144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
Size

896KB
MD5

99d5ce4db9fd3bf3cf7790139a0f9293
SHA1

9d7030d1065f70d3e193ee19b98c82743197a2f1
SHA256

144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1
SHA512

690be9fd1e924dd311b4e9f6054c922db927cdcb1f3a3c04ffa31300ddc79f992ac2b01d88c4f75095caafaabdccbacbd334d30a5c573c739ec7556ca90bcc17
SSDEEP

12288:gqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga3Ty:gqDEvCTbMWu7rQYlBQcBiT6rprG8ajy

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
1568	msedge.exe
1568	msedge.exe
2852	msedge.exe
2852	msedge.exe
5068	msedge.exe
5068	msedge.exe
4036	identity_helper.exe
4036	identity_helper.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe
1124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe
5068	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4940 wrote to memory of 5068	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	84
PID 4940 wrote to memory of 5068	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	84
PID 5068 wrote to memory of 3468	5068	msedge.exe	87
PID 5068 wrote to memory of 3468	5068	msedge.exe	87
PID 4940 wrote to memory of 5004	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	88
PID 4940 wrote to memory of 5004	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	88
PID 5004 wrote to memory of 5012	5004	msedge.exe	89
PID 5004 wrote to memory of 5012	5004	msedge.exe	89
PID 4940 wrote to memory of 1628	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	90
PID 4940 wrote to memory of 1628	4940	144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe	90
PID 1628 wrote to memory of 2832	1628	msedge.exe	91
PID 1628 wrote to memory of 2832	1628	msedge.exe	91
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3868	5068	msedge.exe	92
PID 5068 wrote to memory of 3140	5068	msedge.exe	93
PID 5068 wrote to memory of 3140	5068	msedge.exe	93
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95
PID 5068 wrote to memory of 5056	5068	msedge.exe	95

C:\Users\Admin\AppData\Local\Temp\144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe
"C:\Users\Admin\AppData\Local\Temp\144c4c84df07f4f2b5cf6936c47b8fa71361adc613cf8a35b4ef076ad8ca51b1.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:5068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d5546f8,0x7ff97d554708,0x7ff97d554718
    3⤵
    PID:3468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
    3⤵
    PID:3868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3140
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
    3⤵
    PID:5056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
    3⤵
    PID:3000
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4336 /prefetch:1
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
    3⤵
    PID:2552
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    PID:3632
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6000 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
    3⤵
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,18259811242420812972,8280863262365219785,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97d5546f8,0x7ff97d554708,0x7ff97d554718
    3⤵
    PID:5012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,5382335290799970963,3914314389166123651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,5382335290799970963,3914314389166123651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff97d5546f8,0x7ff97d554708,0x7ff97d554718
    3⤵
    PID:2832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10249290359746549165,993283893977330754,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
    3⤵
    PID:4616
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10249290359746549165,993283893977330754,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
60c7855b1a715c180f5cacc78d5095c9

SHA1
78b465ff4f0337cfeec810be6a1edaf7b665f409

SHA256
edb5ab4f32467e9fe530c1b59c2c972374d31e9fcb1eecedb02c2370ae99d7e8

SHA512
611263768f106b8fcf6b456383185bfc6ef1f4a2af18e349f4415b5f1aaee70a51bc61170288e8a8460a4e873d46110000df55c7bd618f5ef20b7536cc9e6a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c3e10b0ea7e6e460db3c0aca53d9875a

SHA1
8f2eb2bf391db6aa5ba8d6a5ae845c97d6d275bc

SHA256
3116fa665bcc64a47e6bb97657131eef8758f260d17438daa1ff29a8f5dfa1f1

SHA512
f0771b6eaa67285dc65f491b30ac515d59b6195217e4848ad8b80cabd5cc1ca3642b0b863f7d91a85434856fdc87961e7e8a0214ec226ec1847bc9b79e83ae07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
3c58de11bb416c77893acf1e9d2532b0

SHA1
2b525b0005f363caf0ac0426474495566bd1abbc

SHA256
a3b33c33d11b0da9d23eeea22e04f4b6253e37b5bd572b8c2facd9049f6cb98e

SHA512
c994ffd23d849edc32b308b619d022e145234723bfa94231a49c17791e4066ebe5d447fd9b50d3c440936e597c27f85f88de3cffc08399f5479c8f4d6ddb393f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9d5a6a8c03b30db7f4de1f348948e2f0

SHA1
c111cdafc3e5c16dc4e4b55195a89edc67b3a5b8

SHA256
60de8d4b2d7feb512164694fe6857fa850fd3e69707826d8b7f7b5989d7cd449

SHA512
77d752b6ecb48f6a31f1a3f24f977593bb75f79ad0272a170aa7c4603a38a2ed08014d652d14c48798c84682a40d9e96034acc9fdaac16c3f6d05bb80d8e83da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8525803df3f0543cdf943871133fb3b9

SHA1
6b45e80b92b2b4aef30587b4a19968e8e3b71cb9

SHA256
d2a5690bb6cf56107addfde280be621626d31f79ad4ca43ee012ede4b0a7dce2

SHA512
37327deb35b67e72787ed682dcce60f010a5214df3523e24647b4266a57c9df1636451673422879ef42eca632cfc9f5b6895232f22f8f33da364fe4edacff57a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
eb91c2c9df51a749cd15a90463ba2661

SHA1
abc8c7012c6962be723dde1ac1168d585c571632

SHA256
94bf8dc3871fa439a008df8110fcdd394d8f21c4b53f7d03ecd49200cee97888

SHA512
484324118f0280384e68b99d590ad15cfbea1b09f9585b9e5ca90b149939fd120471d72dadf0b984bd715774575d4d7875dc44349618f54e504b3fa7ae3989c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
74604dba71957b2deed6727290ec756c

SHA1
328a375549394eb2a8bd64690abf76418fe1ade6

SHA256
234ec751271569c3490daff28212bcaa24d4107193eff3f2c01d8ad2fa83c8b1

SHA512
b8c4d63fedf07bbd341a390fcb1a142a14d4740f9b19fd4eaf8de95068034900af8018154518e20d141f0a2577aa28a5cb8bc10ec0b54fe852c073f9aec8e963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
d9061aaf8d04e74a441d57230ce6279d

SHA1
362275fc669b20b78286351ddceb6baecef65ee0

SHA256
ff9877fceaaadeefbf2afd9039995240b1e773bc900ac073def835c0de8de7ee

SHA512
ad7c8dc0b46e9a98bba0a820529747d9c555f68f5cff07b856895dee4b6c6d8c35404f02021fb2be6441a6de7c9bb7da8f46cc3e2d757de9248d3f5438851dc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b38fa6b601e767fef9a26f6caaddfa05

SHA1
dbbcb72bb2eb5dc6787da4b392cf64d450c84c1b

SHA256
1e338c586cb5790f24b5cf7ef21a51c77818a99dec64e14a16d298ad736e1929

SHA512
c95a1fe7cc3c52e9ac61817389665d26f9da50cd0639d1b95b376889d21d2fcf947051656982cfc999f64976ad6f236fc230b182f5d74a4691fd7d3ecb227191

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ad57.TMP

Filesize
707B

MD5
7101c8368cc5d6d681cdef445aa8650d

SHA1
c2f064aeef70363542c15a4c101da85f56d63baf

SHA256
1dd8fd341d122da5de9fe5b61a5b3d37cf4298464f121650e82a05301a050f37

SHA512
adf68163593dae43b7f6087ffb09157a4c4916a2d62f99bba8ed515a6b444aa38c136de53e2799961724cb5d925d4a4ff4402203086d0a2d3efac518bad080b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
750edd7b22b3af4fee0cf062717da680

SHA1
f84166978ef6ebb4259eb138d937789ba6016f5a

SHA256
80047a076aa095c11758c7cbef07f46523bea597a6b6812b364a31e5095a7aff

SHA512
a84e8c07fe40440815f1ef686c9038fbc52ddeae6fa9d12d408cccb44d1194bb0757f1c3bf915fad6a610687ded4666792ea0375ecee749ac552c10ec7dd0508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8c2dc9a2ce6f8a556b4c8e8892126dee

SHA1
6b4c9ea065d84daa9b248a4aba644dd48f0aaad7

SHA256
10a6f7a9005d8b67860aa9e64d20ce41852b5bb3698d46ea03cc19da1b0b30d1

SHA512
9393b7bb083db77b6fc1710d4b985abc12c5c48701023df083f3d5a20d2e134fc573f87fac36af61cf18ac1e5d004fe22b81c15eafadd1a68f2ea7495761be85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e254987a-db41-4adf-9cfd-0f11021f0024.tmp

Filesize
11KB

MD5
4a49efe6f5efc63af5d81b754e7b09f3

SHA1
dab5372c60a079903ebf23262a96cd4b63abd740

SHA256
fefb5e02bef2740dca28f2149841779e98a436a0c52d4deb9c1b14a8d079b636

SHA512
77d053f8101c230aa51be16f5e2ca07910a71f7e18b5923c5fdd8bec4f0fbbc7764742f2885bc0ac533f28aa19b209fe6f347aaa9f207516dea9d4dc157a6db2

Download Submit