Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27-11-2024 17:23
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=xqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DxqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw*22*7D*7D&flowContextData=Hn1vkedHehmpqoI_nAiINSJ9n-szZmyoaegnlpyrmLRBN6c82jDQu3z9q53LjHevAHfyPkf7ES8AcnoA2fTEdcISOxbwcC2JeQFl_SGtE0vu6EQm3CUiEWnM2CzeyDaq4EpVuYrLpD8jTkk8Vof_o6dBvZqnSqovs6Z4tLZIHoTpfosFfdyViyrU18IF5Wrje9UoT5Sd2s_XZnLUbuUuTwtxn6Yl7lXp9exiMqZk6Iqmyv-zz6FVdnG34C5BLdf3NBklEmjP5qNDAB8xfShyx5yJxFPrmppeFZmHCVUYFmeNfLxi5ZFdAqq4MyvcJsh1qMYO_q-M-Md9M-CN3bZNOv-nWxl970cUvipJZGqunQ9IdWDjpbmE4dDjVoZ2nQYMKvQXrZWDLKcwvB-2cjDQp64kmscnSX-y6j8s4bI76vibwwKJqbcjSQ5pbXAJRgnpvzEBQG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&calc=00382aa664b13&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=xqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DxqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw*22*7D*7D&flowContextData=Hn1vkedHehmpqoI_nAiINSJ9n-szZmyoaegnlpyrmLRBN6c82jDQu3z9q53LjHevAHfyPkf7ES8AcnoA2fTEdcISOxbwcC2JeQFl_SGtE0vu6EQm3CUiEWnM2CzeyDaq4EpVuYrLpD8jTkk8Vof_o6dBvZqnSqovs6Z4tLZIHoTpfosFfdyViyrU18IF5Wrje9UoT5Sd2s_XZnLUbuUuTwtxn6Yl7lXp9exiMqZk6Iqmyv-zz6FVdnG34C5BLdf3NBklEmjP5qNDAB8xfShyx5yJxFPrmppeFZmHCVUYFmeNfLxi5ZFdAqq4MyvcJsh1qMYO_q-M-Md9M-CN3bZNOv-nWxl970cUvipJZGqunQ9IdWDjpbmE4dDjVoZ2nQYMKvQXrZWDLKcwvB-2cjDQp64kmscnSX-y6j8s4bI76vibwwKJqbcjSQ5pbXAJRgnpvzEBQG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&calc=00382aa664b13&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3442511616-637977696-3186306149-1000\{D3CED2A2-EB9F-4853-975C-7347055C3733} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 1788 msedge.exe 1788 msedge.exe 4116 msedge.exe 4116 msedge.exe 4824 msedge.exe 4824 msedge.exe 4192 identity_helper.exe 4192 identity_helper.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe 1748 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe 4116 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4116 wrote to memory of 4100 4116 msedge.exe 84 PID 4116 wrote to memory of 4100 4116 msedge.exe 84 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1684 4116 msedge.exe 85 PID 4116 wrote to memory of 1788 4116 msedge.exe 86 PID 4116 wrote to memory of 1788 4116 msedge.exe 86 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87 PID 4116 wrote to memory of 4460 4116 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=*2Fmyaccount*2Ftransfer*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq&id=xqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw&expId=p2p&onboardData=*7B*22signUpRequest*22*3A*7B*22method*22*3A*22get*22*2C*22url*22*3A*22https*3A*2F*2Fwww.paypal.com*2Fmyaccount*2Ftransfer*2FguestLogin*2FpayRequest*2FU-15861555MV967174X*2FU-8CD4840112326792B*3FclassicUrl*3D*2FUS*2Fcgi-bin*2F*3Fcmd*3D_prq*26id*3DxqdldqY2r92uBPpDjKdnoEfVLwtS.z8QyI6Ffw*22*7D*7D&flowContextData=Hn1vkedHehmpqoI_nAiINSJ9n-szZmyoaegnlpyrmLRBN6c82jDQu3z9q53LjHevAHfyPkf7ES8AcnoA2fTEdcISOxbwcC2JeQFl_SGtE0vu6EQm3CUiEWnM2CzeyDaq4EpVuYrLpD8jTkk8Vof_o6dBvZqnSqovs6Z4tLZIHoTpfosFfdyViyrU18IF5Wrje9UoT5Sd2s_XZnLUbuUuTwtxn6Yl7lXp9exiMqZk6Iqmyv-zz6FVdnG34C5BLdf3NBklEmjP5qNDAB8xfShyx5yJxFPrmppeFZmHCVUYFmeNfLxi5ZFdAqq4MyvcJsh1qMYO_q-M-Md9M-CN3bZNOv-nWxl970cUvipJZGqunQ9IdWDjpbmE4dDjVoZ2nQYMKvQXrZWDLKcwvB-2cjDQp64kmscnSX-y6j8s4bI76vibwwKJqbcjSQ5pbXAJRgnpvzEBQG&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&ppid=RT000186&cnac=US&rsta=en_US*28en-US*29&unptid=0142f880-abf8-11ef-8d33-21a3ebe5fa69&calc=00382aa664b13&unp_tpcid=requestmoney-notifications-requestee&page=main*3Aemail*3ART000186&pgrp=main*3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585*2C150948*2C104038&link_ref=www.paypal.com_signin1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4116 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeff8b46f8,0x7ffeff8b4708,0x7ffeff8b47182⤵PID:4100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:22⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:82⤵PID:4460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:12⤵PID:3000
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:12⤵PID:428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5040 /prefetch:82⤵PID:4464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5028 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:2516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:1632
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:82⤵PID:2640
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:12⤵PID:1672
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:12⤵PID:1748
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:12⤵PID:1120
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵PID:3388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,2807321531249127611,10289618853291567472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1748
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:836
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4192
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5b8880802fc2bb880a7a869faa01315b0
SHA151d1a3fa2c272f094515675d82150bfce08ee8d3
SHA256467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812
SHA512e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2
-
Filesize
152B
MD5ba6ef346187b40694d493da98d5da979
SHA1643c15bec043f8673943885199bb06cd1652ee37
SHA256d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73
SHA5122e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize936B
MD5f7c59856234f76db2ef18e9044a782de
SHA1729a566fc2723ec65998a848410f849aa00259ca
SHA256a9ad1d379df481c2c502ce4f7dd0c829cd53c3897d0fab79be5a57df2fac2a92
SHA512de1d24702ac0ca241f521221eccf5dc5bfafa4cad537b381c7db500324b95e51c561376abaeef90a0b1f25411f44957c9d969cd133e14983def04634f9a634db
-
Filesize
1KB
MD565ffffea6eaeefbaaf74e35dc5f59598
SHA1bf7b7331c8e0efa6ade4f5714aaf89d4f9861e38
SHA256ce3066a1ff72cd050b8e02e97580580971ab39fa268e469fdd01a03df4c8282d
SHA512bc652a6a194d360b659b51ea2d510627ace758bdb737a202548aa8b9ce3a883b4fa5ce35e5ac4d1a49e233ad8478dcbfd5b465bc033ac0c3bb15bae69bd2dcb7
-
Filesize
6KB
MD52cf61110e2056628eb9744fc10b49d92
SHA12d25f0249bc4b8e55ad43edd69f4b92a0c2ec5dd
SHA2564d4a46d6ef9f57a57bd00f626375a412bf666ac27a6fd7cc009592b09bbc3b07
SHA512d6ff2a2d66b72f997a4e323322b5d20993c8205abc1b02f88c882b5bb1da496c6bafb4c75231c610f3aaf9ed671c5adc213ad4ee483b6ec08f0c37484bd4ccd3
-
Filesize
5KB
MD51a165f133464a62d32f17ee8c4a75860
SHA18591a5caf38d56d3975f4c5648ab5996d6c4c0e4
SHA2564e752355a82c6014e0b98bf029b6b780f9f5a5998981f50619d7540858c11342
SHA51220c0ce67fec5a76fd0d7805f59a0e2ec571ef7ed9d1168741dcce4a49964cc4a9526d9e65ef44c37685231abdcacbbbe0fd0aa6b052bb122f17247d40b9b7bb6
-
Filesize
1KB
MD5f6d201590062106449ff19caf8270b26
SHA182a7ee15999d68cf83b00124cd5bfc024393f9f2
SHA2567869d6ee456994022fd146d15c1dd379f403ec3ae2cb869a96d51f1518a5f65e
SHA512cfd6a138beee16867ada15656d126a948d7336619f5702158272ac6c39153910a5abcbcce01d1040a05f5b80763aea89791112f8e1f83085b171561c17aea66a
-
Filesize
1KB
MD59913ff70ca278d641b8f8823a13f4381
SHA1652f893dfbb8a46f2e1111e85510cac122dee2a6
SHA2564f8d39912ab5ab3415b32fb4f87d179b00bf1ac58cf5343439b3af4287597526
SHA512ddd2d0c846fdb5ad8e39946424e0b4d346caad06beead774656ed66dc59454ebba013d1fcd2c386475de93e5383c5ce32d83edc5ae946cbb154d2b85ca1b6307
-
Filesize
1KB
MD5284fba8cd5ca7609401da4f865c85adf
SHA10f41c75e87b048e2e7991aa7895333954fd502af
SHA25663c27862b997b87c1d3df46637af9d86d0fd2b88b2a961bb28e6ff75f8185243
SHA512700c34e6f8fdea44b62e99a5be7dec727e02fc340e6a0e6124d2e3bb50ec53ddf64eb56232f8425ea42bd46456f2f2c65fc3cc2bd0dd0ca00449de6e4b94e28d
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5e7400e3bc983cdf613ccc2871b134f08
SHA1f828724f6854d34e620ee7fd24f7810834d3f352
SHA2562c4d70d7d0a28dd75ee1c18375b1cfd56071d5a8f725bb72d7ec43ae8c5f708b
SHA5125e02247487827a8d894b1c52d89d67240b4b45217b106b924d3a865d4b5f4f1438868cd64e88f5bb1a390dce1d8eb0fe6b2d1e002baf98166a05a65eb6efdfb8