Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
12-12-2024 13:43
Static task
static1
Behavioral task
behavioral1
Sample
attachment-1.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
attachment-1.html
Resource
win10v2004-20241007-en
General
-
Target
attachment-1.html
-
Size
232B
-
MD5
fce0b4902bfc0cb9246b9e7648c9ad6b
-
SHA1
af2ed9f25eaae4512361a56bc899faa2864a3ad0
-
SHA256
9f4c51aa35648270dd4323794d58dfbf32dfba51faf538a71f30c43ecc9ed9d9
-
SHA512
f9542f28943f67d5134aa20cd416481597f86ea85bd3b946d0f12235a029ff0e566227c1423446521f1dd4d9104bbc5c5b692fc6edeec50717e0108baac7a02c
Malware Config
Signatures
-
Detected microsoft outlook phishing page
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3152 msedge.exe 3152 msedge.exe 3628 msedge.exe 3628 msedge.exe 4264 identity_helper.exe 4264 identity_helper.exe 3648 msedge.exe 3648 msedge.exe 3648 msedge.exe 3648 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs
pid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe 3628 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3628 wrote to memory of 728 3628 msedge.exe 82 PID 3628 wrote to memory of 728 3628 msedge.exe 82 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3188 3628 msedge.exe 83 PID 3628 wrote to memory of 3152 3628 msedge.exe 84 PID 3628 wrote to memory of 3152 3628 msedge.exe 84 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85 PID 3628 wrote to memory of 2436 3628 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\attachment-1.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3628 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa586746f8,0x7ffa58674708,0x7ffa586747182⤵PID:728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:82⤵PID:2436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:12⤵PID:1916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵PID:2496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵PID:4348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:3104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5580 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:12⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵PID:1800
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵PID:2992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:12⤵PID:1432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:12⤵PID:3944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1712 /prefetch:82⤵PID:4268
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:4760
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:12⤵PID:5112
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:12⤵PID:3624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:12⤵PID:3348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:12⤵PID:2716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:12⤵PID:3476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:12⤵PID:3248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3831199036774970046,8798055161494447171,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5376 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3648
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3868
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3860
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5dc058ebc0f8181946a312f0be99ed79c
SHA10c6f376ed8f2d4c275336048c7c9ef9edf18bff0
SHA256378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a
SHA51236e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa
-
Filesize
152B
MD5a0486d6f8406d852dd805b66ff467692
SHA177ba1f63142e86b21c951b808f4bc5d8ed89b571
SHA256c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be
SHA512065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\90c23ff9-3151-4d87-a318-9ac5dc19d6cc.tmp
Filesize1KB
MD598ee8ad639d9e8b9e8b5b8bb5722152d
SHA13c0b126d1129a0cfa7aa474d9bc66df88e0724ee
SHA2569797fbbfd9bf74ee7554512c1ed27402c8ed29333ff6cb81e4f364b3a61741ba
SHA512bb70a9c04ca5b29d47a83339a4f67f21139ca998d59220147dfed18118da5caf4c82cd055c9eeeb65e25762cd39d425edd9a9c8751b2f5905a91f4d90ade7a4f
-
Filesize
45KB
MD52ca67d9f2114ab3aa3da598bfac6a255
SHA16c41c18db2b548dfc08b257c131f6172382ec903
SHA256211233c953415e5c95b76381ef51adff252de3e068861ec64d2d992862d90043
SHA512d61f7633437bf9b0bf89fb7e3427e4f643005455bb8dbbfd6208934f2a8189ada966c71bed9aafa5e4313a8597822a60782170d26eb044c5229f15183a641f08
-
Filesize
240KB
MD59d2a25c035f300fcfbae3ad3a7b5794c
SHA1aad587369e360f9285fe2a15a93c25424034b6c2
SHA25648bb268dd871db14e1d4a6e4eec41d317de958a9005efc2b2a4f1c9ba843a297
SHA51258d3713741e7cb2912595b75bfa9164601b041c63b7d68beb4a1c607fa14c8e47a5c12565758bf6543365484579c8164081a109ff4978acc590e08feb8608516
-
Filesize
32KB
MD52e287eb418940084b921590c6e672c9e
SHA11fc75a9daa054ef88aaea181f3a9b4cba2b6b6e1
SHA2566c2c58daae76131a00d1bfee20852f372cf594be7f4a8848acc42f8bf72c1bbd
SHA512a77f69571b0f04f4a2354d9e18e41ef86f22274eaed20c02215b632bfef09c6543a83591e9db3f2b4036a9684bff666eb6a7b253ba18893500e9cd541ab752a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5eade95f6c27ea3f1143cecaf0f839ff5
SHA1130cf7b473b50e3cc7b980266e782faff16ebf35
SHA25631db254b96ea5ec934a840d6e69ec382cde2ff2d2bedca91c6505f5d0b4758d8
SHA512588c448cd92fc152b2508b8e314a17a99aef6c10839c6cc99a3b5e61dbf64dbcc3e0a6084a156c26807d793731622e71ce826a6f38a882fa9a0852859c8ea699
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5ad1a37cb8b558f610044121c837ab62d
SHA15f4e6e68fc2e4dd99f15c199c15b4d0873803c21
SHA2561e9115e2234d330e91e266efb3f102020d94cacbd51796faa96686c601339050
SHA5128d8f9905b95582c27619b3fc5a8162e79e725e1c4c90cf34105855ed075a4ac491c2087f7e8d56005f467e7638abb83b353c7c74af6e03eafd85c87e422ceaa4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD534ef5169648e287556a8f8ed3b83e4ef
SHA19f6a409ed662a272fe25fe28d5126b6e009a2958
SHA256505dcac771725ab941f82647f59f8f2b94f6ed1b680d619cffb04d9886df15ca
SHA5128389252260a6166df7a3fb195ed479a5e12944a0be223b089c41edcbb415dc519d991c3679303648e0470809fa76f690155191d65a27e0e9613a79e18200d065
-
Filesize
1KB
MD5941718ee1475a72899a6599206971d3c
SHA1c38d4a96c90546b8d78675d324ac90d1ed2d18df
SHA256c52368d5b49591978ade561215ef52e78778f5652c374fa90f5d46213b6705bb
SHA512c697e5c9dcc2eb42ba8335ebf4bed1e1f39ca2b569dd43b1ffd12be9b9ac145efe843f2c01fcd7d0e4d13e7ec87b78b5aa4846348e46cd326bc59c79a047f741
-
Filesize
7KB
MD532f5668a51abfc38c2d5bc83ab04b4b4
SHA1371a0ae5cdfdc02ae1dcdfc002254b0561e34889
SHA2564a75b19314185d309521e8259052912745b66e90a905feba858b4fc500020445
SHA51293e7afbe801c4d9c87646ace900d0462cf30b78dd79123ad7c51ce02fadf832c51646894abec14c9332cb4c618eeb6a99485107575f5c204c0b4588d5151b425
-
Filesize
6KB
MD5f556d66c913603e79d5088699588c91a
SHA1d1ef5676497b3a83d2415e7e478df7f3b6811403
SHA25691a38a1ab92f6ed5ac0a69801f165115daca08293df82956c26656ebd743b24e
SHA51225ae53422b4ccbfbc684362d58f04f60db6bdf55b92d5001602d10e4adfd06ed002a962cc4cd6072956292520be35933160a79031f86a0918449f5124ddb7b16
-
Filesize
7KB
MD5d28787e1b8f3b6c83af144810a5bbbb5
SHA17522db7744740215b65cb1501908aa66f04c213d
SHA2567f2d45761891a8b63414f833fb0377535fae7ddae74fafda72776e9e75c3328a
SHA512ff229661383f4a6a554963d9f6ac1d4db3aa9eff25d32a9b63c7b7eecf542597eef2b3484c78ba9bc72741beea4e494ee88f97b81e5deb4e9cc8f085aedb2df6
-
Filesize
5KB
MD569f5550f93c4b95973435639466c4816
SHA192ecc8de7f4ab115ea259ed164bd8471f01b02be
SHA256b3ee3b32cfe15de65f098ff090bd0896808de9110611118d11c20908c561c886
SHA512d9e6cba519741474fc7688b9edb85f1f2219a2b1ac6a889510406655cb3b1bf76c8c85bb00094e3a469ea4b381dd344e95148d6b7b8ad5ffbc7010804011b052
-
Filesize
6KB
MD59f9231d020287aa7f222e8124cd87c4a
SHA15fde1920c55a699828fc173066181c06f880be44
SHA25630dda6ff5282c264e3602b6c61e516b55ad8ca9939e9f5c44fdcc1c1c7542e46
SHA5126c7a99b4fba0ec1758e90c03af6499f1c02f725ab3a819acf7ba50c6d20dd698de186acf8bf3ad94bd8807cb191dad9beec872c8adc72c92817685fce666d612
-
Filesize
1KB
MD51c7ad4dc50d512e6baf5cc3bddda3d45
SHA1c3004fb076121880d5820b989e78ed66b2bbe246
SHA2560c79cc762fee9c4ec12b0357d3658aecf780f476fa2ca6ee0a70f5ac37266f6e
SHA5122aff95fbed45156d31b1888ffb313a28e3bfead5386606d70525d0a8f57717a25c2fe901ac5c9fcf6a6d145231c1dd1d1f3112a9fd989c58b970a58b9c121e69
-
Filesize
1KB
MD5588ae92687501a5b2fd760bee4ff97d5
SHA1b56a94c41b61dfa7debf47b9f590ca3227ccdc18
SHA256541878893bc1e33286b3f9a83d11d4cfa3d0b3bbfc1829cf8dc70483473e14ed
SHA5125df9473facf5a93be866fd1ed9aae539ac4baedb6e95e15f0dc88aa1650462e7e0f0f41484d0702050adbaf9957f825308d1dbfc7027a84a2fdebea8056c8beb
-
Filesize
872B
MD57a08aafeb1f0a8ef624d69681b623330
SHA15a28f5e3c17798ba2ccbe60939040d2045aad888
SHA256926697a94980e28d2da050d5bedbc9c9690b62187bc9fa7c99a82a3c40bb4065
SHA5127a14025081a0bf1272b15097b09c758dfdcec6e10e482dbfb3fcaeccdfa27c7e73060afadd4d82181363737847ac55441fad2601bd95e41cb6e5d54665ea9f12
-
Filesize
1KB
MD549384937d07c73af8b1ac1453ad5312c
SHA1d9ab4c8ba003f540759bd72d5be51b3721f9f98a
SHA256bd325b7ee2cb2c87e6f3b32addc094decd84d3283e1e725f51b56bf177d95e5d
SHA512a4440d4aa7af1c32c1ffc359b7fb5b8b5ed450689d2c781db41824abc18f099651835a2d05e806e372c8452e5258e1f4f15040fc3d3fb78612cf856fcbfc0f6d
-
Filesize
204B
MD5a69451d74dae7b1cd1802ae983c4926b
SHA18e49a13021487b12825a63c7d0a95e1a1800c337
SHA256047cf931215ccdfeaf4f3239f5d4292a193e5bffb496db5eab9cddcf6a09d65e
SHA5122a6474e22b413c6a2de08d4e5f009d587de748b5c3a4bbbb5d1a714d15f00a2d19317032e63e427e2d0b3516ffe88e2f211739a7c884ba31fec87d113700922a
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59c976abc50a920e65d5aa3719a745ee3
SHA1907938b85bf0b511a4a455e9f4b0e1c335251e6a
SHA2564becd14ab6cf56ccb00428b3a10d02fed3afc09259be5163cebf9c8087e90d36
SHA512da106e946912ecc73b0d139bac124ef1f2bae025093e2b8eec2c4f2ebe008789abfbb6f5ad5ad1df6edb14b6726a31050f762962db6ca5ba0dcf0320305e6be7