Analysis
-
max time kernel
145s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 06:56
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.attemplate.com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD0
Resource
win10v2004-20240508-en
General
-
Target
https://www.attemplate.com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD0
Malware Config
Signatures
-
Detected microsoft outlook phishing page
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3558294865-3673844354-2255444939-1000\{EEB495A4-ABED-4064-8964-A014E7FF0AC1} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exepid process 2872 msedge.exe 2872 msedge.exe 4420 msedge.exe 4420 msedge.exe 520 identity_helper.exe 520 identity_helper.exe 4696 msedge.exe 4696 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe 2404 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
Processes:
msedge.exepid process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe 4420 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4420 wrote to memory of 1632 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 1632 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 4012 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 2872 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 2872 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe PID 4420 wrote to memory of 3736 4420 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.attemplate.com/eur/237582ad-3eab-4d44-8688-06ca9f2e613b/32bb1772-9b07-404c-a723-73dc12c55433/0f48c481-6d1f-4ffe-bbde-a0f55d9db165/login?id=YnMzWUNHb2g5VDF4SXFKbFlHRUE0aVVzVVFvRURHS3JDSlNvTWt1WFl3bDVDR2lDZFE4WTkxUURORXFqK2RGTFdhK0hFYXhwUU02Z1N5d2pxU0FMUXV2NUMzMXkzbTQwWDRrMjV3c2VuRnM1UGI3WWlVdGlVa2EyZS9IVW5uSEtlU0tCZVB3L3JTelcrWkNQRVBOdGJOYzZoWk5hNHNhTXhaTU5EYmtXTDQ4RCtHZ1l3ODExQy9idGVhMnFqTzNieG4wSjVJeERWZlA5OXFHTDJGNmRoR0RHTWVkeFdhQ29rVHliYUVmMEJFVzMzN0txbXpjR1hUSXJwaXhXUDY5Sk9PWEJmMHo3WXI4MDJEVGZKQzFWRE9xcGlJRzA1WTVIUnQ2alpTcWh3ckgzNFIybEJML2ZXaDJtNEFJZTFsN3RFN0NPeVpiajhneG42ZTM4S1B1a0JPTzJZcm94cFg5NXJPMWVBdWptNlYwK0dBaFRoektJeTdldmJOSGVwUmtlUGd4TWFJUFZIVzJXV3dYNGkyM1g5blR5cG1mMzNGR1lPQWVoQUNoWWhhOD01⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc752146f8,0x7ffc75214708,0x7ffc752147182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5504 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5472 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3432 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3456 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,13679717259242791796,10711687164491433262,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001cFilesize
211KB
MD5151fb811968eaf8efb840908b89dc9d4
SHA17ec811009fd9b0e6d92d12d78b002275f2f1bee1
SHA256043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed
SHA51283aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD580a353fe8d1f658af7b2ecad7664253a
SHA1f30466efa8ea7ddf50ef1e98142abc57e596f01c
SHA256c2c52ffd0aa51658e3528da89de7ce55b0dbf65a51e5502be4bdf965817098bd
SHA512606dc1065327ac1070d83d57f88fd907c66375831e12f6d45c193c79cf5d74db2ea25add64e0d67c0405b975f6b38022c68575837ad0565dbe14b4b4727a74c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD553b03ce5f27822a671aa9f3b9a9db839
SHA13bc186b9be0e136724cd92b04ee0e7e8873cd836
SHA2565a168e9fbe40414bd3db5b1489976033f2d2dfe0a21cad9e614b35484e77b294
SHA512d9df82b7b668f8489f1c2dbb59ee43cb1c19b329dac1024e85680edf477f5df6e9633c75376351c35fcb5998bb720b974b4dbfaa935b29668f15cad73fd1fef1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
2KB
MD55b06369e72418aceff96c9c829d93b03
SHA180eff64dfdd51998768ed40e917a6528633bd160
SHA256fd782d44adec3d05e1b332989d9de1953a85c43422a9cf3e70fad80b79de2039
SHA512f43736bab34c37b4ba1d7f06de23fd1a1d6a7f01fb77b6f0c040d3e63a3c8994170d7b8fb6c7c9f9f405723106448195ea1b369e158143a075bae7e7cad6c12f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5eb6597c8f034a3a15a968255ed774a44
SHA18dca390840c55a2c6097fcd3fecf7b27b4401a66
SHA256e5e041b5325ad5efd2aeeae8d39e3ccd53ea56f452636928f51f65a99c2b1be0
SHA512d8a0bd5f5ac326e8f772b0a80bda4c8019cc240a3aa4049379043353df7f99016d0b589cf260a1d41b2b423c39525353654e2675d8f04b623197aebd76405b26
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD533b86ab3f399601f3879a7aebfc4faa2
SHA1c8cc20028a7d42b18236a145ce9e05e4cc9537c0
SHA256610b3c285fd9838c43bd2d61cbce8f657834da349e22ecb910861f962db97877
SHA51274fa409f8dd6c36a6d0641f75923327c7365e1dc77fd7a39ff4cfb1451719015145f6c525c044ab4a787af4418aa2bf9cc66b3aa8a36c55c5df76726f0283c7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD59826a2e91b97733c058b311c7c46fc3d
SHA16d84c2ce64c4a06da2b1c4b799accac345df743f
SHA2565c3f9024e0edbf578edd958a5165ec060cadc0bfdc501608bfedfc4a565a5399
SHA5124c4014c103fc4f5fc0be7e710b3f18f78dce41a6d07d2401662dcf579c283d6331974db84d057b49be273cf60ea8e1e368ae06ca7130761e7829f891240027c2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-indexFilesize
72B
MD5a26c9ba92c0843a132da194a92bff174
SHA18e0c6e38b822a3f5e2523b5063fd199259a7b019
SHA2564a9cde3351be5ffe29a314d603449d8e5c8edfa649f9a7a2189f85f69b28cfd4
SHA512fcd4397af4a773145df828df7da17d4388d5dc30eb74043ef06e1291a41ec385983ab64c045625490446f1a9eae285075ee4bc42bae1ed39c14c5e543a30b5d8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dd8f.TMPFilesize
48B
MD555fcea9be9b474351224903f94057fdf
SHA105bb06111a48ce5688390c1172909a42cd7849b0
SHA2562166452b798c60646347b9630925fdc0e6f9135d7ab16428b9f0838a015dc7fc
SHA5121cc0ea2baf5b7f346429247de49293a85ff4beeb3b079e6885489657123d7b11072732f8239789ae093f7765c16fc81122943d1e7e15b15590bc25613ae03514
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD563c60ff161e1cb830f879e292fe8643e
SHA197698c20c135e6ac684a217c1aaf117fed4b5d38
SHA256db33f7d4ed191564b9e07138df90b4ab498e38a82a0d0e804dbe159ad36c5840
SHA512b614a1a3475918d9d8e422ddc9e16f0c3cd9a885ae42a565414ea45ef561358f7c88ec13d6f27706dd140815eede2d2d434e07d8edee9afb9c2bd6bf99028704
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a086.TMPFilesize
538B
MD558711b76aef56abbbaf43efb0319d280
SHA13d164a13d98f9178673cbb9e91854ef1921f1144
SHA2569b03a51086bcc5723caec2d9e8d8bf12f34b1cd607826adc7a3cbee413b801dc
SHA512fa963bdc35d1ee0b017ef4d795abd8b4bbefddaf21dcaeee2757a49c27fa089b6d0d0d632864da950f629b0e4a14f738e4175dbcb28430fd9c470d704257f36b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD56d3a7137a6040dbea4e064f96cac72dc
SHA1cdbe554a23626562de9026c8c33aab431efad644
SHA2567e75cf6e02290dd719c8b7d25ba9ed1d4a7a6de3f9c12b62843715dfb1a08961
SHA512e1ca793470ce3701974b33e1019f4b7f0d787b16f2ef238c1d0719ccce2cb1e9d78daab55317be197bc25d623a76ef353535d397074e9afe799cda82271ca854
-
\??\pipe\LOCAL\crashpad_4420_PXLCAWCBTSWEUMMMMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e