1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 14:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
Size

896KB
MD5

64d71af9becf801cc05ddaf273538029
SHA1

0816d61b7507f62d2c5ed17197f857745d5d671b
SHA256

1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa
SHA512

25e2ed48cf8dc0c2703d921b4219dab078ca713a2b052df01141d09fa87502e03de86360ee7464b0067a427ae7d19ff9ce761a83ec472fa029d8f50349587c3c
SSDEEP

12288:2qDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgapTS:2qDEvCTbMWu7rQYlBQcBiT6rprG8atS

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1604	msedge.exe
1604	msedge.exe
4240	msedge.exe
4240	msedge.exe
4692	msedge.exe
4692	msedge.exe
2988	msedge.exe
2988	msedge.exe
4108	identity_helper.exe
4108	identity_helper.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe
4692	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 2332	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	85
PID 3964 wrote to memory of 2332	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	85
PID 2332 wrote to memory of 4792	2332	msedge.exe	88
PID 2332 wrote to memory of 4792	2332	msedge.exe	88
PID 3964 wrote to memory of 4692	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	89
PID 3964 wrote to memory of 4692	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	89
PID 4692 wrote to memory of 4912	4692	msedge.exe	90
PID 4692 wrote to memory of 4912	4692	msedge.exe	90
PID 3964 wrote to memory of 4180	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	91
PID 3964 wrote to memory of 4180	3964	1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe	91
PID 4180 wrote to memory of 2832	4180	msedge.exe	92
PID 4180 wrote to memory of 2832	4180	msedge.exe	92
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 4836	4692	msedge.exe	93
PID 4692 wrote to memory of 1604	4692	msedge.exe	94
PID 4692 wrote to memory of 1604	4692	msedge.exe	94
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95
PID 2332 wrote to memory of 4340	2332	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe
"C:\Users\Admin\AppData\Local\Temp\1a3e2089a2ebc017bf4c8932f1f198f8b156102e5ec662dbd0bd7c0135cbf9fa.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21cb46f8,0x7ffa21cb4708,0x7ffa21cb4718
    3⤵
    PID:4792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,8799308489699599556,18103345496303697664,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:4340
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,8799308489699599556,18103345496303697664,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffa21cb46f8,0x7ffa21cb4708,0x7ffa21cb4718
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:4836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
    3⤵
    PID:1360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
    3⤵
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3928 /prefetch:1
    3⤵
    PID:732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
    3⤵
    PID:3412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:2652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    PID:1076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
    3⤵
    PID:4996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
    3⤵
    PID:5208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,398039675840117029,6029979350542601894,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5304 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa21cb46f8,0x7ffa21cb4708,0x7ffa21cb4718
    3⤵
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1448,17610437700028614605,15704303801121355430,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1448,17610437700028614605,15704303801121355430,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3096

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\285b3af4-2abb-4c18-9259-c1bc5b6fc098.tmp

Filesize
7KB

MD5
d1e06e52e25f6183a5829c3ceaa8720c

SHA1
e1691bed452be19e75c78280c4396ea1288d4d7b

SHA256
f83100a6705a829d9a034204b5c35baf96983de8488c11916ddfb31129fe87c2

SHA512
021a48d1f7896ae67ee48cd5cea7f3903f9a5f9facbd4527969d3120dddbb4b9079dfad3d8bd2b510aae41835707cd2b15db45f2d3f8b76e425f7a78091c2fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
f3d356f5bf69590b954b738de10fed77

SHA1
293d27fc5c1d212183fa2af548dd3c93779b19ee

SHA256
d4cee9c9c6090e4ac29fdc0d5ec54f53e3bc6654f09c77cfdd04911020c06a95

SHA512
9ca3e5ab5bf0b3d4b95d4e8d5476efd1606e17aebc33479dfdbc4c80af700334e0932d80be766d843d6f168d938bc1f78a2fd9d9d80a73e5ab03845ce3f252e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0b49e07a71808af188c8f2076b70f6fe

SHA1
d5c6d7ceaa8dea113611a5740d90ee41965b2e83

SHA256
ad7c03e4ec4664a2d45d49781d5bd92f128d096a710100873290fd2841c51646

SHA512
33cb9eda9d750ab71be35954f180adbe55053051e332f2946b784d40fa4920ccdf7ef27543662ff40743ec7a19e6fed63e360215b9a6d85745de966842ec3ea4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5bb21cdda46a2c4abb961a267722b615

SHA1
05e06c350ea3b226299c81a033bb50de689663fa

SHA256
4d96e5609dc996ce070c151fb86419cbe467e26c11d16ee993a44ef0cc81509d

SHA512
f46ca3cc64f70553116bdcce8320ece140575c46e7a3ba5366bd22816c3943303092a4c907c6f05648aaccb33d41a66c2e9207a67fd1b7f2a0b8f5fa39b6cb64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e876e84f5f5fee3ba8d24a6ec6bd1b3

SHA1
090faa75ec8543d25ad894f0b1f2c216e7b77710

SHA256
fe0e492c0642e3efc99209b181b6dece91ef345c339468c21929a853bf25ba57

SHA512
791858670b115a99dc8d6fa660014f2c70e942a86f04019928f47951872147cf7b4c3d6fe2f9ccd7f24edadb3d408c3482a61dbe6abed844ab808ee7ec683ce4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1b526413b2f65f0da45f84fb762f2946

SHA1
9d7c02374233d61e43691488b8d3b6c6f8c9d146

SHA256
5b464117e97109201518819201191fc47f9e2f6dac811267c80607d1082db9ce

SHA512
ac618faf05e9bd4ff99f85b237f28b4bc8d2e8369651a3570520ee5c241a7268918ceee82c37d70d8b018261435144562b55aed2aea809ff2c44fe8a8e1a47b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
36a2d071712a9ddaa03f56737a8d5161

SHA1
126c85611b815da7056a01785743411ce1957379

SHA256
715b8e60a30a0f5d4ddfdc3a20c72fa0beee1f9c9e2ded6c990b6e9dfb24b79b

SHA512
3762a3f492d7fc8e4ef3c0970dd3bac40ea6bde3e91cf34f4758b2b3f8267de3377f3e068ff67c323600a2a2a06d562913c2bbc2e8bfb170b5f8fd46278342cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
51c047578bc7dd0d78d256b8f602df04

SHA1
f8bbd8c0f29bd6a2026581cbea48f63d561b89be

SHA256
11ee26bc6e74d0259b37f3c3d84262a3db836fe8576930d4fa02dd7b6218f9b5

SHA512
0b3843eed14685605c0f384076b7e0dfddadd3a922c12804b04c887d9458df11dba582dfa92e7bc870ea87607e0e5b3d7686ba320f8cd356099d0c755a1f79c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
430758f518a774d9dd15d41085f9a9bd

SHA1
6a9ce4e6dedff922f53f559a3a328ed50669be78

SHA256
d7ffe0f7e2c2e598fff5eb79f237a7b767930ace514ab5eb248f517276c472fc

SHA512
da4f30623f61fdbcd292689183aec017fa24e42d15cad6babd9ba98cb227e242c18717a2a81a111156d374216f08dc17590177e5f352fedd4d150bc970fc1be8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579654.TMP

Filesize
707B

MD5
f9f0f6d879a37ed5878975bc367a6e13

SHA1
64d4f4e0befc844411b3ba169099b1eb021bd53b

SHA256
bcf80ba56363b0c796cae82c655992012b1dd0ced5063276d8ee201211a640d3

SHA512
8259cc301f1577bd82338fef52d9815f316c05121ec8d931ab6cd0d7b39a082c147eecb46fd8c0d1b488bf8ec4f52b5915b436ec9b2e89b562b6518d8488856d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
a87f551e4f24fd5e059d2bfdbc2b809c

SHA1
13ca35486542d16977b04f9a373d84a405a378d9

SHA256
20e19381b5147f3db578ed353a4f661ee6f152fb24d765460159ed3685f946a8

SHA512
c56e6dfee6be169986384308551a1f2314f052c1af0e9f6665c9e162994e3193eebc42ced9b5f1c8cc1ec816a69293921a5d2f002d30bf6a61aeebff8253e814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
7c4047405b8bd536f89e80607d67112c

SHA1
29491b7586ae85fd1a61573dddc5204f9548598a

SHA256
f4b920fad44f04c5f8bd2ce9626d8ed3df16b6c84c8ed377fb61a805d3ca0f57

SHA512
c1f2027d9483de5c9b7a06f36ec544c3af6bfe1fdc9502111b2036f1e5a252ce90d28e1b1255e6ef87b70c73e5c51caafe3c1a8b6729f34d4f0130acf713e954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
84068ed48452a24b723305ed588c961d

SHA1
fc47599d673bcb26290545ab8de03ef2bd696b8b

SHA256
23639546ed0b2c3f777777c32d3d0f5ede60fd6e924e96c71c92199f1744f69f

SHA512
14c84c8e50a7741227b9f3b5ec9515c6b7cd3ccb0125f6002dd8ea1fe6de79a7ac3f40417e6508474b6d23da9bf9fce5d64bc51e95b95fe7868d380ccbf48618

Download Submit