d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5

Analysis

max time kernel
146s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
04-07-2024 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
Size

894KB
MD5

ab6cd0c8a53e4b200cca51b862066ed4
SHA1

1da33383f4fbfcaa9f684de3e6be1c6424b45538
SHA256

d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5
SHA512

abbd17c1492c780abbe8f8b7bca40b04decb070a1b59e8ff1c3af2327378cce594c4f50e107f93295dbe6a60d1f100cf5901bb06084388d1c6b453f31bf6f73f
SSDEEP

12288:UqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDga4T6:UqDEvCTbMWu7rQYlBQcBiT6rprG8aA6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3456	msedge.exe
3456	msedge.exe
536	msedge.exe
536	msedge.exe
2120	msedge.exe
2120	msedge.exe
2564	identity_helper.exe
2564	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe
4656	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3608 wrote to memory of 536	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	81
PID 3608 wrote to memory of 536	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	81
PID 536 wrote to memory of 640	536	msedge.exe	83
PID 536 wrote to memory of 640	536	msedge.exe	83
PID 3608 wrote to memory of 1776	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	84
PID 3608 wrote to memory of 1776	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	84
PID 1776 wrote to memory of 5064	1776	msedge.exe	85
PID 1776 wrote to memory of 5064	1776	msedge.exe	85
PID 3608 wrote to memory of 4440	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	86
PID 3608 wrote to memory of 4440	3608	d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe	86
PID 4440 wrote to memory of 2364	4440	msedge.exe	87
PID 4440 wrote to memory of 2364	4440	msedge.exe	87
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 4700	536	msedge.exe	88
PID 536 wrote to memory of 3156	536	msedge.exe	89
PID 536 wrote to memory of 3156	536	msedge.exe	89
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90
PID 536 wrote to memory of 1508	536	msedge.exe	90

C:\Users\Admin\AppData\Local\Temp\d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe
"C:\Users\Admin\AppData\Local\Temp\d309ab8d692a59ef4e8ad8d1ed978e745ef4a19bd6cec4c527916ec5e00aefa5.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:536
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7bf346f8,0x7ffa7bf34708,0x7ffa7bf34718
    3⤵
    PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
    3⤵
    PID:4700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
    3⤵
    PID:1508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:1232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
    3⤵
    PID:5028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
    3⤵
    PID:1296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
    3⤵
    PID:2068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    PID:2696
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    PID:2228
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
    3⤵
    PID:2860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:2892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:2792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
    3⤵
    PID:2888
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,10403423616161002308,3134989193060771305,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7bf346f8,0x7ffa7bf34708,0x7ffa7bf34718
    3⤵
    PID:5064
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,7902494042724117415,2791005162676479537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
    3⤵
    PID:4156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,7902494042724117415,2791005162676479537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ffa7bf346f8,0x7ffa7bf34708,0x7ffa7bf34718
    3⤵
    PID:2364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1532,8100922340841988576,16722619223134877935,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2088

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
f4f6b1fec4ee76f365fbdd852f46abf7

SHA1
1d0de5d668c034f77f4562ef7186ad8e7828e911

SHA256
42c702533ac0c9725f3d88f1257695d205813ad29f4f5e31401e34f102b39d8d

SHA512
743427069f3df752c0881d74a57cfbf98fade9ade3f4e1c5075d811630a23b48de5d4c1ba1a433b1c98e33a0bd10db731192ee935b38e30672c3d347ba30d1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
41a6a75790e35582dc53959970708114

SHA1
8e5b362972f3b5cacebf72020ead99092764eeda

SHA256
105e0d847daa905e8bcd70923674d235eea6b5f00ca31059f61a49f827cd982e

SHA512
987f09ddfdfcd7486d61ef4658ad4af56badbebe34c5eb78c10dba01a3e4a2755f1d0ea82df7a9fe1a97125acfde5063062802bd793b6769773e2e53938dc139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
cebb053a25b9c6ec7efc9b47fc0fd36b

SHA1
826d23dcf54211c01eb1cb11b1c13a13dbacbe79

SHA256
bc08707096b53d7ce57812c044d3b50d30ab6a02cf928894a8aa5cc7e9db91cc

SHA512
4ade5c38beec23c928e3c3e562ec4d21417a7634f80e146d4b4bdd26b46e0b46fe0632f8496491c4a23d49945d51cafb847190ccba8728e01bfa3022a9a6dc92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
5c08d8a50fcddf46a659b14f4c4506f2

SHA1
cfd6603314151e8cf39c2a30d78ef4d02e68bc35

SHA256
dc4080b1f691f7eafd8bb22b351dfd9a093339243d0ac5c8d344410c4ce43d35

SHA512
cfda9f41d439a6a9e770f1eadf228a50e81adefd880ea1a6a2a6bbe5792ae1f12cb10315c42cc19ad08685b4e5d2c5fc99860ae701e5f45356d443cf9263fd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36ee057e8e512f299576609468d64d4a

SHA1
ac3ade6bdec29c3adc2f622b8c90e75700f1300c

SHA256
c2a4dddf8ef98778ec5a4f4022a4b82c884d6404d6b5136c19cac3eb51537405

SHA512
ac9ff1ec12a2bbcc7c0112a6567c0e9d6220ae3f4ba90306e2fdea1a4e5f78b0f4b800491e75d23229b7ef796d126cac2d9bf33e7edb4643514edc926e2eb969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
2b39b46ee96b422e252d2007d329e8e2

SHA1
511df1985d0dda6b0c8c573c0ea7776b241245aa

SHA256
61d3a59e921376fad0facccc9d6f2b323e7e90c1641c7982e2011f93d7bfe871

SHA512
8d6fb222ff53de0c7e386d4407a47df41956d93adf411fa78604ea03c1a1b957f8ea3f99177964231c6d957906743a29c447547fad476165684a1261e2656941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
04f82339770d26fbc85925b1d4d0c58e

SHA1
ce14036f384025181b949e051cac6b8bc6d9a1f3

SHA256
c528c393888c2e1ea444fca90fbb7c16e91eecacea0fe89b794239b0eb1b73e3

SHA512
b6e5a1270f609ebcaedd3aa44b7866d1f4f76448090c61894d6b4a153ec69421ff0e37018759faa29b4f4a16831c05947c0fce47a27912b51acce00b8272f864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
ccb5089b3c309190eb5260cc3c348572

SHA1
0718e38063e4b42aa075f3e0c6cbed160f8b1f69

SHA256
14c9239bb2329923d4810fdeaca4744b911b27598a53be84a2d53c1ce42b2ec6

SHA512
62588514810a78a1c1239beecf223bede66f54aed04c79ef151bd4e6688d56dfe64d59622df6134dd8b9e76fe886f922823a8a4774bb4510cd18851fc893596d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
43bfbc47158cb317c7c56f4dc609083f

SHA1
ff0037da9223d6d14b05887434a385c3230b495a

SHA256
dba73694469422bc99430f2e890e4f7bdc06e3a017f29032664f6f50be8cffec

SHA512
c56d6bb2816d47b6629a99bfc3d620c6523f0411359974b640564ffdb3d3a27fc90393acb722d810d94cbac052a88913fdbd3403ea3c898c303701e6b38f823b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b92e.TMP

Filesize
707B

MD5
c7d0598eed65b67ee7ab6b9e070da9a7

SHA1
8affdaa725115bb4efe32c0395ec2b75544a6763

SHA256
4e884b0579fde15548194d4cd2b4b94309c6dea53f226f759ef2529327d3bad7

SHA512
6d822540a9302cdd8acf4d32e3d36d52c1a58331cc5f690a526937d5a7880151622358935a268aec5eb0b06dc04c5b3481f0d142486cae02745cec5995c9ee9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
cd8fdd24f80402d52938f29762293aa6

SHA1
7754f8b84b100484b4ffd48852d3a80a1cdfe4a8

SHA256
08e48b6cd8ba4a0d1cefe72d8de841eb9787b381a5eef4a73e9fbb8c21fd8703

SHA512
8aa69665def6066a9b3c80f350f9252e052fdffe7ece0041d2e282773b74d46d28370a04c7d0bb545f0d53e520dc22d99e1f399e95bdd16898b64cd64bdf9e39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
ae86fd44731fb7e036f7533610433938

SHA1
ed45126bbb13a011a74e75aeaca63e0841028dfb

SHA256
5e81b79918cb8b67de18d92613503f571edfab8941ed2e785533f506931b723b

SHA512
72a63eb15adcb0bfb848623295f7bb9e71b1626c8d1993d89fe49a679048a662f9726f4889fa4b400c65b2cee24c2e8138ff22e0e9cd04e2a83d8911be135ba0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4921f92fb0af22694b8dfd9219f30ed5

SHA1
a453e33c2efe8e27745b522a3b6e6299b362231f

SHA256
1e4eb10872ab0067ce9952b53757075974ef71b6cf7f42810d7721ee916ddc67

SHA512
0d03cefa16e13991c94ff3c2ed26169158bcb29d42f9a0ab611ef37bcacfa1ce9c2f1b62f6215a33d6fdf990e5179f2d2f26ac880e939e4958df8a1e5c550c4c

Download Submit