c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2024 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
Size

894KB
MD5

38ca59ff22b91e2477985781a33feec6
SHA1

7d7b61aba3051a2b153927068151696088fa365e
SHA256

c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b
SHA512

6fe9f66b698bc4697e3aca97361e3c6e0243aca58987c6e6d99a84af57fab271e21b2087d5d62b40e7e90fd3c4697a8e79c4e922cc0e2a9e3cb08de29775643f
SSDEEP

12288:dqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4Tj:dqDEvCTbMWu7rQYlBQcBiT6rprG8aAj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4876	msedge.exe
4876	msedge.exe
2724	msedge.exe
2724	msedge.exe
1228	msedge.exe
1228	msedge.exe
2016	msedge.exe
2016	msedge.exe
2772	identity_helper.exe
2772	identity_helper.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe
3980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe
1228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 1228	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	83
PID 2916 wrote to memory of 1228	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	83
PID 1228 wrote to memory of 4940	1228	msedge.exe	85
PID 1228 wrote to memory of 4940	1228	msedge.exe	85
PID 2916 wrote to memory of 3448	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	86
PID 2916 wrote to memory of 3448	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	86
PID 3448 wrote to memory of 4088	3448	msedge.exe	87
PID 3448 wrote to memory of 4088	3448	msedge.exe	87
PID 2916 wrote to memory of 912	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	88
PID 2916 wrote to memory of 912	2916	c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe	88
PID 912 wrote to memory of 2104	912	msedge.exe	89
PID 912 wrote to memory of 2104	912	msedge.exe	89
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 4544	1228	msedge.exe	90
PID 1228 wrote to memory of 2724	1228	msedge.exe	91
PID 1228 wrote to memory of 2724	1228	msedge.exe	91
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92
PID 3448 wrote to memory of 4676	3448	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe
"C:\Users\Admin\AppData\Local\Temp\c93b3d2643d916850dd481b412c16b7641d207f12b10f43ce0b3d925499f0c6b.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d4046f8,0x7fff7d404708,0x7fff7d404718
    3⤵
    PID:4940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
    3⤵
    PID:4544
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:1792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
    3⤵
    PID:1640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:1
    3⤵
    PID:4056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
    3⤵
    PID:2472
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
    3⤵
    PID:4300
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
    3⤵
    PID:3844
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:2348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:5348
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13913802416395373871,14733980283632829677,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4884 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d4046f8,0x7fff7d404708,0x7fff7d404718
    3⤵
    PID:4088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14290715727241152598,7202670523871510681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14290715727241152598,7202670523871510681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:912
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7d4046f8,0x7fff7d404708,0x7fff7d404718
    3⤵
    PID:2104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,18397357919516473681,2530406684294244752,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e2d031b5dbd79919fa3f8805c32d873

SHA1
2c89842b5507ac8d4f83e515db358349e11b579f

SHA256
93007e5243b6542de7b10f835fdc25ae3d7803bf00af1f6b8b604555cedb6c9c

SHA512
0c909788c35b4cf48ca6d84deefa540b474d3a40ce40d71e83d1a118965bdeeac77a49911ae42c4a17a7a039ef5701cce8085835a2147378ef609e7080670625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
6e0a709156cfd7950c694bb93c896688

SHA1
7e6ed88a11205a8f01b8d673ce6dc5415eb8ee9e

SHA256
88ead136d22d7bd7525c02cb6c44a6838f7f2d419067a126e4247accbc795a61

SHA512
ea318bf1156b8b7f018160685dc110535b00120244fa49e90d113492d572dcc8e6bee688c88916806e76fcc49f7a2e4a60ad7bf542b5692d70f5233d93b579c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9a8fa27cf097e7123c0b1035b4667c72

SHA1
e05939eb3e38a446397423f1e65202e3d0597790

SHA256
d48e81376b548525744c10da370d435af33acc2e092ff4c751946c5364fd7cb6

SHA512
a684418b6d6b5a5dbab07e65e3223cdaad4171273ae7487446e510dfc724b450ead3520442374fd8e641eb8f2e3f4ba29ecff8662bb23875438601bf1af40061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a997669ad689cdaec58db3ce99092e6a

SHA1
fcada323ed00c745ebc12392171fa9a3ad2aca0d

SHA256
5d180505ff57733a15f50fe5446245715931feece9cb714e021d46bf69bb6b41

SHA512
f5e7b2d31ab6eb4fe2cea30a7e7cc2ebe16356d12e1f1fabecfe47d4d28a73b77aef63c025e5be9c888dcc74c81f8947f47724826782b143cedf0ee5a8b2c9c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73ffa8e2d84b39af6addc69700739c39

SHA1
de2695d28f54bd6d9f30a692926940ce411139ae

SHA256
cdd56e603b029de0b54e6565081300987b0eca3adf567d6fb882271cb28678db

SHA512
a80fc2ef6f4ef20b166f827fab40f155c50117b6b66bc5f17bf37ca2c7c4be39ce1cf2c3412fc41b881de530fa69c6241620f6c7f2ec79aa96c1f31021901f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
af42c32add106c6237bf84620f4e9f87

SHA1
9a3e13729bec1a54767df2de13a4f180ca3cf1ea

SHA256
a912424fe6ccfc79b308677d8ec5f22ea909fd53f04b4cf10764f0ced40d31a7

SHA512
fcc72fd219900e25e4b6fba30f566d001c8a24569bea3c38930f89cef44bd97c7f318fe3baef63a7f61bb60c855b095aa3b4c389f54de7f24edaf71256ee7d3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
42ff4f9ced5c1597fd0de0a329603d7c

SHA1
de029bcde638cf468e8e52a2eb6ec571cc8df63c

SHA256
451bd079fcaa802c4cf991500612d201d4429754aaccb730bdd0d0cb0c10f567

SHA512
7f66590ce93feeac838eb0dea8766c1a63b32afd0cb8ae8d39ce4dc1ea111ddfb14b14bafa4451acd912533aaee9efce56da6457efb96a77e49ade61d479724d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
f289d1e62fe6f4dab53e7705585c2216

SHA1
fa646f7f215f30d00ef26afdc94ee1962c99a1ea

SHA256
86d3c7d78ded6a0cdbf7c4ff95ad425b0872930bfc8d4f3a34ea2590186481dc

SHA512
83129054ad1e1d8e04edd9d9ee015196a35209b43d5ec390a6f734cab350bab26bfec9b222ffa6d8c813a766a9f3b7cb5aee3bebe8b79ba72d96c4044e709efb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
23700e343f3fd8911a22184d3fb6e79c

SHA1
476d91dcd526cdb2b8958536dc969138bc1505b9

SHA256
7fa74647f5c48a370ae393736e0eb1157d4492a90dfa5b7abe2c2635b3692164

SHA512
e5e3e599df358fbfbece85d8e9e82ef64619f1b57b98855b5202ebe78f556dff35a2ff7a55ba59d1250c4b7811fc124ad518cf29dba4b3a61ba5a6a2207d1ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b13f.TMP

Filesize
707B

MD5
7ff12daa30061d61fca866e6bcad4fcd

SHA1
c6f88f55b7e52386af4608712797dcd425d6c8fd

SHA256
88e29b383d14bfe71aa55b8023d75ce3a9eac8408c4393eed33d6d7a20a0bf1d

SHA512
b8aec9c5c5edc458c82be33b47a6c0129f49658997b6b3fabcced2aadce9a8fba0aa10932d74086add4d2370272ebacecc8881f9c58373f957d69424de048b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e0ad9c9370c6630ebdc39cf2f97b16ab

SHA1
5a3c6157ec3eecacd1c31268383d89054eddc5ab

SHA256
a910d1539e82e9a375c2b83b9f146e3544133a0f15ed88b0c2d9c84911c43868

SHA512
5eb2250bace1c00678d647e9a7c151e2074748c552ed9ed698874e894e9e82f244d123d66d9b55dc6b65d2045c1582ac7ff781f4c67844c056ad95d91595aec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
553f8b76c74a9e84691b32f47595630c

SHA1
8a9cc2ad29019be46af2b9f54358efaf8a357498

SHA256
26c6cb71877c57b5205bc29ce91cf7dd2ade8c0af7fa29a7c3db950d6683bf31

SHA512
e36c269cb42a609e9e308050f548e07749d5f49217dc7ef70ae78369fb114199d52d9df2f2acbc9dbc4940b60ae82d898a5a53860f426cb0478850355c98ebe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ac6bb1b00909a6ae6f19eb1970d1e988

SHA1
46e3e64252a8aabe028c9498ad8aeb4fd3252f35

SHA256
dc1965a57c538ced371825e2279f5c1e7b2d45486f6c5f77f29098c317a24994

SHA512
49a8eeedc17fd009cf93f86eaf8658570a68a001af3cacf7815c2b3825db98153d6a7afa4bfb6a87bff1a50a49020215834512952bde9b7ec76f01b846ec2ff6

Download Submit