402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
05-07-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
Size

894KB
MD5

3f49ee457f4decd0fe896f30c289583e
SHA1

4d62997bad1094600edf89f74bea7f44f16150ba
SHA256

402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae
SHA512

b1124ba8ae39b7897d7ee7bdfbfe55680b9ed53d89ec378e511be9b74a529ed8baa716501f8bfabc6a498f8ae659b013b2f290a11501588d7f248c648993d797
SSDEEP

12288:wqDEvFo+yo4DdbbMWu/jrQu4M9lBAlKhQcDGB3cuBNGE6iOrpfe4JdaDgaMTB:wqDEvCTbMWu7rQYlBQcBiT6rprG8acB

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
1484	msedge.exe
1484	msedge.exe
1160	msedge.exe
1160	msedge.exe
4468	msedge.exe
4468	msedge.exe
4880	msedge.exe
4880	msedge.exe
4512	identity_helper.exe
4512	identity_helper.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe
4744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe
4468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 4468	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	83
PID 2792 wrote to memory of 4468	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	83
PID 4468 wrote to memory of 2288	4468	msedge.exe	85
PID 4468 wrote to memory of 2288	4468	msedge.exe	85
PID 2792 wrote to memory of 3896	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	86
PID 2792 wrote to memory of 3896	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	86
PID 3896 wrote to memory of 2236	3896	msedge.exe	87
PID 3896 wrote to memory of 2236	3896	msedge.exe	87
PID 2792 wrote to memory of 2132	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	88
PID 2792 wrote to memory of 2132	2792	402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe	88
PID 2132 wrote to memory of 2404	2132	msedge.exe	89
PID 2132 wrote to memory of 2404	2132	msedge.exe	89
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 4572	4468	msedge.exe	90
PID 4468 wrote to memory of 1484	4468	msedge.exe	91
PID 4468 wrote to memory of 1484	4468	msedge.exe	91
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92
PID 4468 wrote to memory of 1456	4468	msedge.exe	92

C:\Users\Admin\AppData\Local\Temp\402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe
"C:\Users\Admin\AppData\Local\Temp\402ce2895c68e7059ab70adf43bdfdbaf70b6ce57966cfd68a4c243645e73dae.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4468
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa74d146f8,0x7ffa74d14708,0x7ffa74d14718
    3⤵
    PID:2288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
    3⤵
    PID:4572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:1456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
    3⤵
    PID:644
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:5100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
    3⤵
    PID:2964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:3648
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    PID:4968
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
    3⤵
    PID:3568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
    3⤵
    PID:3164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
    3⤵
    PID:2212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4080 /prefetch:1
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,280026581316275200,12527465284299515994,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3912 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa74d146f8,0x7ffa74d14708,0x7ffa74d14718
    3⤵
    PID:2236
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,12490530963594347227,9589429627155711319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:3636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,12490530963594347227,9589429627155711319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa74d146f8,0x7ffa74d14708,0x7ffa74d14718
    3⤵
    PID:2404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,18324693302460187538,16646468705571553397,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,18324693302460187538,16646468705571553397,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2915233ace3b11bc8898c958f245aa9a

SHA1
68c6aa983da303b825d656ac3284081db682f702

SHA256
b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e

SHA512
e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1fe3a26bd35b84102bb4203f31e74c7

SHA1
45fdfa8433789b575eb64e116718e62e0e0cf4a0

SHA256
26e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee

SHA512
d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
a8dd20d47b40cb0d98e41620a884e464

SHA1
f24af38d48e0f417f73eeb4eb6e498d103450782

SHA256
83040de2855829dc5e74701b40a7b65e6b823363b99192fcd5fa918ecbdb00bf

SHA512
a0384cc48eff7dff35a11b28979e34b5c42fc20c3f29fd5beabfe9fdacc5bd244469a6365c5437a4e40687b6a02d03998b1c25997fa010a93d20c98488379d5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f3798271342c25881dde15694a4db0d1

SHA1
033bb367d73b48184f59cef1c2f36e51d7473f25

SHA256
d0bdbabf97cecd17dbfb32479bac3db377bf24ea86ad9d182ee305b4fb0ea7ae

SHA512
f31aa6b81606ca074608213a677765434b3285b9c6e648167e9e3107dabdf649703dbcea7ca795fdd1485ec48086bf940ee08297d8aa1a26a48abbac2339cf6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
1d8d3e2240ac8f5b93c726ffd11b3f1d

SHA1
5d807f54c7abf10fb92e2311c492164a7bc57a0b

SHA256
5c514762a067e0eaad20f5df34e8fa19037949c86d2172820e9f1659cb8697c4

SHA512
82e39a79aa1c29cbcf945b07d89deec418f84807ae1059b7b71cec9ecd2b9371942eab15efbce2d10e2a77ec8815df466e2300e4e927d6b0e15dd79dd0e2afb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a5affc37413f437d5356cf2de4eb7a25

SHA1
93d02f7c1d3dbdd86ec2a580372f5e23fb313f1f

SHA256
c68db07654f97496f47538055e22cd44c2966565c2ba35881c9fbc5f6fe0a18f

SHA512
60af5307edd8dea9198ec6c15a687089950f74650bdeae624d531089b6a4265e1eecb5f9e462a6d5bf79bad28751281f4d16409026f7288338c1a6139e0d09a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8635ba105fc798ef957df917a32c47ba

SHA1
e3e1fbc725065b41bc013f71a787a362170c287c

SHA256
fef97836d1099a053777177818767708abff1162dd7e9e269b0f67d8e364a9c3

SHA512
02837f9f4dc81ba44ba72b2b8e271fa3ec1435dceb0db133bd7b8811112dc11cf027b9d5eda79ffb6f816a29b22ac0fcb33557fffb7ac9760f1efb2b14729ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
47d1f75f50314634eb74f6fae71876ad

SHA1
b488c16737f01ea21f3fb2d07b136fa5a9721350

SHA256
e2aab910325ce989e5873aa9128c9a445944cabb94ae686a56a3992e5f581523

SHA512
3b628179a64436f8167f1684fddb7caa736b3fd81bcdc4809d1f8f9933cefd4b801ee80b25084675fa4a92a1fd6839853fd1a70372224a5cdf303ca4019ae50b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
759d1d554fbb5290a4f5bd2e325687c2

SHA1
d3bc27af40934fbb2a6747620b9d707ee7fb3a20

SHA256
a2cad9e7ba0bf7d28c1c5f50321a38e7e676e886d1919d40937c33aad835a692

SHA512
7de036caaaa79d809a04097ef30504fe051e8c2fe72feae80a16dd1c7f2f7b48548cc3b1b7ec69850d218b5450aa255ad89aa834ff37637ccce5231f6125b542

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
2c662865e60ea301c5e5203b3cc0f523

SHA1
61a505007f294492527357ec1161700786b3d69a

SHA256
0fdc00e04f56048e1a6a93d4903c0295dff4de7152877bb09edef888755c0782

SHA512
58acbae2e7b05d54e03d6a7b29b7650c0bc8d748fad66aebba3ab0bc01915b6702e79c80c36ce38c9a3324791e9711462e5ace291d265d28ffdb052ba4890d38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
4bdcda941773872cc177cc05d6fa4d65

SHA1
169da9c3dda49fad26004c6ddb732e264477bf63

SHA256
17dd28412132dfb4336218e6799b7ac26fd7991bbc233dc6b9b70d63a4c6f896

SHA512
1db7dbc4705c98bbb5817c5915da31f49ee93ca6427cc45654d8d485650d0a5002c15a5998c2cbc100691420521c4f6eecb9b298967d9ac4c91fea06ebe8e919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ec92.TMP

Filesize
703B

MD5
9b338312050b2ff79242ed71be156794

SHA1
d64cf134b82c4cee8cfb8cb4783473fd541dfbaf

SHA256
130804ca134941b352d5d4c6948f6ca2fed426917d4f003c7ce05416a11414ac

SHA512
efc2c363d25f5167904cd5f4cb4c55db14ce507d11b236ef644ece6888e96190167c0dc97fd497c068c6470214b467a7aeac83f474bcd69a0916f0ee5f4e4e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
9047ebc5241a8308d5434aecfef88de9

SHA1
61c4930b298a36f840184a9067e7d68431ff35fe

SHA256
aeb617cba2076fa4e4f8b7a434f9df5e0b460e9783140807631195507a752b23

SHA512
07deee607c4a1fe21d2eb50489fa2cec744b273b55772b7413b5a4bfe848330738417c47940ef8be98f839e7aa8ae9cd75a90719c9cd626807d9092ee0576653

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0255d6454e4e3470bc8d8c2268d53c6d

SHA1
58240547f4566f24b3e4eb5070144e26594a2351

SHA256
84b4b62622baef3149db29a16b0c65ccc8f358e0bc507b6bc10f423a29e48ada

SHA512
9c9156aba41b1247726c9501c13eb05af66b68e19fc5cb1af3101ec4181682b557bc440973be6cae517c3a55c1f0835ad21515997381ae4483ad5132d9f553db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
aff0e8dc734ce14b9856e10f577c1d3e

SHA1
d2be4fe529536b09b2ee30f873374e9bc5693a54

SHA256
0482daa295c7b35c7d4ebec976f8b92b7f3a5eb6a2fd1ec7015237aaa6d11e27

SHA512
df03d07cc1b806d34deaa2cfcef9b1519b43a7ad2b977d6886b478cff9258d551123fcf72bc4d2fa3c41acb7b4c3866acfe8cb1d709d905defd2407189de8683

Download Submit