hxxps://cas5-0-urlprotect[.]trendmicro[.]com/wis/clicktime/v1/query?url=https%3a%2f%2fwww[.]docstoreinternal[.]com%2fnam%2f7094d542-3815-4c82-b1d5-6917d0443cf4%2f38d37282-926e-4e08-be90-1c2d0b1186a3%2f9ce46d44-88a3-4a6b-bb37-02f6738f25e0%2flogin%3fid%3dSjRpTGcwZUNxN1FtWFA5REk2NnVNc3Jsc3JLRHJiclBsM3FuMzh5OUlmd2ZBTkpua1I5UEVLcm0vbEk3T0F1Y3QrcGpraVFLOEFuYkt3YWQyeXVTazNtMzVmMlRhZ2NJT3lneUJqcURGU2dKT0RUL0FZekJOb2pzdVYvZHJ5Q1NZa0JGVURWeU95ME03Z1RnNnVZcW43V003MlR1ZDNnbmducTVIbnJ2TzBEZE5kTmRHWDZsT0gwbWd1TlVoYkNiRTV6eHdNd0RMM0xhWGUyLytCZDAzeWdzTGtVMHJUQUFpT1pJU3YrajV5cTlnQ0pRVnM0TnNBV3dRaFhJc0xMVDRHZjQvS0YvVXdZV1dweFFEVlJ6dzc3M25rL296bzUyeHZhMnR4VHZWUGZqdkZGSUZZcUV2V0xQMGRKR2oyUmN0Z0EyekVpYng1dnY2a05oSVM5RjEwOEo5Tk1lZjIzcDlpcHR1bWhqRjVzK3JKVFJDVDdnWXEwdzd3VXUvYVJNTGl5dlNCZFdZR2pwUDhnZFFqRGd4ZTBXZG0yQ0pEdWJMZ1NEcEhycGFZRT0&umid=30f73825-fb21-4a80-9235-5a94a8e702fa&auth=fbd9a64a18500230246a4ccb62856c7dc383f35f-e6ebbeb4d74476bb6c004d1ead964618a097fc8f

Analysis

max time kernel
545s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 16:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cas5-0-urlprotect.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.docstoreinternal.com%2fnam%2f7094d542-3815-4c82-b1d5-6917d0443cf4%2f38d37282-926e-4e08-be90-1c2d0b1186a3%2f9ce46d44-88a3-4a6b-bb37-02f6738f25e0%2flogin%3fid%3dSjRpTGcwZUNxN1FtWFA5REk2NnVNc3Jsc3JLRHJiclBsM3FuMzh5OUlmd2ZBTkpua1I5UEVLcm0vbEk3T0F1Y3QrcGpraVFLOEFuYkt3YWQyeXVTazNtMzVmMlRhZ2NJT3lneUJqcURGU2dKT0RUL0FZekJOb2pzdVYvZHJ5Q1NZa0JGVURWeU95ME03Z1RnNnVZcW43V003MlR1ZDNnbmducTVIbnJ2TzBEZE5kTmRHWDZsT0gwbWd1TlVoYkNiRTV6eHdNd0RMM0xhWGUyLytCZDAzeWdzTGtVMHJUQUFpT1pJU3YrajV5cTlnQ0pRVnM0TnNBV3dRaFhJc0xMVDRHZjQvS0YvVXdZV1dweFFEVlJ6dzc3M25rL296bzUyeHZhMnR4VHZWUGZqdkZGSUZZcUV2V0xQMGRKR2oyUmN0Z0EyekVpYng1dnY2a05oSVM5RjEwOEo5Tk1lZjIzcDlpcHR1bWhqRjVzK3JKVFJDVDdnWXEwdzd3VXUvYVJNTGl5dlNCZFdZR2pwUDhnZFFqRGd4ZTBXZG0yQ0pEdWJMZ1NEcEhycGFZRT0&umid=30f73825-fb21-4a80-9235-5a94a8e702fa&auth=fbd9a64a18500230246a4ccb62856c7dc383f35f-e6ebbeb4d74476bb6c004d1ead964618a097fc8f

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid process

3152 msedge.exe
3152 msedge.exe
3336 msedge.exe
3336 msedge.exe
4560 identity_helper.exe
4560 identity_helper.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
3708 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

msedge.exe

pid process

3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe

pid	process
3152	msedge.exe
3152	msedge.exe
3336	msedge.exe
3336	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe
3708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3336 wrote to memory of 4044	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4044	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3508	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3152	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 3152	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe
PID 3336 wrote to memory of 4340	3336	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cas5-0-urlprotect.trendmicro.com/wis/clicktime/v1/query?url=https%3a%2f%2fwww.docstoreinternal.com%2fnam%2f7094d542-3815-4c82-b1d5-6917d0443cf4%2f38d37282-926e-4e08-be90-1c2d0b1186a3%2f9ce46d44-88a3-4a6b-bb37-02f6738f25e0%2flogin%3fid%3dSjRpTGcwZUNxN1FtWFA5REk2NnVNc3Jsc3JLRHJiclBsM3FuMzh5OUlmd2ZBTkpua1I5UEVLcm0vbEk3T0F1Y3QrcGpraVFLOEFuYkt3YWQyeXVTazNtMzVmMlRhZ2NJT3lneUJqcURGU2dKT0RUL0FZekJOb2pzdVYvZHJ5Q1NZa0JGVURWeU95ME03Z1RnNnVZcW43V003MlR1ZDNnbmducTVIbnJ2TzBEZE5kTmRHWDZsT0gwbWd1TlVoYkNiRTV6eHdNd0RMM0xhWGUyLytCZDAzeWdzTGtVMHJUQUFpT1pJU3YrajV5cTlnQ0pRVnM0TnNBV3dRaFhJc0xMVDRHZjQvS0YvVXdZV1dweFFEVlJ6dzc3M25rL296bzUyeHZhMnR4VHZWUGZqdkZGSUZZcUV2V0xQMGRKR2oyUmN0Z0EyekVpYng1dnY2a05oSVM5RjEwOEo5Tk1lZjIzcDlpcHR1bWhqRjVzK3JKVFJDVDdnWXEwdzd3VXUvYVJNTGl5dlNCZFdZR2pwUDhnZFFqRGd4ZTBXZG0yQ0pEdWJMZ1NEcEhycGFZRT0&umid=30f73825-fb21-4a80-9235-5a94a8e702fa&auth=fbd9a64a18500230246a4ccb62856c7dc383f35f-e6ebbeb4d74476bb6c004d1ead964618a097fc8f
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd08de46f8,0x7ffd08de4708,0x7ffd08de4718
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
2⤵
PID:4340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
2⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
2⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
2⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
2⤵
PID:2064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
2⤵
PID:5012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:1620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2696 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5980 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,16354645064921450867,7369589873738072685,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
2⤵
PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53740aaa-0237-4a27-b411-7d2ac7e2851b.tmp
Filesize
7KB

MD5
978bc5249e767015928dff71b4e363c6

SHA1
3aba32d9022e6a46ba9984ab37a339d3cdabbdec

SHA256
7382ca7f2c8476e83269d7a386af172d9a2e9adc4cc7d53780d99556f4c0f4ae

SHA512
bd27bd31761a4937a81b207ef2ad139bc84881402ffc4622fcb46f034adc87022f76f3325f873fd5138d9b1e679fc29cda87889d0a674c797ce23a6e71f491b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
36b63f2e13e0376cc7364e5f82cf3e7b

SHA1
d7cd804c817917f3894ea55a62894faa74c77ea0

SHA256
89acc0da7d15a2b66e69b32030f66f393fdc9372c639c42c56eb7123a843553d

SHA512
d7e4e7596bec6ea8a34559d1ace49c8bf4c8c79a63c115b015b220e8effcac657363cb62d206461fb1503a213a65be6c214bf4a7e57b6ef992a8142c4d5b8cbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
288B

MD5
ae41f96bc4efcd09c561f3ec6667c75a

SHA1
d97130d6b386c1e16d693a1404affab142c7354f

SHA256
44e9cd7c38db561f9ba1de256e566ff982d53e6954a73b8bec98dbdcce031882

SHA512
d2b8097488844b100268865bd23432e7e401bc62e57f70ba26ca6074b702308e1b3795528811f84feebd0e0b72d9c80fc2a8bd83493db51db32342c87124dd78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
8e3de8df194ac9df8353da6252013c86

SHA1
6e5d1a033c852170d28c6abfd96c8001a5d9226f

SHA256
9069ae3ad95dffe76a164fd6cba84b711c8a8b5907409ac9d11c8e62bc359adf

SHA512
b9f5888b43631aa5380c5b9408ea74876174f56a05d35f8bff87d94b6d9eae5007cb543d704c624e3b3969e3edc5f5f4674e3ec85cd9eb1f281cfc3ebfafdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
73e8281e128d69c8fd9a7fddc47a0416

SHA1
d07a700ad96262332c658df2ec00012d50ebe638

SHA256
8e1d979ccd6992b74789f2f81dfc353be7bdabbe356575939b9534f40b61e850

SHA512
3ea39d00aa2a6527b3b480bce6c1d2d7a8de758cd2f4008a549d7c9c7d9f19206be82f94e99750f7f161ed3fb49a72e524ab45fc225281f9ba00b716a2552c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
434B

MD5
4a94a0343e8209f8fe930c9df8ecaf2e

SHA1
058fd63cc02cdc10c2fa8ef941286a8fc33cdaa9

SHA256
ee850832c84247a35ca918ca7eac5eeb4b5dca3d48c2df836eeaa4717ddf4065

SHA512
2bb7713c8b749751e743f5378b9bb8dc9ce6b31b39b7bab5b2f3bd273c47159d21db54d1c50e2b376d9760a08f4f4a98af1989abc1de2816fd39dcb1497b76bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
63e6faf0980211536ef89ac214e52e17

SHA1
6d8f380e624db392b60969104816b838a7f76604

SHA256
0cdea10bee873cbb237e43998ad9562506c8b2af70d282e397d9056ca3919f51

SHA512
345063133dbd319e7d6b411110aadf26a68cab087aad5ab93b77031933501a1b546b32835390f16649545e82adc47efeeabc28b81a6a9907f7a31dacf5138fad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
6a731b358c39907cf37c072d73f549f9

SHA1
a40853ac53edcb7c43ab49b0edff1f7ac77da587

SHA256
ba01d9c70b8793de70dbd57eb8d5f79fe55386316425738cd42e8b81fccad512

SHA512
966a43576febd9f81616c0b605eb0109f6447c01332a116ba1e9f7d3146b8e336f9700f8ae3156b2597e1894b951c969191775801747523012032cc05f730a69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5ce115d3480dae2654dc94b28ffc0eca

SHA1
ef47576a21cb0c2340982cd317486296fc50c63e

SHA256
4c20b2841a5fecaecfedf97c57a521cc2081b5768d4fa4d2425813c7d3310390

SHA512
23e79bfac94e958480358e3013fb8c671f04e2eaecabaa7f6dc1b5db9d6bb69e67ff132752a7ec7402bae3b0a2d9257ea5e59b5fb1af4b328ec61528e29c387b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a623a452562807ebce82592500088afd

SHA1
e7defcc726e0997b26522d0dcc34751381a86a6e

SHA256
bf49546147dd7186cca878b56712169ecfbddf72d2ad20420da60e06991dfcfd

SHA512
d31b09396a5a2738c038bb103268d2d676b3cb1596d5df8f549c2071bba6366ae1c8f33d9611f91699073b99c596320323a35232c8e51b438f378d989e7df4ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
73b046695f25821992be5b63abadebb5

SHA1
9d195f9d58e22ce00e15374e29873f230f2fa896

SHA256
e8bbcda0f8efe5dc81b7db36d2d2f6d400ca63a41492e341c97f10839caed01a

SHA512
eb2d33f2467c8fde5e26118f615a78017c6d1e13f948b5ae1831815ff3e556bdd81c7da68c3a890fe22d404ec5bcfd9bece5189bb52f6b3b2ee51286b71d04e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
75fb42f5d97c1a84ddfea56b8f8db9d1

SHA1
0a9d3512ffa72fead5424dfe679f1722ac504b22

SHA256
5703872c4ee56b4495fbacd28767b65508360e1bcee826598522da391c2be9ac

SHA512
36bf90fd2ae4253147f8b05a2b914235604c5963dad4f6c166976f762360689cb158b5e53176a741abdbe5a6c476557020867adea099c4c4e0343e558d79e9a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2322574fce12ec26ab84568bd4c3102f

SHA1
d95858979e2702091c5213a337130d4a53e8ff47

SHA256
738d5011349ac85596ebfb69a2ca44d19eae6425a3a20322473a7a9c9f55439b

SHA512
2878eca15a1e932e2665c049e312389c742d9ffc90bf55ea824a7651ff19b11c425d1a14852654a828892e8b01849c57d6aa9174e8c2599a27678eccc93e5e80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
706B

MD5
ac0adb4b54b87183e8e15b31ed332388

SHA1
da28d35bf3db48407c119fdbb7fd4226eead8077

SHA256
ee3a854067710e01239ba5e468949a5118e90dc1405ea7a5fe81359b98544031

SHA512
02453ca711a3fec66d1783875654853f824e5503aab2784ef9e1c9f53ad85cbb768b1b0f01de2e7b8f3d52e5706669d09849ce5806d4f69a8e5009ef1bd27b1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
bf5ba5ca3f897fad49581dafdd4f252c

SHA1
db374ef041609c1c361d3d66879b75d5aebffa32

SHA256
682528224ea031342a2754f218ef3615c5bf710b45e26faa9e333954d242a23d

SHA512
c12a0f7216297546b5da6c32f6f92edba90f37c817409198d13d0bf0d6c3744265e40e432b4b39e3c65ab9dc0ef26c4054d1cbc7606ee2c4ed5ffb90b64e7a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
62467b9c1acc17d3ffc44b0bbc916ab9

SHA1
a73c27c9e8561109e7f145505341686cc6ef2411

SHA256
dec743926373fa6dba1087d8b28cf139c88362159b55d49e58088cf3ecae7bb0

SHA512
d4890aece17b60e501088a99fc9594a4ec14f78a6eba3f6a3339f7062be2c84c8d6541c9138a327b4e75285cd809e78db62750a1a9fc0917e3ff9c3eeca289c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
2be84d08626ef890485f337ea34e2b43

SHA1
c2f9c832e82f7647920250cc21b90a6d8d0be070

SHA256
ee9c24302c9fc32e2efbc9e0f073a2a3537684f1b8cb0fe8fd419cdb416252e3

SHA512
d19fea3917ae7ff8928c574f012e05b77a6f814a8f9f44d33820907a9ba134232316c5fbb54614bd4a736af55a21fbdad898ad417ec13f47dfea629e1e974111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efaf.TMP
Filesize
204B

MD5
4280566dfcd049814589d309790c4fee

SHA1
6f2c24c491078993e43eacfe18e1f2dd842cef4b

SHA256
c083df209186fb68500451d7ae59cd1a0b7e4de8636f2a40ba154d541b64fd35

SHA512
874cf6bb8661eb62594bcd12d59fc83c34533949d8ae0919628c848bc3dd5ceb180794084322a7ca2810c2d3d3f0922ce2fa1dec63b4986a65d0a18e7376b2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
74e4b9c575165dbfd79d9501686cc3f0

SHA1
08c67bf9958e9f59086dc658bcadca82d9a9c855

SHA256
65d1f7ccf9c39820bdd5fcb75579344f5a92b1c83b92481a13d3acf8ccf04053

SHA512
23c11ce7f15d589b617ffd16f1a17c200ab670dad6797646ac116405a392aa86f05ddde8b018338d8a345713901c208e77a57cf611dc049f6cbedba462c02676

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
11KB

MD5
9b754074e9b673221e97618a13bec78e

SHA1
f95573795861f1fc5ebeea94b9cf452a30a67bd2

SHA256
261d20e91a78585ba8dfac15a63ee1e32bf547c2e9daad083f0488384fc1cd02

SHA512
a8e1c8f90d4ca9655dcce8cae1c9440bd42a6224e1685e6f2e5fb72368f2fc070d6fee5d1964dc3ea2c317e3bfbf9ca1eb03cb8bf58ce0f52f3be723bbfc1e1d

Download Submit
\??\pipe\LOCAL\crashpad_3336_EPBQHFZSLWCSTBKV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit