776613e6bf97e53e67ac67fb1d3fe6084d47d0203
-
Filesize
91KB
MD56f65a03d9fe300acd917c8c1dab32175
SHA18c2e53baea6468ae5f892f519d5ed25ec98eab8f
SHA256f227073c24b6bc1018139f3d99a0de18b40db43026b64f4ab841491d4a64fa91
SHA51221380d76bf7aa506d17901f976083d92b7a4bedc45bedec869bd28e1f636ced3b67aa8bcc320f9581e1bfb1039db57a48c8a0972d6e0cbcb1a93f1c1ce11e9f0
-
Filesize
88KB
MD5d12b457bd96dda70a0b5f52850da9b2d
SHA1ee373c9e6a5935b77e251dbae55b391029db2393
SHA2565aa545ef4aadc43ea45c9c776e8b472d41ae5b62db3e3f232dde9f1745fcd21e
SHA5121d7807d1f9bbb3f5203a1c654d38d6d724d6c321fd2be1693a7b1b20ca7ba72215845dd5e35420968dda9c9f783d7bdfe3f2b9d1977aae5ff4ab4ec68a8d6f31
-
Filesize
152B
MD5612a6c4247ef652299b376221c984213
SHA1d306f3b16bde39708aa862aee372345feb559750
SHA2569d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a
SHA51234a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973
-
Filesize
152B
MD556641592f6e69f5f5fb06f2319384490
SHA16a86be42e2c6d26b7830ad9f4e2627995fd91069
SHA25602d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455
SHA512c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868
-
Filesize
5KB
MD5f23887df296d168e131b2aa11c31cb18
SHA168e889130a379f08ef963a57b240bdd2a9485327
SHA256599ad666f52402b5d3bad1d3bde3b054af00e37b3d2df264edfea90d2da81650
SHA5127b8371ac0be3c30bb0b7493808f9c338f5f3eceb9cbc7a748ebadbb02931c5cb23330f02a10be2620f89b5a61123edccdb0d0ed59b7e1dea15b616e669b84762
-
Filesize
6KB
MD51c16282fecdef29eb8298553329dc7ce
SHA1b17e73e5caa6c3229fdf2adfe6100235751dafd7
SHA2569bd4bf75d6e832e95d23fa3f85bfd5fecac195859214452a7c13e5c23cadbaf6
SHA5121c0cf3e08a1000c521ed2307c3678612a5801d8c40ab81f4db0f742bc77b9c6c1ff9f0613e51bc085256c22196dfea16acf1b2cf09e8582769962c2be941153f
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD589b57488028638487b43c2bc737a8516
SHA1bb12c029b23e68d442e6640e78468ecd4f61d708
SHA256b5ab332230d62a1889271c57b49ec938c18a2584ff0193a5eaaf27f6abb7f2e7
SHA512286547ad4de923378dfd76ef3a25353cb9429320d28655d2dbfa7bc61024e44eba6e826c34c303804a51c281bb295a47b6bb78feb01df1c3d3eacd5f7ad47e9f