Analysis
-
max time kernel
72s -
max time network
84s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
06-12-2024 14:08
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=tLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w%22%7D%7D&flowContextData=RreH99JA9cXAY1ECi8NGU6YSPcPEjs2ap2mvjczkF28gqSgCD6i4advAeib157z3UXKckAnjsgdNHB-kz1Vm9oUGIsVz0O8B6lOtNcziLGwA1Nux_5sDd1_3r-uisMnbJSaWUnukEAqsxFfWzq_mKZp7rHXUXPkZyQBK6g7DlZCvGCa5dJ3tkJEzlA7LwhYbi_h8j5JE74_DEBmd7aI2l6bJph85-_uSAhiBj-iMBMNE874hjBGLLOScM0IiUP3vnNQP44uJeC4Rb4tmLCiEdWtts0qgh1ynhfspb84r6hfVBy5KTcQHa-NJZq53Xe1cb9pO4TsLlnExxb_lCQlroIQ4nRJ24iIsEnp3xbBc6MEUS2EtBIRE0Dix1BP8gbGNs0raz_XIiGFizgqzBuW2J6I3FP5Nqf3wXJP8NT9xJSxj_FnW1vhnFS_fMIW&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&calc=f5715153d3118&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Resource
win10v2004-20241007-en
General
-
Target
https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=tLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w%22%7D%7D&flowContextData=RreH99JA9cXAY1ECi8NGU6YSPcPEjs2ap2mvjczkF28gqSgCD6i4advAeib157z3UXKckAnjsgdNHB-kz1Vm9oUGIsVz0O8B6lOtNcziLGwA1Nux_5sDd1_3r-uisMnbJSaWUnukEAqsxFfWzq_mKZp7rHXUXPkZyQBK6g7DlZCvGCa5dJ3tkJEzlA7LwhYbi_h8j5JE74_DEBmd7aI2l6bJph85-_uSAhiBj-iMBMNE874hjBGLLOScM0IiUP3vnNQP44uJeC4Rb4tmLCiEdWtts0qgh1ynhfspb84r6hfVBy5KTcQHa-NJZq53Xe1cb9pO4TsLlnExxb_lCQlroIQ4nRJ24iIsEnp3xbBc6MEUS2EtBIRE0Dix1BP8gbGNs0raz_XIiGFizgqzBuW2J6I3FP5Nqf3wXJP8NT9xJSxj_FnW1vhnFS_fMIW&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&calc=f5715153d3118&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3756129449-3121373848-4276368241-1000\{AAF9F35C-CD61-4F1E-9705-A6793306DB5D} msedge.exe -
Suspicious behavior: EnumeratesProcesses 8 IoCs
pid Process 4012 msedge.exe 4012 msedge.exe 4704 msedge.exe 4704 msedge.exe 1220 msedge.exe 1220 msedge.exe 3796 identity_helper.exe 3796 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
pid Process 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe 4704 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4704 wrote to memory of 1144 4704 msedge.exe 84 PID 4704 wrote to memory of 1144 4704 msedge.exe 84 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 5048 4704 msedge.exe 85 PID 4704 wrote to memory of 4012 4704 msedge.exe 86 PID 4704 wrote to memory of 4012 4704 msedge.exe 86 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87 PID 4704 wrote to memory of 3020 4704 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.paypal.com/signin/?returnUri=%2Fmyaccount%2Ftransfer%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq&id=tLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w&expId=p2p&onboardData=%7B%22signUpRequest%22%3A%7B%22method%22%3A%22get%22%2C%22url%22%3A%22https%3A%2F%2Fwww.paypal.com%2Fmyaccount%2Ftransfer%2FguestLogin%2FpayRequest%2FU-76J51654HB0957815%2FU-6B6290400X2477803%3FclassicUrl%3D%2FUS%2Fcgi-bin%2F%3Fcmd%3D_prq%26id%3DtLjYoRPv3hzgIqWhXLrXK1tEfe8rPkwE2Q1c7w%22%7D%7D&flowContextData=RreH99JA9cXAY1ECi8NGU6YSPcPEjs2ap2mvjczkF28gqSgCD6i4advAeib157z3UXKckAnjsgdNHB-kz1Vm9oUGIsVz0O8B6lOtNcziLGwA1Nux_5sDd1_3r-uisMnbJSaWUnukEAqsxFfWzq_mKZp7rHXUXPkZyQBK6g7DlZCvGCa5dJ3tkJEzlA7LwhYbi_h8j5JE74_DEBmd7aI2l6bJph85-_uSAhiBj-iMBMNE874hjBGLLOScM0IiUP3vnNQP44uJeC4Rb4tmLCiEdWtts0qgh1ynhfspb84r6hfVBy5KTcQHa-NJZq53Xe1cb9pO4TsLlnExxb_lCQlroIQ4nRJ24iIsEnp3xbBc6MEUS2EtBIRE0Dix1BP8gbGNs0raz_XIiGFizgqzBuW2J6I3FP5Nqf3wXJP8NT9xJSxj_FnW1vhnFS_fMIW&v=1&utm_source=unp&utm_medium=email&utm_campaign=RT000186&utm_unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&ppid=RT000186&cnac=US&rsta=en_US%28en-US%29&unptid=f5907da7-b0d3-11ef-a405-3f2c46499e68&calc=f5715153d3118&unp_tpcid=requestmoney-notifications-requestee&page=main%3Aemail%3ART000186&pgrp=main%3Aemail&e=cl&mchn=em&s=ci&mail=sys&appVersion=1.294.0&tenant_name=&xt=145585%2C150948%2C104038&link_ref=www.paypal.com_signin1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4704 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1e0146f8,0x7ffc1e014708,0x7ffc1e0147182⤵PID:1144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:22⤵PID:5048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3020
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:2860
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4700 /prefetch:82⤵PID:4408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5108 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:12⤵PID:4092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6204 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3796
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵PID:3728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:2728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:1380
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5484932999699137180,9788567443544184205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:3828
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2072
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4540
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize936B
MD59844276722f7a90117940ea5c2905c00
SHA187502c5632ef31af44b59a392f03a852fe0d5255
SHA256cfd11cb1d67a0adc45b6faed6e70088b1e795b3b69c5d8cd3abfa9ebae21e534
SHA5120ad5a9edf7ed876d7bbdac33557a8bcc436b7b825b653ca7e577e5febe17c0c03e170bff597b5020503421e859a869d12476ded1a1a9a58fe7c09772d034c857
-
Filesize
1KB
MD5b207384fe59ccde8b6533febd2a8d758
SHA19a60898f59c0f6252a2266c0b6cf0c20f1d4cfda
SHA25652edab5453553612ffa60ac7a1ebe976d6b5b1f24abb944910ba1bd4d03aac46
SHA5127b4cddce0e144141c3afe815ab332d86cdc38a91b73f0d828eef1c063426d39aab48df0e700672b87b3663a171817c446a273d3b7bda9c3cccffb59351920f78
-
Filesize
6KB
MD56ebe5eb64457659d5b42deacbaeeb5fb
SHA1b4f5c74b367e1f3a43316f5fc187d241cbbb65fa
SHA256c97499696168ac6ca0f687db5c94287b8d158d9df21493f45a14d65b2b701241
SHA512ad1ed063ca8868358d6df64960241e06daca3f4d337f30158d4fee211110c785adb222b417f01f879e2296621141a051a10a16fd6d04da667672d88076df1701
-
Filesize
5KB
MD5dee842d3013bbd7d409c507fb3131017
SHA103e3fcdbd5cc2ed290369310289c9627a1171f89
SHA256dacbc7a6a00f10b45c45e18801a5cda2563838c236ce679f5dca65c99e6b5dc5
SHA5128afcc4f9faa074ef59e7ac19714f36f210c071d8708fd2ec81fc1a70c1ad90803eae58929d7623e437c9a612ee5cd22b7793cf4c95ff943e977a0e18ce59cfd6
-
Filesize
1KB
MD523dd45885545d461d1806ad155d6798f
SHA1e8381f5a1fb0b8ac565b41b116b60b96b1e4f684
SHA256aa0960e9f9d698e0c569e5c60a21d6ee4998de0ea98f7f56d639be61253a44bf
SHA5120d10d30516e069547c416b1b922fa2dfcee3197d894d3b90e630d655122671c4b8d72456535c4c4ceaf77a5bc2e86a5f5386b0d66f719b2bf3f4434959120adc
-
Filesize
1KB
MD58323e218bdef6429302106a743c3a056
SHA1d201d446f6806829d296595ec871b4687a811507
SHA2560dd44d5ba99f58e8e731d24733a9a65193a9d9f9a701fec5fef0f806cce14c3e
SHA512bf2f9d50de4ee6ee18b47f1ad3c789ecc5ae1018876bddb601d2bc212fb98b03a5b7f63ccaaddb73d68b75943536cff5e347a120d4d9f44fe2372fa553e2fca1
-
Filesize
1KB
MD54bb04db3f7e979008afa78851b512df4
SHA175b8c99f5d6d1ba1ad959090b0edd92560a2b696
SHA2567c11d3da725d5a5df78526183defde81d5a326ce7c244098a180cb4616f6a861
SHA512a10269b9626a5085cedc51c4f30bb6ff3926ebe95722f6917acfa153333c8e74e63dd12d1c588ea56b855ef61ddde2040263a4cc3d12967e3db603f2529dafad
-
Filesize
1KB
MD5bf1f58b318b5a9458e5ae2a188adffda
SHA1d3f95409ee320dade630650f3938a5e0ea3a237a
SHA25618d47043363d105ccea18d635582edafe41e20d8387d123ad40419d67041285e
SHA512e34bceb0f98e877976d9ccb12a6d0c730e0d2ff72c605c206fd1a1abd62b3fd78a9ba7b076b73a67f6983129ac0abd586b56cf63e52ccabfa64d3faf370d61e9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD51e3e0de836af6edf9b46aa84eaa4a664
SHA1f03e52f0df0ec33bf39ed085357580bcfc75c147
SHA25606fde29cd69bbe95a7462eb9ae33a3e7b0a500374196ef5d847bf5c9705b4b78
SHA512e325c5d87d0d6119d81c24746a74f1333c3a5279640d817ad46db9cb2eb07412c781266e05cd1c9de524e8eafa73cbd91b532a25759a2892480675bb32e394be