hxxps://drive[.]google[.]com/file/d/1d53w4_YqtysZdoJNofzl325J9_j1mF3U/view

Analysis

max time kernel
148s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2024 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1d53w4_YqtysZdoJNofzl325J9_j1mF3U/view

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
14	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4196	msedge.exe
4196	msedge.exe
2496	msedge.exe
2496	msedge.exe
2228	identity_helper.exe
2228	identity_helper.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe
4708	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe
2496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 4896	2496	msedge.exe	85
PID 2496 wrote to memory of 4896	2496	msedge.exe	85
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 1016	2496	msedge.exe	86
PID 2496 wrote to memory of 4196	2496	msedge.exe	87
PID 2496 wrote to memory of 4196	2496	msedge.exe	87
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88
PID 2496 wrote to memory of 4492	2496	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1d53w4_YqtysZdoJNofzl325J9_j1mF3U/view
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe5c8c46f8,0x7ffe5c8c4708,0x7ffe5c8c4718
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6408 /prefetch:8
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6436 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7084 /prefetch:1
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,10284623402984642272,932349363121620501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c7917a2-78e2-4978-bf30-7e24793187d6.tmp

Filesize
9KB

MD5
11adb5397abd2749411b910e813bbe9d

SHA1
8a58d323256225fab1d4be7cdf0973b12069df4b

SHA256
31a3097b69e7d6868887650837f6cb2f8968c5c2f622efe731b4bd234b2238b9

SHA512
f0507695039eccd1c52d963448f32b50f20f15dd8c491ea50a0d0c8548a381e64e83c97ec1c845e4c1d3c8f4f65cad0ccdf99057fcc3e63eb35ae80463ce8a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
41KB

MD5
9a25111c0e90867c7b8f41c5462abfaf

SHA1
0619625d479f31cf145c2e3714de0df4a69169d1

SHA256
41bb42020f1beabc9e72913ef6a33aa264556ec829ac70fd92c9c9adfb84803d

SHA512
0fbc3c64d6f5acc2c0dab67924b0c669fefa994f449240d1f6b78dcac3538343938a4fae972726156189f05806d3aae0e333035df52605ffe28886b82f31ccdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
2342c04b86d7b1a7c1e46184c7f899f9

SHA1
a664772fc5e577954baa6670d96d5e98413d2e86

SHA256
2e0e9a8ca60691ca67df29559b4c51c2036898c6ae8780d740034ba128a4e7e1

SHA512
a70be1292752c085be4d2e98d4f994f50368b250d5a7d6ff440f218b903f3d1add399d013bcfc3dacfdcd47748923a9bf0be3932d5bbfe155028e53acd7c92f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
1ed02303fcf4d85d6b6c6f08ed1f1106

SHA1
dc506f6c4caa4da6974ad52a67052f385db3a9d7

SHA256
ab23d2d7fda1f27bb9cb5a5befa3da3f317ac016ec4609b20e56f74e963c9add

SHA512
a0a29ad892f1784a91c311e73672caed7f8fe40e69c8319a4347bc5a594363ac0c49c78af6d8469d249d75c542180d2f795dd4d52bdab89af377fc963f9d240a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
42dca254020477ebead62d84df2967ff

SHA1
632b8420e9bb6c9e28a2c9b72a416ce6074c299e

SHA256
b7b3d2c9765fa1c03a7512d22af192c673b807e2cfbac2a338d2b0ed940d844e

SHA512
6b445de2c60c3e44313875f50691229b5d0538a6517836342363bdf8a57662b2d059746f8f8427142e311b1321c0d4e479ee1c7f9e7ccd4d83ade1ed90a1b4b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
56db4eb34fa5f1d674dd9851de9c772d

SHA1
4ac9bc07a6f6e1cc1471a1fe9b7c8194c5ae3784

SHA256
9a5e63900f475999df06ab6c4740eb10fa9a3244726f0f5ddc0502d3cccece99

SHA512
afdde5902bf6e86ab42318007c420e9b1ac0799c3bc70955a9648b91158a84c88e18f192568a29a24d85178522a398655480cee76e2fb16366f4dbe73b67dc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
029fd019c5d0bfd7f4ccd08f540d8bdb

SHA1
3f51eb135d3c03bdf0b238872cb5795a51b10623

SHA256
1990c7a27f84c79dc77ce795a681e8c4cf7bf9b3fd9520884082e0fbe22b01f6

SHA512
6f78c6c1d06dbbc8c4d16f7d8e6907b40053104cbfcc3331f553d988cf9f5414fc74a2b512bc9069997b608e28d035e0a0fe3d904b5b1ad038ccdc34762df35a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c3ab5e08cae666ff57746044a1f5aa3

SHA1
4ce9ea020f46e24e49d0edce9303f4ad5b27f9b7

SHA256
f15c4c475a98142e35c1786ea17aad00f9c43728570cea46eb2d908b7ef1aa68

SHA512
a1367a72c5c8bfc34cb3638eff83523704fa4d1bf6f1d5f7f2dc2a2d9f1f1287b3a6ea3d87164d4ca82eec6cadd26abfdbfcacec25c2000ded8dbd996cef68c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ceb269c6cfa754f751bccbb15e13e366

SHA1
d3a0fe5804adf3ad9f28b3fb0e13074fda942a02

SHA256
33f7edfe0ea1298250e3f825c1fc7c0a8f2e5d34ded10d0c99b99bb809bdad98

SHA512
ffe7131700c2ebb372b62038f12d5e9dbd995b377ae8447a326e72988323cadad5baad2aa04a6ee630acd0894fdcd0f6d75ec0eb3f5c26ca2ca8749e425f0eba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cad3a7b996cad99fbcfe2deffebfc445

SHA1
aa6a1e68f203cfa7f4dc866e3d8c6bba97455310

SHA256
03c1a63f5224d40c22b6453e9dd361c09fb32ab6840913d7d3d81653d2a6ea3c

SHA512
7a230df4193dfdde885904620b79616a5154416aacea3287f3f6e08747756d3312f14bb1f5f051cac4fc3ee584bbc34a29b9191a22f7a72b61c1eb88be969c9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
777cac5898adbb7adb152757ab2a5b6e

SHA1
74d9e4688ad9ca72c634d3056d7414f04ca6c3c1

SHA256
b39c09f6a11b7a2260ac92c59d39f9e605fc416a4357a2e9e2496662cb4ecab9

SHA512
6acb592e59973e53f5595c966e3a26b6bf8e822d28e6808b8fe9835cfd42149cc83fa9f1838dd234cf98ae7f1327d61eb07e26673d0b1a4d246e1bc01b5fed27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5816fe.TMP

Filesize
1KB

MD5
60738c6ca877cd12406cd6d46a213f8a

SHA1
552d645f75e14deaa8ded9282a250cfa44beeff5

SHA256
c446b8c3be81f3dddade0f724d43dcac49e601564d7c6883d8484b00c36078fd

SHA512
f61ad8704e73e40a7537d7884a98e58bd11e0b878a96c4a0eee06dfcef99a5fbeddf5b2a7fd609397442a8f550244cf5353a8430f3430abfa0407f99366f9e1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79fe23dc44d6d61910a68b64ce88b38b

SHA1
2b9741a29947de5474578a930cfcd154e4663c88

SHA256
939c16f20934b014af23a732831688dc14d3288f47a9b9c04ccd59266d8b6cd2

SHA512
4317473c264fc0047ba6ea1a0b8952ffe29000e49396f8bd3f0d78820bcaef7cfca007c7d2e08b5e16f650180b2a975ef8ce24d2f19ca4ca3b585e8eb5be2c33

Download Submit