hxxps://drive[.]google[.]com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link

Analysis

max time kernel
95s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
05-08-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
5	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2718105630-359604950-2820636825-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1136	msedge.exe
1136	msedge.exe
4440	msedge.exe
4440	msedge.exe
824	identity_helper.exe
824	identity_helper.exe
1084	msedge.exe
1084	msedge.exe
5636	msedge.exe
5636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 1116	4440	msedge.exe	83
PID 4440 wrote to memory of 1116	4440	msedge.exe	83
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 4000	4440	msedge.exe	85
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1136	4440	msedge.exe	86
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87
PID 4440 wrote to memory of 1460	4440	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc6da46f8,0x7ffdc6da4708,0x7ffdc6da4718
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4172 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,3851372046177605781,3556097040018150755,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:1752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault73c27443h5f46h4648hb35dh1c382a237e32
1⤵
PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc6da46f8,0x7ffdc6da4708,0x7ffdc6da4718
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6396990426791815773,3534887816094286457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6396990426791815773,3534887816094286457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault413255d0ha06eh4d77haedbha979cc476c6f
1⤵
PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc6da46f8,0x7ffdc6da4708,0x7ffdc6da4718
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1384,7809659253191989478,7539079669064167490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultda567c0bhe286h4f94hac14hf838e33f6eea
1⤵
PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffdc6da46f8,0x7ffdc6da4708,0x7ffdc6da4718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,15506909506151674119,5449253476605443466,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:5588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault93a07554hea1bh4e2fha05eh201b60f431b4
1⤵
PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdc6da46f8,0x7ffdc6da4708,0x7ffdc6da4718
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7250619783115243752,7698673767231308780,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7250619783115243752,7698673767231308780,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:5692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5aef39fea413bcf8d167591674811275

SHA1
89a7e775cff49908cc535135163a4922e90695a4

SHA256
dffd2f5fef0fe5d6fff79d08c36c39ad6b342aa5ac77d366149178762d9abec2

SHA512
fc8ef46fbd0d5016dfa6217356111bbd1358fad956af8364c1ca82713004fbd083bf78a0ced0ef5843ac78c2fbfc5aee852095b12c12020f818354fc64c33aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ab8ce148cb7d44f709fb1c460d03e1b0

SHA1
44d15744015155f3e74580c93317e12d2cc0f859

SHA256
014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

SHA512
f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
650105e709f2c514c52bacddbfc1b443

SHA1
33ffdea28e6c6ca5de22119a52d40f0733e48ea1

SHA256
c106a308cc258338f2af33759d01433ab23c03ac7822075fe1848a0a25a7d8e6

SHA512
0c3b7d6f1e5474cbe7d66764fe8da7b7b9e90719fc7271938b687e1d76654e809c1556e1af7be900080dc58fe4e1d557c98e75f1d09effd80c34805f93ecc025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dd4f1b25affca3cea5603efff35cb02a

SHA1
32844a9c1aad2c46829eb3f8c15b33bce369d8e4

SHA256
ff40ee4949861ca2493971f16414aaf913cd4225ac59a936c72fef9e8d91a14d

SHA512
18a5ab63941c6654a06612c41a3d61615214925c5bebe617b2d14b0585424cd2593842a8b8f7e140a39069f7c362f04c41d1e3882f035f004b5cdbb02ea5b5b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38f59a47b777f2fc52088e96ffb2baaf

SHA1
267224482588b41a96d813f6d9e9d924867062db

SHA256
13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

SHA512
4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
bf05a572ba79cc31e6ca3416b133415f

SHA1
e3021a94ad78cf6bd7749daa71855581bbf71556

SHA256
c1cc39b3f25f18b8d50a5472d9b71adae56c6e8337a3cb64f0db2603fc16f404

SHA512
49e85d1e9b6f4c6f5462550a4963f4920456fa3a49a8e6f6ad0164fb424c6bf73507dd358f5ad98f1fe2953977fa5c2f64a93c04dc380db4df121dad3aa24f15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
967185ffa84f920c03ec62fd122e3a76

SHA1
da8592586fd191be9797cd5829edd8f6f98bdb9d

SHA256
c33e9d7ccf06f80936d15ebf965118647cf7bd518803deba6b9ec0c1f80315fe

SHA512
4c2fcceb0aa2228ac384b5452ed5958bcca1a4ebb4dd4f597d494aa88b84305cc643cffca0061b1310e9787d7a3e2a1d314ebaf1ae22fdafbe7a2d3473bcf3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e9a9b64014681f545f1cd4fea1e243f

SHA1
1a4f9c15e850a892305809bc6f709d7924a5d796

SHA256
8420444b99bbe0a0d17af116cebddc61dff24f62b5a3f0cf927fd435ca936d75

SHA512
6c04c6b52b8fde8b53b268b904b234f5427115fbef9e1d374bdd64f2cf2dcfbb14aebdd697200b660e78e0ec7fe5f5dd8d79f55226cd4d5da6468f017c549236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
929483d9ec2c509f3e08c9b2ff3cec38

SHA1
193375dd662985a4a56cb2f1caa535e8f3741adf

SHA256
585ad58e984add5ba5979cac3dc46103b48d119451a8081bdd778219fac67893

SHA512
e3eecb1177393d6d5b742258ef3b4736c780ffe56a9fd0c8cd0da3b3fc2d1210e9edba34ed039766c97f78a818f1ce79ad4615248d29b7551e012801e2fccb0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17e9e47098cc109eceae9d88d1835e41

SHA1
bdb7e0bd9653b865a2ee22b8abdbf45ec2e88291

SHA256
5aa50f7e0742414b894171ed8046812e18fc5d27c6e5dcba6f93ed539ff4172f

SHA512
961472e1cd466a241fbf605cd7bfb04e8d4d1689ed4d9417868563e518e3953077115d713e52ce28171539c0944b48254fc55b08ef64e64daf933be0dba5bf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c53c677ec83831a05264bac91584125

SHA1
3ac8e1d44b07880a1e073cf059a8d847d98604ba

SHA256
8096b5812b4c8f0ae0bbfd63a14ebd4816c51d6d4444847a2f869002807b78e6

SHA512
1749dd58f81f1ec32aecba474e3d9c7a316f1d7e4b8b6c585eebea307d6a02000ab2223eda64613fa1738d8da9a868fd10bbcb10dbc6e63d827ef984ef2d1e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0fbb9e9560ff60da0469c031be8c0054

SHA1
82ffd858e375f698db2aafddf6079f5538125aae

SHA256
9b2ae41d2cfbc63560e9efd7a8324bbf52daa4168ad210c02dc0eb6e73fddf7a

SHA512
098137a7d349407b51dceb0ac74ae46cdd4b3e5c8cf2c3027ef04104b0591e6f8f8634c50cbc248d29b41c9502424a5c70f7e295ad02fc5717c493bb49fbedc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1bc25924471dac3b3f533f4ac510ceb5

SHA1
d08ce55de2d7ada67decc176383d8433b177aef0

SHA256
f96c75e6ead201cb3d879ddb5951b1726fbbad1b9eedd2c5c8c67a732dd38117

SHA512
20e65e3b033a7456e782aca2da217c86e8afd61d3332dc3fe4d41dbb40049bd02582775350d9319ce645a54b0544d3ceb055167797583120e9ad1d72c41b9a5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d5dbc3cadbba083cbcd47bd001de4ee1

SHA1
2034d8d50086f9ed6628f3cfb13662e32a23c4f7

SHA256
6b77c3c2a02c746c9f6b3cf47108eb09c1eb8372e23dd00ff9d58febe38e0393

SHA512
eab1abc9b31e99620caaac3ea3f07c3efb38d3eb7c6ff5a5a59eaabb954e55a9ccee6eedbc89b30028ce84067a5ed7f97a97d3b07718144445e05d6af1489fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
33aa09f0719e86fefd0ed8124fa4a1ff

SHA1
a859c0d73498fe4b4a4ba7f63fad1fe3b6d1c73c

SHA256
044e9d7d8070e91edaeb52574d2641c6908383e4576699ca7f5e28eada1d0c78

SHA512
6aca77960d4f4dfd411ad826dd941d0edf878b58435f9e86f3a7b9132050976fe8e1506fdf74fb105e3313e52aea5ee9d503f9e4f0fb7f3359df7da532480599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
92a833e468d2d7df090056224a1b52a9

SHA1
4b1376aaaf5f63f6893264c9d294dae4ec7a45f0

SHA256
48c40be25beeaae8aa889a5f022443bdd12ef19eba66e6a89bc6956ebc27a021

SHA512
db32ba085539aba1ed1aa9a703bb2d4f5bb303125b81b0c43070913bd30ad3b7d1edfe39c0b34c11238f26e8067deee877f6b217b15a831eed32cf224e1cd5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b2140bbcc26bdad42b631de7951602b4

SHA1
b3318a1e6e0bad7a1c9232ebf2d61d28dbe11c20

SHA256
ed7654d0360916af72dafe5374e5e2ffd519ec7db850b6ca0fbafd30aa9f1bca

SHA512
2134b7b2043e42d8424e5bd0c18600be6fb052702328759743fc5606056ad29483b1311d3dec43a52783828758cc2d92e5bf46a9c75bac7428cd1be68e8b6b7d

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 985271.crdownload

Filesize
419KB

MD5
11e40cd744c1b342988a44c3632b360d

SHA1
6377ebcf8b46eb0bef07321c4ebebb29f1b13565

SHA256
f00c12f1feff9ffc6822df557ddfdcef9202e9262169cd3073a64560159efcc6

SHA512
59ad5d806273828c7e5aca95d3fe9181128c8f92e7da561f663718002a4067e5ce061b18a3993ef7931fcb0289d1361c9000cb4175d600f138de4d6ebda05392

Download Submit