c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f

Analysis

max time kernel
146s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
Size

896KB
MD5

805a176bce5447129bd4bc07ef539cdd
SHA1

fc54ed71c6c30f0b39aeb42f08825636ae4b3e48
SHA256

c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f
SHA512

3ba7589350e07061f853f45cd91ce5383ba2a4c4bba787f04a44b7f56d88e3cde6641f80aa4cc0deaca6b2fbf4ff1995fa38c7d6d4d3fe941d163c530d20d053
SSDEEP

12288:SqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgarTM:SqDEvCTbMWu7rQYlBQcBiT6rprG8avM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2272	msedge.exe
2272	msedge.exe
2480	msedge.exe
2480	msedge.exe
4308	msedge.exe
4308	msedge.exe
5032	identity_helper.exe
5032	identity_helper.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2480	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	85
PID 2356 wrote to memory of 2480	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	85
PID 2480 wrote to memory of 808	2480	msedge.exe	87
PID 2480 wrote to memory of 808	2480	msedge.exe	87
PID 2356 wrote to memory of 820	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	88
PID 2356 wrote to memory of 820	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	88
PID 820 wrote to memory of 3504	820	msedge.exe	89
PID 820 wrote to memory of 3504	820	msedge.exe	89
PID 2356 wrote to memory of 4492	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	90
PID 2356 wrote to memory of 4492	2356	c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe	90
PID 4492 wrote to memory of 2920	4492	msedge.exe	91
PID 4492 wrote to memory of 2920	4492	msedge.exe	91
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 4780	2480	msedge.exe	92
PID 2480 wrote to memory of 2272	2480	msedge.exe	93
PID 2480 wrote to memory of 2272	2480	msedge.exe	93
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94
PID 2480 wrote to memory of 4892	2480	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe
"C:\Users\Admin\AppData\Local\Temp\c1cd53cb4c87e7ce7eafaaa9265198a07e90f8b4f05d1ab24ea49366abfad23f.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca79446f8,0x7ffca7944708,0x7ffca7944718
    3⤵
    PID:808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:8
    3⤵
    PID:4892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
    3⤵
    PID:2116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
    3⤵
    PID:3424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4276 /prefetch:1
    3⤵
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
    3⤵
    PID:3512
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5912 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
    3⤵
    PID:1660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
    3⤵
    PID:1664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
    3⤵
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,521899098754069146,13120232100313304148,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3428 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffca79446f8,0x7ffca7944708,0x7ffca7944718
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,228577540168683606,18144502769906926780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,228577540168683606,18144502769906926780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca79446f8,0x7ffca7944708,0x7ffca7944718
    3⤵
    PID:2920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,9345006064202177760,11005651706029928497,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
    3⤵
    PID:4484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,9345006064202177760,11005651706029928497,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4308

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:4308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
e423039e72b3381b5993d3abbcb4ce11

SHA1
0497403d26e366d0677fd016f78015b1f7d22910

SHA256
dac0d82e993ed98e89bc83cfe21997dde5b3cf32235e2845590f5c87ae2b57a9

SHA512
f18e342862393154b47066afc17acf649a148203bab2b3a6fb3eaa970e48a48ba98ef55c393bbfcf4db669166eb27973329c7b3e7fd6ed35dcf341a61a05401f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
93cc6df70bf8cccfaa5cf72d0721126b

SHA1
96774ee518236fb288d1b9998cad9611059832b7

SHA256
d50e5409cff1564bf746ff0163d3451f99ab2a128122cd6bd9948a62423fde58

SHA512
fafa00f511af3fb43b8ee5db537e817ed7ab990c733d8735e3b69709db918e0abf3f4d3f4ac5cec6a5409873f020a05a1f54de3fba72e8cdc1f6ebd1cb7ba20b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
daba88a21e4b5dbf7abf3bf1026052e7

SHA1
67c8ba9f7b0e70974015eef6c375827d5f92ea4d

SHA256
ff471b4423c8bc0deeebd560e0ba96dca09b1bfdd0e57fd3fba3689b7a64f3ff

SHA512
0d60873810766480e36101f823f86b502d45015cf838a2fce863df0ea71661740df18f3dd3f0968afb5e667ab074d2a5bbf0836c182b5674d40082d77805dd3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
01cd77fc5e7d5564ddeed2044b191883

SHA1
bee613a9e9ad10bcc087258b0e9fc2619ca4d7b4

SHA256
741a8829505fb8d9dbb7177479b34fd8ba58dc50c7f64dcb5304e38b9433e601

SHA512
b002e20cfd455ebfe55e926d07591b2c2e4b899e0bead4855f6ce87d7db04076c826de764fc53dc5b01bdb6c0f8f487cde4b73962541c0a3a88fedb1b0ef9941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c45a8bd879de2f6fba2b38251e298ef3

SHA1
5c6e0c59c302c03f60dfb0f17462a5e7a01eed4e

SHA256
faa5bbe68043df66cad2960abe6cc9fd7cb08cd8be723552d3c33e54a74bd83f

SHA512
f4641ea59cb6d4e5939f642025ac6d00299a2d55d435312955427f744a5f7aaa0e1308392b570ac117a06add413bcb57eba581b894d9c2cb6b76df4906420b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
aa57d5f4734b2278156a51622eda7dd9

SHA1
7217233b6a394752e8aff00bc9d19ac1641d6a40

SHA256
49a9efa2bef323c57cc91c6f96da22fc86ce4b9ffd61d389632d97ad1c526d2d

SHA512
41ca93316560032466668fb1b5d550737aa937c206075c1652181e6a32cdb063eca43a437e3c67cc9877ff0578c8cebbfc9aeefc9cdefd0d4772678720ae5adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
e3902c5e72e4f3cdbd1657fa7c33a6d7

SHA1
bd8269b7d57048c083a36333f84981e8ac57f60d

SHA256
38bf1e0d707ef88215d1e21ca47920d29cf2d078116942e75e436f3025bdf772

SHA512
ce4cc4ed227350a99485617e57b93fae7a98838f60ca5e525119a4b5345d61f2afa4d99c74d0bd738e15ba9840ab1c375bd266e3851a82d5d9055a9975394ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
968aaada368310489ad9d39cb3cb623d

SHA1
a083aced25e014897ab7b704341f93f0b7f47085

SHA256
41f77cc0fd24ae638affc1a253c259d0e1e9823e50e11bc6f2a91c505f519911

SHA512
04df12b7d14706b1b407b04dd694e55f4b9c241ddefe1cf791ab5f08bae596b105d106a8abdc50c1a00c0f76af20076b263778f150783cbe88bc6db7d0d47f3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
6729250118887e66bb097a0cc7c55240

SHA1
a634ae64d0d98975791a097c1eeafbc5d5c5f6a3

SHA256
134d29b9d82dc636125a4f179e53d62ecc7619816732a99d1d396c24f898a00f

SHA512
46dc5a377e20475e83eb32682cdf37633d9ea1fc2fba0e262361f972d931d1b2b2742e999833b9afb614e6ddcc97e6bf3ead0bbdc01b9cb8cd0177d0292e7e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b93e.TMP

Filesize
707B

MD5
dadd787034a21f62ddfc86b622a21392

SHA1
a9b25ad146c62655e987bc39e3a75b3d72ec5b72

SHA256
f0bebfcd76a3ebd18171666a7372fde6e81d5fa2b8754d4215bdf65f943584cc

SHA512
b6fdb9729c2e4838fb8075e939400aceb06f8dfdfe4238de6d1ca25e151b528119641ba0fced55afe12fb3c52989db7d7a095481435383384cfe57a4889e61d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4c1e7736e5f42e68fb84d9dd0568fe8f

SHA1
2ea66f34efc9a3a357f5d2ac7c5e8de2a68ba4ee

SHA256
09dd8be74358842297dfdc28489b0747743d799a4341e75dac7da507fd785fdc

SHA512
aa3b7968b33e53d48511fa2d414f34d2321ae69d9e596aee125a0fdeeee0779d607c49c8ba25431b1415631c2ab17b64784bdbb871e9dda96bf0c9380ac78322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d0bdfb46ea89adbd3b31ee5aa155eebd

SHA1
74f5bb9c96a582738e62cf3952a5a26116373eba

SHA256
6493ac80a49ab39d9e075d9a2352fa12023520bb91783a6c970dc80d619c00cc

SHA512
24a874462fbd45466b68245697b52dd80d7c8315e41bbb71cedfe5b3fa66f5d2e46197e503c69d917b5934a51613a619fd72beb43201536b01bc42261f61e6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df40a57aec701e4d1d7621b5c372e740

SHA1
8ba8f9d2c3242d13f0a409bfd88648557c3e54c0

SHA256
0e64d897ccac9cf0e57714e0f2eb45808984db5cdba43895afc3e66e8b65590d

SHA512
91b78fdf12319c54b853f3d6ab4e60be46341f0d076b0c6605da49158a970fe3b9a682b547be108fbc3525204f7801f619c2db74316824dba3711891f82c49bc

Download Submit