27141b9ab30f29debf7cd3ca27c8eff124d975b0cdf59101725c84c5e0b86132

Analysis

max time kernel
147s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 18:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

IMPASSE_902035.html
Size

167KB
MD5

bc499bef570abe27d61ff412869d9f28
SHA1

aee0bafbb9e84da527327819dd5bb17335b75909
SHA256

27141b9ab30f29debf7cd3ca27c8eff124d975b0cdf59101725c84c5e0b86132
SHA512

6eb7c3a1d7181deb5b9daa374636883c05b472dfbc3c67c2077d3fde2d6f4c27840c15457ef2b83ce9930d6ddd444f9ca8b3d002777aa80e7b5fe73b16666d83
SSDEEP

3072:vDgteiDehDFDkIsQJoSheIIEDfidfBhDhDDftDIhDgBhDyDDIEDHNIftD2FiDftq:vDgteiDehDFDkIsQJoSheIIEDfidfBh6

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4968	msedge.exe
4968	msedge.exe
2160	msedge.exe
2160	msedge.exe
3888	identity_helper.exe
3888	identity_helper.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2084	2160	msedge.exe	83
PID 2160 wrote to memory of 2084	2160	msedge.exe	83
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 3496	2160	msedge.exe	84
PID 2160 wrote to memory of 4968	2160	msedge.exe	85
PID 2160 wrote to memory of 4968	2160	msedge.exe	85
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86
PID 2160 wrote to memory of 336	2160	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\IMPASSE_902035.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3e7f46f8,0x7ffd3e7f4708,0x7ffd3e7f4718
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5988 /prefetch:1
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12417391647722023279,16478834125923659267,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a85edd44c8d2a0549cf13086a2d21895

SHA1
227890987eca8c0c1f060267b7ea8fa71056dfa9

SHA256
b66caa6f107ab8fada100e50f3ae30ec2d894a66977f8de7d065f718ae84670e

SHA512
8c4b7775928998234ca86e643c085074f5141f21a4a9e15253bc4fcfc8cc8610b9b4cb8f378b81142b43ba6a1982f078b5802cdd9b17f0af8c16950e88e3222d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5056714b81ad149d5a8e2f8f7e3584e3

SHA1
8c600650c1ed8a44ef361e53919b2424018897d4

SHA256
622432439d6b7bedcae71e736b27ae72fb34a4c4290815cda290b467bd9aaa67

SHA512
1f4b0bff7b777a79a13965da5decbd49eb4f844d8a2ebe1b45c16f27bd551e93ef24d08185348e0921cabfe466bdbb782d85574c7a7a52b13f5ab10e2a88a5c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
578fadd6542274787253f1e815dc103c

SHA1
e2f0e5fd04cb7417b46b2af747bbb45b251d5dea

SHA256
bb25ea04fdf289bbe1414d4a93676e1af3f164459e2c8625e4d892ee95660257

SHA512
553716736966c2d15e91bed046877f6276fc0d3887461676cc90ebd7e83e6c6f98a977776cbc4104cd379aa062bbae184347969f6f0b4d7ef9fba0fa55fe86e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f772680466a1e05a68bd03d956c384e1

SHA1
70898d99698eafdb7aa36dcae2367b07546f3190

SHA256
dc32d2f1783e9c0ace307156e4e899b99cd22b1caea0079f8e17db5798f98e58

SHA512
ce687e22e02e9ea9999a9741fb8430212ec2ade48bcadffc97a3be24c53a9ce9e15436c42a74a757713ec689e22c48e1cd736cc001cc8c7bb636f0cbf1fe41f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9cc5fed419adbfcd93f4a7c7dc926fe9

SHA1
72ae7d3018073d4ef18e52cee0623379db26f355

SHA256
fb79700303410fa06b39fb01705612bf1e0f7d942972f04380cc2834e04a30a3

SHA512
09f846ae322f732b75ba3da994ec967dae1b5cb87ca4923e624838f5d2a37a16f21d9aec9c34bc997a31a3cb2d59c514d34de384b5e94a8687a0878875661681

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a61d0e0af315a2064626f1b7bd6133e6

SHA1
a385bdfe206a27152241f2d01a8e4bde287c7fe9

SHA256
65c3915d20250e53d534d787b50728a640b083433eff3968505f2753fa1f957d

SHA512
acf6fdd070f8ff640b05a5b2828a7d5d40840929ab6876cd73eb1161f3d1c875a5c469d3c77a73d10449255512a9f70fc81533fa5f540672e8afb85bab0e538d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31d5d27740b54e136be5046cde1b3a39

SHA1
492429365bf73993ee89e5131a9ee0e9e917fbf6

SHA256
3994f04dc7feb264902dbb1b1518c07a846fc08576e7701a492bfe4dc52c5df2

SHA512
3981380d7fce4b74d01b1fcc717d855a52786ea8ca3312706ff2c460a3525ac943d997c5debb5bc0d8d45be50eedbe55c87b644e0bbb542f16c576c14a37b301

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
44a597b442a9d2f5da32666a4785a6a7

SHA1
5277e38844a1f1e534b68c06530a354fe3091f3e

SHA256
4a9b595fda56b2b8e860cd9722f8a68e0988ed3b73d1047cd6a7a1b173ce946b

SHA512
b3a99c056882842e7363f10f606f2eeb57d906a30b98e7dad71ae6fb9b9d1b93aa66ec6bb8d4098df79858fe6aa1a1955530d4f590443aae83e75568515ba0cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5681b1ead928aa9f7dd6823e5ed582a8

SHA1
bb38b0b5dd1b8d6902661d73749b1c479a251a05

SHA256
27e7ab2309101f68d5a48ff9250f39535098987b3aa7b2ae35b28107670a6dcb

SHA512
2aca96d3b80ced223729b94bdf1a55326f6c6cfc4bf50313f1655b2bef56034a9bfddb32288b7fa940a61c4eab9db66bfbabce459f7e221e96cc06a951425a53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3cf81608f2745312afccc1c257f6bd79

SHA1
66e6782d5785282b233fc1021e00a508e9352118

SHA256
2b1be7bc86035843d2294cb4b112ad3595cd1f08254f38e3afe582d1986e997d

SHA512
50fdcfdcdf5616040dd109415b9ee06936a8d806e7094d73eeb3b4739f5ec9dc206582b06ff05b858dfd43488c89832e89c8cc86ce167004467c3895c1411110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cfba06cb482233bd3ec6bf25fa90d0a1

SHA1
02700965ab39f7a709477ee0772025a1575f6aa4

SHA256
b1033b1a1ca2224b480bde852dba7265edea3367c4009e591bfdd99c84ff8e19

SHA512
c81b57a41a5926e6e5b6a17b428e349a0b6e2180ae4af09bbcdb78afa37f8b507d12df6521c49cd7fb3a0420822bd1755bdbc8dbe07888cd10dde4743e58c9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dfb01cfc857c449f0d99e38b5385ba34

SHA1
7e931eef54c004ba66104e1d00fb2ae39db4026d

SHA256
e8b64b5fc03c343fc3eb27104a05de413d64e0f18660da7646e26c605c56682c

SHA512
d47f7367f779377af06443aaddb8dd190005dcf4735ac340f84813dad08c97b1aad59b82189a9c68936c400843612e621fd5c18f415fa97f3a00c4b3d727d708

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cb834e52ece7936bfd5da7e823b41529

SHA1
4fa758c4906e12209f5c0ecec820926cd82c6a10

SHA256
337ec794af168ce41fe28dfce1ffb9fac49c6fa974dacb414fd870dfaa3900b6

SHA512
e79a50130e9898dcb5e6b9b3ff2c8b7ae93ff9d63cf45437805ce8522891ed4667c5b2e6db0d099260a2efeab6624352bc55aa7f6933ee8179661593dd8c98dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
875529dfa91956d110f8194eab665f7a

SHA1
f35ea38f9b7e1dddce24738e3846cbb170286719

SHA256
341a87a4886d35285172aca12bb789ac0377492695597c7d477ac28fe54b09d9

SHA512
8857b5a1c999b0973931442439c00c3b7f13069d5e4d75e7362c551bb666c5f7dc445862d87a639ed3df3030418243bfbc4801153a4a62d8f1efc21c2a4f199a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7999339cba44e940eaef2c5d504860ab

SHA1
57c01889acf7704f99f52e9a7efe5b8fe5aa11c3

SHA256
6de0f71df6b85d54075c81614953b74d00550567c77b0c7ed00e9df743b16785

SHA512
95691927c5d09a6243ab3127178c6d68ae013452e1dc78783a1fdfad39bdcb7f4694c578a8c50a73c0fd58a19c6112c71edcf916179878c932d8d8b2f8c183ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
259d337fd01e79fcb421a57ebda9ba4d

SHA1
522bf1426bf7cd624383ef28d5999e449d94c466

SHA256
94b06006a742f3fef8682b0c5ca3dc5ce91bc01ad96ce2cd797602e76ff44c50

SHA512
c0ccc9f59cbcf2739fc4d91b7a3021097c82a4b561d1251a716472259d0e95985e62562b8ab595947667d835e63f625587ca2248566ce485b2927f8af23ffec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e7d5eab1bc065ec1ba30f9b36dbdba2f

SHA1
b8eea1bb82a4d3b743d55b23bd615ab918a153a2

SHA256
7c0911f766df61ceee15a68c617c872a44741469fa0b76407f36ca295b42faa5

SHA512
0a301a73928ca1f5b4e2cca234245e43b7934c1ad755c8ec24e44e82ad2ad677473f64522e9f911202aff203f7277fb47e55e67d01892dea9293ce7aeb8e0a73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
14a5ede396f1fff7d386664bdd6470ed

SHA1
c837725862379931eac751086ee4ef59b7f2f0dc

SHA256
b09066f94d02307679ad4247bc85f80861b44875664d734a41415e3f43423a1c

SHA512
5607be3dab5543709736fe0e1d054d67aa02bb230f148b051ec4ff18b3387e0a4b87e432388e4f02d0ced8c763703b7c88e9f6e9589ae9131b7829be98804ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
cbfab0b22c8e0600966224351bd700e0

SHA1
d2c81a366ec3d96e833fa4cfcbe495917ef9f316

SHA256
825c2e27af8d30eaf4a46a321cc6350a035a3c38b98a0c6809e93671a96d92f2

SHA512
98ad2c624ccc3055093a81225f7554019f3e87782e24954aafb54b7a494dec239d903ca4902c834f6ebb1180d9e82bd281f0bbf3587b55e82e3afd246e2787d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e7c0.TMP

Filesize
202B

MD5
d59dd2877dfc0d18ca86981108e105b3

SHA1
cede13211ffdb0fed64aef324462b2d799911653

SHA256
7fc5f0cc852ec51230e99ba40ee01d502df4dccc99320413368365b3ea655fc1

SHA512
51a837af5e3f74cd85f14d64057528f7aa2923ad3f3db5a1cb908ec46a9009e057a9e48732d1e9a2285b5daf25dba937a2360662fc8aa8487c993aed35677247

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b646cb6d-dcdd-4859-b3da-379b0981f721.tmp

Filesize
2KB

MD5
826869cc6f5fa95d09c0f299696c51e6

SHA1
0f6f84c90de712366f4527ba34dada079bb4ed54

SHA256
5baa7fff9627ca3f835324207614c73ef78ab694ed72c2797f76413e34986fd1

SHA512
b805ef82db16b540aa782c57f9cc9ace15a6f02614be4179a1461fa25ba1483541bb8deae43c1513e104feafe8cdceb7459e485fe55cec9b4e4df964f285ed49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd06192226688cdbab05785f01a4f19c

SHA1
acd68f559b04e260ce353df2ce0940b1c2bfccce

SHA256
6a62b5af25980819c10d43976a8d414681f52a4f36134a4b9cd82909348e1708

SHA512
3e0adbda337e51878c862d4a22cf7da90e906b1f32275557d1c8398e14d33e97412aa4bdaac97437fb29db00a062643424d665d2d6976a00bbf6d729c41b664f

Download Submit