3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 00:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
Size

894KB
MD5

70636117aa0855bc3ce4f3400e9a7f04
SHA1

e54330fb788dcfc70ed92cb1ed2071cc10d367fb
SHA256

3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437
SHA512

289e657bbe77ca2b7ac220724184369356515ded1478d4810ccb1246d53e0925c493a1fa02ac00877515a9d36bdd4ef71b498a9e7d08b7d93ff543465ff67e46
SSDEEP

12288:IqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4Th:IqDEvCTbMWu7rQYlBQcBiT6rprG8aAh

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3248	msedge.exe
3248	msedge.exe
4456	msedge.exe
4456	msedge.exe
4432	msedge.exe
4432	msedge.exe
4652	msedge.exe
4652	msedge.exe
2308	identity_helper.exe
2308	identity_helper.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe
2632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe
4652	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 4652	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	81
PID 2092 wrote to memory of 4652	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	81
PID 4652 wrote to memory of 3624	4652	msedge.exe	83
PID 4652 wrote to memory of 3624	4652	msedge.exe	83
PID 2092 wrote to memory of 1500	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	84
PID 2092 wrote to memory of 1500	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	84
PID 1500 wrote to memory of 2828	1500	msedge.exe	85
PID 1500 wrote to memory of 2828	1500	msedge.exe	85
PID 2092 wrote to memory of 908	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	86
PID 2092 wrote to memory of 908	2092	3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe	86
PID 908 wrote to memory of 1576	908	msedge.exe	87
PID 908 wrote to memory of 1576	908	msedge.exe	87
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 1428	4652	msedge.exe	88
PID 4652 wrote to memory of 3248	4652	msedge.exe	89
PID 4652 wrote to memory of 3248	4652	msedge.exe	89
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90
PID 4652 wrote to memory of 2676	4652	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe
"C:\Users\Admin\AppData\Local\Temp\3bf24adc06d4b9e4607457b62797a627222c9ea91f009bfe99b9eee078aa8437.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb935046f8,0x7ffb93504708,0x7ffb93504718
    3⤵
    PID:3624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:1428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
    3⤵
    PID:2428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4136 /prefetch:1
    3⤵
    PID:4912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:4112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2308
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
    3⤵
    PID:2320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:2448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
    3⤵
    PID:4488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12685387079046861076,6831933510341839913,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb935046f8,0x7ffb93504708,0x7ffb93504718
    3⤵
    PID:2828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1664,10933938630023523892,11018406061218000677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
    3⤵
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1664,10933938630023523892,11018406061218000677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb935046f8,0x7ffb93504708,0x7ffb93504718
    3⤵
    PID:1576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,2661545224285609719,12014531986632591379,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:4568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,2661545224285609719,12014531986632591379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
918720648dc94a968616999ca8b27e0e

SHA1
f79c3c745467a2749bded456ce209907ce259411

SHA256
0bdfd32b75668990dbc4c2f59d53748afbf353782ea7f649514420103001a449

SHA512
7a0c773ed7492e4395bbd4f25ef304a54bd8fd1e2a2d1537d2409523cdc9686990e550cc792490e04ba1cc52c7bc14d6bea67e755b4012a2d695a37212744cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c236cda05da9bd24841eba8d71b8ff94

SHA1
2ee90fe26deb8f6184ae9a30cdc694d09777e9ea

SHA256
372ccd0f7a24268b28bdcf055bcb7a976e8047cefd41ff079f29c2d28edc7f00

SHA512
8a4e41a95528915f0070a9f8397975aa91bb25ecd8a8bdb82bf900e8e452c985dff48b02e0e4421adda85ce85d1eeb07237988ff855441acfc8595f3a62d5449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
45493698a4c87a274ad55fbebd567f19

SHA1
5f1bd846a5db74c00be314935cf0baa1fe89141d

SHA256
5e45a775975803daf95f761ffdbbebb4707cc56f81a006c559da903dda8cbac3

SHA512
070502854bb91dc9d21fd3198f50e89fe14993ffaf5a494f1cd2b826726f19f06d727cd6c1ba88bbb5ea39a60d97b625fd2670ec107369d6b237d03c46a9d11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f459299ba4bc9e0a00371910363d49b

SHA1
10cac95d2502f16d425cb03b592dc5b31e69432a

SHA256
934b9ec5aa8cdc776513ff12897b2bebc6310d02bed541d63ecf5d21a0fd6be2

SHA512
870fe1c7c3e15801979fab83362978454de2724bf9550c53dfc76349ce37c465c000f6c84cf89ae0869ef373e96b333395e5fcae2ba1fa34b729e2eb6be13f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6df86f97c71fdb50df464311451ff90c

SHA1
b037662689258cae379ddbc1b5974e311c9bdb59

SHA256
02fb7bba1969e1dd70ae775433706b9978f9db346638c401ce07e6f1c0cf3947

SHA512
35477fb3fc0c3c065fe66a9681ccf628fc40e18d658c90322ca111749733e85ca5df2e7ea5caba6942574ba0d8782d2624f15ccc4e04a646c6b998451940faec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
3d382e43afb1424938c832805019b203

SHA1
87259535590038e27bdcf82c946e1cbbbe93effd

SHA256
44bc3649f5d4ba6fd6094e89ba6289196bc76f1a29d61e2dd3701e982d676b75

SHA512
da631c8f30223c0533891acee2bfa6a91a1636acbdb255110689cb62b5e2d92967a9b117aec7cb41a9b9deec7bdd2dd887ade308fc42689ff7a9f194b73b052e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
dd91a6a8cf270c9e12788d1409d38d12

SHA1
77d192eda8639fefd1a8095ff82deafcce0539e0

SHA256
1bc9ecd82438508a8f22cf93a130141e150d61990768bdd31a37748db565b979

SHA512
e0b697f44365bdffcd09348671bf749c663e546dad449f5cb85e3622841ee81bb5f6a8da23d25d5bd38279083903b13ff2c316bdef3822e71396d7b0b9a4c56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1cbec82cb93c88317324ed467dc992eb

SHA1
68c3b2a5a1be36b8b7215f2e705e71bca83eb375

SHA256
549044630729f1fe8105a8d0af622fbaa84e44c953759aa437fed6375c730500

SHA512
0e164b175ebc2b952f2ac96eefa2e7f8358acb126a9245dfa4d59e958d95d59b9efca7577e5f517566acc3a13f3eb9d2977fd7b54c095ea01598baa73f61b39f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
5985e64a385a9a39d1a62d65128ccc16

SHA1
e48bb56400249331c74f4dcc855a2a4f5a42095e

SHA256
babf21adfd707f34de88d34eac440609442aa22150f8800109808bebf19447c8

SHA512
ba92b509c9a70071b1c5c6b0feff8e0a0df4a254731b81b0cf67a4ed1c35b33931d7d1abcdec4d765732ee3c0ed2a4a5db344648c90a336c6e6f8ad001743486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a596.TMP

Filesize
707B

MD5
6922e0ef4955a3e52fb5a8ce99bb58f7

SHA1
c003b427d56faee615a563a7506e61d7b69b1c54

SHA256
0bfd1616338a89566bd711b5a517383626a9ab399612f9b30cb0a69d43939c14

SHA512
9400064aca066f3889796a4a0320dbca2760bcf222a6e096c3a6ed5a3a0b69e31afe8a9a38b47b05b1c2af86df8471a95e40329c70166061bb3637a1fa686d08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
8b0f47dad2702ad00e8d96fc4a100feb

SHA1
1084dea5bc41178accb247b356a16f0b1f4b51e1

SHA256
f7175429ba955fa3d9953f5fd0190db9caeb59a5a0496773925fc4b13f076cde

SHA512
975835c5fa225316cc8314610dd9349c8f6c33f93e34ede33267a6569ca9df74b0664537ca81f2cb73a37ad6a48d37df101fed4430e890f87b7e71eb32f74376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2e1b95043a206eb1fbde74ca6dd63ab0

SHA1
26bc067cc43f0d9d6431101ed77e250d418ec705

SHA256
34ae1695d9561415a83e3b5ffc7c1ed3c22d201b449dad6e68cfce4de354687a

SHA512
f0bfa714113e9f59ed29873ca4f7c39ffe7436acc50dc8aa01bbeac2209725a9306d7b60a7bbaec417dfa84fe2c9468aed8af79c6de3a4f67d9d3f9794d332ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a4187f14-6c5d-46d6-af1e-a3ceca9a71be.tmp

Filesize
8KB

MD5
564267f0b5ff5e537e3c9db98e9b112c

SHA1
fa7f9a419deac9438b8953857d9728370735a2e6

SHA256
0db4db20ef4a02403b3e85f4b99950d4dc0c83494cfe6ed6f00b0fcb77d6ede8

SHA512
e1218343f0a893d282f82e16b225c64db468a4d99f450a59357e533915b54e004923170329c2379bdf682ac8604d63ef23e2e26e8f94510d5efcaa6e07f010c0

Download Submit