d5596b4d1f66a653243fecd8c76d4329137dcfde23c72411be4075a55465b95d

Analysis

max time kernel
145s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
07-06-2024 18:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Your_Case_ID-Access.htm
Size

14KB
MD5

91a1cd7122431994a397ece597adc18e
SHA1

32609bc600adfc1731287e62cc74f0bc6e49954b
SHA256

8804e533093c7757a8c0a0b69582add1e4810919d43fe808347f7d6ee07ad544
SHA512

3b683eab772b58840ef11c413d540905ab2bd4023be4de4d056dbe1d852265b308b1909561e8a0f7fbfb36bcbee178d0c81fb8e24f7cd3ffdbaf8fac94ae287f
SSDEEP

192:7uN6AusD4fqiqfXczgk+zZ8rTEh2YRnjKPjqiaTk6faN4sQL5rxdGknq0FigB9dE:7uYsD4fqiqfsH+zyrTgzHvL08gzFB

Score

5^/10

paypal phishing

Malware Config

Signatures

Detected potential entity reuse from brand paypal.
phishing paypal

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3938118698-2964058152-2337880935-1000\{DB5EB267-8503-4944-8566-A7BAD7A535BB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4284	msedge.exe
4284	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
3948	msedge.exe
3948	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
1860	msedge.exe
1860	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe
4840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of SendNotifyMessage 30 IoCs

pid	Process
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe
2124	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4824	2124	msedge.exe	78
PID 2124 wrote to memory of 4824	2124	msedge.exe	78
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4720	2124	msedge.exe	79
PID 2124 wrote to memory of 4284	2124	msedge.exe	80
PID 2124 wrote to memory of 4284	2124	msedge.exe	80
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81
PID 2124 wrote to memory of 1560	2124	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\Your_Case_ID-Access.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb351a3cb8,0x7ffb351a3cc8,0x7ffb351a3cd8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:8
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
  2⤵
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6200 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5368 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,9226382873933537773,14051078295014404191,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1740

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
046d49efac191159051a8b2dea884f79

SHA1
d0cf8dc3bc6a23bf2395940cefcaad1565234a3a

SHA256
00dfb1705076450a45319666801a3a7032fc672675343434cb3d68baccb8e1f7

SHA512
46961e0f0e4d7f82b4417e4aac4434e86f2130e92b492b53a194255bd3bba0855069524cd645f910754d4d2dbf3f1dc467bcc997f01dc6b1d8d6028e2d957236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d22039bc7833a3a27231b8eb834f70

SHA1
79c4290a2894b0e973d3c4b297fad74ef45607bb

SHA256
402defe561006133623c2a4791b2baf90b92d5708151c2bcac6d02d2771cd3d6

SHA512
c69ee22d8c52a61e59969aa757d58ab4f32492854fc7116975efc7c6174f5d998cc236bbf15bce330d81e39a026b18e29683b6d69c93d21fea6d14e21460a0a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
03623c6b2abed004d47a68a442cfb71d

SHA1
8329dbf078db1b034b02884df057e25ae9b63f21

SHA256
ac969a446d56e2a0e93ab0af1cce068f393a9013ad33e0afab9f492334472b0d

SHA512
b5ca46a48cae0767267e1051e4891f5720586f2925ebb2a145b79bd970d1846606c907b267a7bc6de6e6c49a824b1cc43fcdcd4d2db001008f46cea8bf486139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
956B

MD5
074bdb80cca0371f0c53c8aa4a05619a

SHA1
77a057d273652697b69b33f929eb4bc098622d48

SHA256
dc90b23e0c405148c90c2a75c961513938d927acf0b319912f926ec6386afdea

SHA512
2887122ef2ed8d2d736ab2049de60949cd97c2e8b7770b1f1e4b127ae44d24bcc7b6a949e442f8311358c6b9a974b461a195291adbbb7ac8563ed60a446eb04c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a169ef94ed9f37758d4479a1617562cb

SHA1
ef72aa75497a874e340cace10e75d8feec6a4be9

SHA256
521d2d8f594c2c2696f322e6f429878643ba449a0f81cc5890e2acd83308b3c7

SHA512
5a834eab143064f70da4c09ebe708461b7bbdb1f7eafcd5edf29a86d23cf5ca9b967d81b55809f88d2813f27c11e9655309fbdc87a412a79552515020278ad6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1309d854c7c7f7b015fcfd9c22877617

SHA1
4114022d6b1253811384a97053e3bcd88dc56dda

SHA256
b5884d3ede67b86f14e800ad36f9ec530b8948c1a7d5ca961e7cbd350b0413c7

SHA512
62c644accae13119907ca224dfaa601d913039263ae58a12ab749b34bc7140ea0d14bd2e63a9d3f8f3984d608c7b3aa2c36129bd9febe6c124cd80d444233150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f673351f59321db6e330fcf94b3a6d91

SHA1
2df6b46570b3544feaad4e50fcb81ad7d45fa8ee

SHA256
f410c1d61677fca66747af4ade24453f4e019c2704091f0dfac2148addf79288

SHA512
b72ac0d19d9425c888f56994ea3b3cc7ae3a9839fb3e09215c0b6c24c4811fcf92474614f6b4834bbdaeb16f6d91b694d204b883cfe334f86747886fc678a52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d08dacd310c8e4fdbff8191a6ae396b4

SHA1
f9b66b8b494645d4bc31d91b06727e7e536de901

SHA256
2d2626a48f1548aea025a7b3da0e168b0b9754218b50201badfeef0731fd93f5

SHA512
2067321ec057accb4602eb5d307f1c673b7fdcaf9ad8faa14aa6fb115379e2b49c1c7be244870369c6679ff3e2782f9340121ff05c59f517aedabbe883862f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585138.TMP

Filesize
370B

MD5
71c483313ba7dbb718003ea5a90197be

SHA1
fcf1e81769e2ac53498afdb790d0adcc77fd248f

SHA256
64579976aa8ad29fcf4b0a9d9140d169d76fec5a51ca7db326f97fc1edc01ce2

SHA512
f39ff7b747d48d888edeb916f3b7665b7fb8b80227d72c2d937fdfd45d61334707b38ce8f5b8db8e2f0112b6298b092e491466add39c10e6a5f3d525f8e1d276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cedbabcd-fa82-4cd0-856c-8012ef760b4e.tmp

Filesize
6KB

MD5
f1e7684ac508f32ba3e80332a3523444

SHA1
da894123bfb015cefad6d74d4378096fae9f99db

SHA256
f96ae3e2879a929b905903668ba6e2767ffcb55bc59d6d6bc899a3eabfb20d6d

SHA512
f7c1596cbc9066815ea597bb5728d0acdec5f49b654336bd4d7cc00bfd47f2fefbec666171be7b476a478a1d1b0b33d6f963fc92d3de13e27f8c5256a3b458cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
1680bb9e9c58c90b2bb98b0936caea97

SHA1
593063af0f4c698456f2636dfd5fdaa6c5b59adf

SHA256
052e5d9c187b03a5f303f0c23317100dc8032e5f2d62d6d01c964424b77e586e

SHA512
6f5b0734763e1c96fff24c34593683e5f8a46fbcaae0e8b7809fa8656a982535f8f1eb9d3b3034678828e4688e1407f68804be0b3aff495864e58be2ce3f14bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2eb89d5d30971f1c13f33e5e73381141

SHA1
24aeb509a2598a02ad7c7751243b47ad758b96d7

SHA256
175c635427872f89dbc054a4c2134e9505c22bca98f1f1466a8ad81c6db20344

SHA512
612bb050963578c08de23a4eacee88bc2032330d23d629e6cb55bda8a103edc6790428b76e862611954c9721851523336cbf41387fdefc0a035ba308a4fa44ab

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit