hxxps://www[.]attemplate[.]com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD0

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-07-2024 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.attemplate.com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD0

Score

10^/10

microsoft phishing product:outlook

Malware Config

Signatures

Detected microsoft outlook phishing page
phishing microsoft product:outlook

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{EEB495A4-ABED-4064-8964-A014E7FF0AC1}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid process

2872 msedge.exe
2872 msedge.exe
4420 msedge.exe
4420 msedge.exe
520 identity_helper.exe
520 identity_helper.exe
4696 msedge.exe
4696 msedge.exe
2404 msedge.exe
2404 msedge.exe
2404 msedge.exe
2404 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid process

4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe
4420 msedge.exe

pid	process
2872	msedge.exe
2872	msedge.exe
4420	msedge.exe
4420	msedge.exe
520	identity_helper.exe
520	identity_helper.exe
4696	msedge.exe
4696	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe
2404	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe
4420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4420 wrote to memory of 1632	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 1632	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 4012	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 2872	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 2872	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe
PID 4420 wrote to memory of 3736	4420	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.attemplate.com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD0
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc752146f8,0x7ffc75214708,0x7ffc75214718
2⤵
PID:1632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
2⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
2⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:3496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
2⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
2⤵
PID:3692

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
2⤵
PID:2824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
2⤵
PID:3508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:8
2⤵
PID:4568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5472 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
2⤵
PID:4632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
2⤵
PID:2640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
2⤵
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
2⤵
PID:2752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 /prefetch:8
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3456 /prefetch:8
2⤵
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
2⤵
PID:3500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:3740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
2⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
2⤵
PID:1380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
80a353fe8d1f658af7b2ecad7664253a

SHA1
f30466efa8ea7ddf50ef1e98142abc57e596f01c

SHA256
c2c52ffd0aa51658e3528da89de7ce55b0dbf65a51e5502be4bdf965817098bd

SHA512
606dc1065327ac1070d83d57f88fd907c66375831e12f6d45c193c79cf5d74db2ea25add64e0d67c0405b975f6b38022c68575837ad0565dbe14b4b4727a74c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
53b03ce5f27822a671aa9f3b9a9db839

SHA1
3bc186b9be0e136724cd92b04ee0e7e8873cd836

SHA256
5a168e9fbe40414bd3db5b1489976033f2d2dfe0a21cad9e614b35484e77b294

SHA512
d9df82b7b668f8489f1c2dbb59ee43cb1c19b329dac1024e85680edf477f5df6e9633c75376351c35fcb5998bb720b974b4dbfaa935b29668f15cad73fd1fef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
5b06369e72418aceff96c9c829d93b03

SHA1
80eff64dfdd51998768ed40e917a6528633bd160

SHA256
fd782d44adec3d05e1b332989d9de1953a85c43422a9cf3e70fad80b79de2039

SHA512
f43736bab34c37b4ba1d7f06de23fd1a1d6a7f01fb77b6f0c040d3e63a3c8994170d7b8fb6c7c9f9f405723106448195ea1b369e158143a075bae7e7cad6c12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
eb6597c8f034a3a15a968255ed774a44

SHA1
8dca390840c55a2c6097fcd3fecf7b27b4401a66

SHA256
e5e041b5325ad5efd2aeeae8d39e3ccd53ea56f452636928f51f65a99c2b1be0

SHA512
d8a0bd5f5ac326e8f772b0a80bda4c8019cc240a3aa4049379043353df7f99016d0b589cf260a1d41b2b423c39525353654e2675d8f04b623197aebd76405b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
33b86ab3f399601f3879a7aebfc4faa2

SHA1
c8cc20028a7d42b18236a145ce9e05e4cc9537c0

SHA256
610b3c285fd9838c43bd2d61cbce8f657834da349e22ecb910861f962db97877

SHA512
74fa409f8dd6c36a6d0641f75923327c7365e1dc77fd7a39ff4cfb1451719015145f6c525c044ab4a787af4418aa2bf9cc66b3aa8a36c55c5df76726f0283c7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
9826a2e91b97733c058b311c7c46fc3d

SHA1
6d84c2ce64c4a06da2b1c4b799accac345df743f

SHA256
5c3f9024e0edbf578edd958a5165ec060cadc0bfdc501608bfedfc4a565a5399

SHA512
4c4014c103fc4f5fc0be7e710b3f18f78dce41a6d07d2401662dcf579c283d6331974db84d057b49be273cf60ea8e1e368ae06ca7130761e7829f891240027c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
a26c9ba92c0843a132da194a92bff174

SHA1
8e0c6e38b822a3f5e2523b5063fd199259a7b019

SHA256
4a9cde3351be5ffe29a314d603449d8e5c8edfa649f9a7a2189f85f69b28cfd4

SHA512
fcd4397af4a773145df828df7da17d4388d5dc30eb74043ef06e1291a41ec385983ab64c045625490446f1a9eae285075ee4bc42bae1ed39c14c5e543a30b5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd8f.TMP
Filesize
48B

MD5
55fcea9be9b474351224903f94057fdf

SHA1
05bb06111a48ce5688390c1172909a42cd7849b0

SHA256
2166452b798c60646347b9630925fdc0e6f9135d7ab16428b9f0838a015dc7fc

SHA512
1cc0ea2baf5b7f346429247de49293a85ff4beeb3b079e6885489657123d7b11072732f8239789ae093f7765c16fc81122943d1e7e15b15590bc25613ae03514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
63c60ff161e1cb830f879e292fe8643e

SHA1
97698c20c135e6ac684a217c1aaf117fed4b5d38

SHA256
db33f7d4ed191564b9e07138df90b4ab498e38a82a0d0e804dbe159ad36c5840

SHA512
b614a1a3475918d9d8e422ddc9e16f0c3cd9a885ae42a565414ea45ef561358f7c88ec13d6f27706dd140815eede2d2d434e07d8edee9afb9c2bd6bf99028704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a086.TMP
Filesize
538B

MD5
58711b76aef56abbbaf43efb0319d280

SHA1
3d164a13d98f9178673cbb9e91854ef1921f1144

SHA256
9b03a51086bcc5723caec2d9e8d8bf12f34b1cd607826adc7a3cbee413b801dc

SHA512
fa963bdc35d1ee0b017ef4d795abd8b4bbefddaf21dcaeee2757a49c27fa089b6d0d0d632864da950f629b0e4a14f738e4175dbcb28430fd9c470d704257f36b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
6d3a7137a6040dbea4e064f96cac72dc

SHA1
cdbe554a23626562de9026c8c33aab431efad644

SHA256
7e75cf6e02290dd719c8b7d25ba9ed1d4a7a6de3f9c12b62843715dfb1a08961

SHA512
e1ca793470ce3701974b33e1019f4b7f0d787b16f2ef238c1d0719ccce2cb1e9d78daab55317be197bc25d623a76ef353535d397074e9afe799cda82271ca854

Download Submit
\??\pipe\LOCAL\crashpad_4420_PXLCAWCBTSWEUMMM
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit