hxxp://issuu[.]com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 18:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate website abused for phishing 1 TTPs 3 IoCs

phishing

Phishing

T1566

flow	ioc
162	qrco.de
163	qrco.de
161	qrco.de

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4240	msedge.exe
4240	msedge.exe
4952	msedge.exe
4952	msedge.exe
3080	identity_helper.exe
3080	identity_helper.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe
1520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4952 wrote to memory of 1680	4952	msedge.exe	82
PID 4952 wrote to memory of 1680	4952	msedge.exe	82
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 3876	4952	msedge.exe	83
PID 4952 wrote to memory of 4240	4952	msedge.exe	84
PID 4952 wrote to memory of 4240	4952	msedge.exe	84
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85
PID 4952 wrote to memory of 3232	4952	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://issuu.com/onlineviva365/docs/20250106800351201?fr=xKAE9_zU1NQ
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbb3346f8,0x7ffbbb334708,0x7ffbbb334718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6072 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:5200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7128 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,15379380066939247963,888197434757914471,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Phishing

T1566

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
888B

MD5
f275b6eb372959349cf1223f6b7677f2

SHA1
32dd7158786e030837048189f3be946018b65dfb

SHA256
17fafd2d6ecfec0c87a5a1a63b560dfd1435c3c35154471d8d4c78c3361e72a5

SHA512
7895d3d33e3cce174ed0b7f71f8b87d0bd4c8d87f811d9252a869ea20e157be433a461ce254fc612784f57cd3082d55b63f4eb5114a08ae886eae6a4f259003d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
a06c4d2b669dcb010b990e2d15139c6b

SHA1
7f4bb2e3faf0790b5c8b96bd53aaa85c53a21eac

SHA256
836bb7e79750aa7c153f8968c87a34df3bbcde38b8d36ff4ab3f6fc714cae32e

SHA512
e4b432a3ac728d472c4c8e5c34ab7b23336d6402d3442317fba607aa6333d44f1e9ac8858ef2020183e9f9844c2626198d208acfc754dfa893d03b08d85d5beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
792B

MD5
f4597fae8937383163f13ef369a60807

SHA1
dc175d1e703d6097c12363da3c8c418d2eb1d238

SHA256
47ec476f1129f02233a8848e93c0c6e0e8d4c44ce1748d0efe208c5e7db10210

SHA512
12d479a77b9fc1c2dee4f52d3b33083577bfbcb45ae2cdcd4406888fa1f3c9d321cc5fb925c8362930ca75ac751e9cd9799b0e4d5d2fa496a8ff2e361eea1a7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
9574b998d061add20eba078cb86a0671

SHA1
6ebff90fb2d9f775d8d7df614e472d173057b06b

SHA256
3923741a123a034b3863e3bf5f2b40246fd6ee5dbfc7d813ff64a7b8cca44f91

SHA512
fa2c8641bb93dafa7b45cf88f8fd3258f4b6fb15209396eecd8c3457f7f38015e418b9f4b9096a58bfedf0f40944e7a7b9eec9daa2ba75d5985c1f9892c4ad54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
bf28420f1af51508274a2b70b993b840

SHA1
04477b4b289f3b2beffd840b973fcba5e4395812

SHA256
554fcf41fb23c946264fcf509b278353f72e1da3b6485972e5a7bf07190f7f1d

SHA512
769e0457ad1b977b58ecffcd2aa3a233a5283f95a950e0cddad66e0dee438b2e021999eeb6e1de5a4de570816511d8236c78f8744a76dea6ef45f4d194be649c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f3e0a4652b4799ef602b211f0fe8fe1c

SHA1
104595d5f620dc99fa88dfe62970acb63b0c6559

SHA256
74bc465c263d2627b853133a3915516067c86d98b3da1ac6eddd80a54909312a

SHA512
849db33f0f7fc6c8c2e9bced1c2cdc60c46267dbe0fd123cf6f1f735dbe69bcda3be02275086554b5464d9b0b5e715deeaf4cbb1d923201bfe7b2c006e8902c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
566e7cb87c8b7c317260a611d4d611b6

SHA1
082db6377b996b9844fb4083af6c1ffed19c9406

SHA256
199814b198d8bb325ef300e77419518f9213e2dd1555d5f294df4e492bee1b74

SHA512
2bfa1aac86b9132d7621245f2d9cfbf757e6a840d28af3f9e078cf1485287373b9b817c467858a26c862efd0e6ee004224277fd3007ac8ba0667b8d5cb47f224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e5d501fa95c6e6ef9dbe8c7cb5ded2ee

SHA1
2e416437e8680f7f659bacf99ebb2b01d8d5b235

SHA256
d6e50b5409543fa398389ef3c0381573335375e73f6fbb4fc89b88bfb70235e0

SHA512
3366b7b590cc6f5a3603cdf60750a2f92be9bb99659c9c3010d22a21ed7ce7a37663855242b84078ee3c517c6a958038adc9ee6d92c001d9ee3354e91417126c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0ecba9fa497bdbc30291b8677d68c3d6

SHA1
21aebdd14b362f8c30f01e12b3de7dea6d4b30c8

SHA256
3e23e84fc357f58e6a55e585f912d65ffaf08c62d2459dad53746b7aecc12876

SHA512
5deccd9886b08d8f2b62aadc66f8a4bac7acb8d8d262b058c5d2356b4220228a6d5a4c4c84b4b6bd4d18e2a5dc9ea9c2ad3a7329832d7017595706b9d0f69b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
92efad7a9ea4596cd6f13174f1c59b5d

SHA1
5feed07be1ee6188fca53e04a2d6afeead5c9695

SHA256
f8f361c61812f23f54681dccd165e03f064526d7c8f5e082d47c0b7b4f13b2ca

SHA512
f28d9d50347c890caf4ca54fc5b81ecefa56a71fdb5f679ae774fcc32f180897e3c70bf160b637278d97edc2e43ef7e84c7048a23046972abd8ffd4ccea3e30d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
19e427368c24b07fc2cc6a31367de15d

SHA1
1b8e58dfe4eea124e5c8d090bb08b152dd3bdcec

SHA256
e04b86ba5df245b4b8da1876c22b6060ff6b319e3bb8dfaebc1e4e92122270a7

SHA512
8f6cb8b69ad1c79b8c37ce1e7a1c2514f9c9c981408b7285f84721587b52d50ff8df93b2ec978fff1f5dd1c3fcc4696c15dfe61af78dc032b5ad0e43273ca071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3a84d1bb12dcf3f4254e147ee29878fe

SHA1
9c07f7eba9185a8b2f9cd49bbd8837f4b9b33b19

SHA256
0b919dd15c0d6583333f9fe3ca093b15312f391c1acbe1a652d36dc05b8b4e17

SHA512
51578107b669e3704eeda4b84a6f9612ec5b5753bd4253fb4fbc21860970707d726d2b63481e5f985b04fc226bdc7f42bd1721181cb92ec3cd0002d972b3b8db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582a66.TMP

Filesize
48B

MD5
bd1fc8a3d3f0641ab6f5ea5ab30bbc01

SHA1
45ee619d1e7fdddfc466aefeae23c187ecc69a2a

SHA256
55441aa29808e858a3fcbf86e3a3bb5ab65c60707471782b3be83682b9025ac9

SHA512
14d5a33ab5bfef12a9b02bac4943962d67b9efd777fd1846307e4a9fbefb9015629d4659d0f48979067dc2c86dd2eabe0cd065d46bf3ec7bab09a5c1288ebb79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d7d5ae49785fa5ea54f644a2be5e3bba

SHA1
05fe654697cfd110d07c2a7b8b0f22aea95cebcc

SHA256
b18baa4df8c4e96748f8ba080e6d5f25fda667b10f64acde0034d11e69fcfd2a

SHA512
67c766f739b58c8e9f31b1316f7fe05368b1937805304cd94875f8eeffe3e6ccca95cd9085a50d6b1272bdcceff37f278ca111ceff7d1e3ef854266e984fcc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
52bf59033aa9fb134ba5c1566af35b5e

SHA1
ed8a0df5ea45943c9536816d7f0dc020210f5a3a

SHA256
bbfd2992c521e2099423e5dd81d4a7f9f439e55de0c22e5fc163425ca98e4fa3

SHA512
01c8876cc61a72f62644acb21ddea53b96ad81441c87d49c9dcf76472aa1a39c64beb772bb2eee8388c6d1f9aa73186a4e72b99d48c6c48ed154f31297d03a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d472b618c8409c284e4e7c1536374c8

SHA1
8043471a1bc81c053e1c951a2e2221dc5d1dc8ce

SHA256
dfa1994b2f7329bd5087778e395e4a6b2e06b0e80e23ceccf3a4abff711fa46d

SHA512
aa88fdebf9cf20c79ef2e66f8bd45dacdbf54f20c82126543d69dc991895ee438ba90320b06ad26341846c91b0c5b7ebafde4e269983c2e758784b326320563f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58460d.TMP

Filesize
1KB

MD5
ae702189552a2d8800c69ad83312b3c8

SHA1
5d35579bcba5a07a8295695ff40bb093c940d4e0

SHA256
2b7e823fba8ce045f28c791df568209d793c3c5a62425637b6072533ffeea307

SHA512
afee554ec6d0b38e0b2324b85d8640613d3399f2b1b0c0944540863b4882ae31b66abaef92805fc776ba6c8a8feaaddfa550870cbbacbaff72e6a1be04336978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
502d5a2a8ffa2540fedcaf0dc7aa0724

SHA1
a92d39e8d1e4164dc40554b24ee67d9f35d9100b

SHA256
6489b1a961d283688a8a5dcb376aeec70f4b0ff3ee2ed4af2e135631a47f01d5

SHA512
cd393c7692498f6924eca40d02f6ead330849619b2983cd94f43ce3f70ecdfff6017d7c041723c79c1de01bf7ba0210fa2ae11a8dc98759c0b753dcc1bcb55e1

Download Submit