hxxps://drive[.]google[.]com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2024 15:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
3	drive.google.com
7	drive.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5080	msedge.exe
5080	msedge.exe
3424	msedge.exe
3424	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe
6060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe
3424	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 312	3424	msedge.exe	85
PID 3424 wrote to memory of 312	3424	msedge.exe	85
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 4720	3424	msedge.exe	86
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 5080	3424	msedge.exe	87
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88
PID 3424 wrote to memory of 4588	3424	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1WjlX37XrzWBBcM-njGVLp4gtq4LbNybQ?usp=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa989a46f8,0x7ffa989a4708,0x7ffa989a4718
  2⤵
  PID:312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6644 /prefetch:8
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9762978667102617434,17754442372244440902,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5776 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2c6f687d-ff25-45e9-96cb-aa288d66d12c.tmp

Filesize
9KB

MD5
a03c669b3b407b6d0fe02256c560b531

SHA1
0ae85146b6689d0065c27f1f559949bf6e726d95

SHA256
1748e121c53fdb2ce14599df1ce0ad99c838c23f2981e58615504cfa19b3fb66

SHA512
77ae8f7d2113524de9074d6a778cc358a60799cb56703911dc8ae5b4121c1011d2c51f7995c8d88803083a1e471657c2097a9027fd92db5ad2456082dc07612b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7b84187f4d3fd06e9aa0bc9f1b5994f0

SHA1
1c8500ec75829286dc1b7e17f5aa841aac582939

SHA256
93b26fee48204e8e41b8b9f3ba728c96e8d97f66dd4f4f9adf0eb13e34ef7ea0

SHA512
e63c6f79d474dac6e3f685d4a5efd165af697c8b0231f7aa188f41b0c7f21538910949684b46f110263171e2e627719a7de1d492f6808a83957a403cf36bca72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc27d734f47603b9a65c559506a26936

SHA1
00471e9cfd1be4cdf4b6c8d774df80db14d814ce

SHA256
56e867345930be4d9aa2e93d5ef02cbbc081c710879eef651e43115a50c53c36

SHA512
4f1c0fad256940e010e5d2f134b126dfebc85fca4096632e3316279a626ae679476c713e4dcaa00f4b636b2833063ca86ef119680abd17548ce7e52881e50f93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
0b4eaa307e3e072e5be9d3b005f9813e

SHA1
619e2094791b3c4117f0b330bb4150ad9cf21729

SHA256
e3ed276b6fa04033ccd767782b9ff18c4abc60b9bb25996776a8d3b85061cc6a

SHA512
308f4daea7d95358b76fddc1c0beeb227f530ca146ce08e4ba81146bae214a3b8e6c18e506d152cf1123c4e822d6a31b00de0148e2cd907534c44aa8f908e939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
299c0950889e91dc49c03b9f3921bd4f

SHA1
6c003cd3c83320ba59e17c2b91b525b2e3278a8a

SHA256
2d655128520390206d626031a8f6d16fe6fa2b23977c85cc6bb8de15bb8ac38a

SHA512
6f76a35fb17e53458018eadc6b15c8af6d054052e8c89215875bedba5398353a5b83defb4ab4865e208536b2322190d075aa3e02aacde1c63166cb62ff18583f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
37cf06df21b90ddd04f950f815d52d78

SHA1
708248ee2a15f8664f85e65430c2f37f461ea23f

SHA256
ec7579c8686c6b870145195407bb74a918967b7997da987067a60022b7fe9c47

SHA512
da8610838619d28bba178beaa1349d7815fb435d163d98935e4df76f11fd3580e8129542ee1bd436477ff7a650a47c3741561598e82f6fd1c11f6321906c8a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
05342db6d630fabda4739274209005c1

SHA1
0a3e0ba448702b1e502951c43bf947d9511bad36

SHA256
978039170ca713ba599191e6fd362791d6f6a57a54cd8366f35dc6ca0e25b3b7

SHA512
cfbe93d130ec2ab12e3271c022a42eb7f1565c1c46b58f4a25bf313ec154b3f9f8c61bfa9f7fb89c017b4565d341e793b82185c29ca00d4e27b453c6ac756d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9d263eece400ef1297d7ed402ba5e63

SHA1
d6d6821a0d3831a10345a796c75d5f1296f4dbe2

SHA256
e144fb610883f796f7316b0520c2ce9007c02e09216a1832e039d1868fb8eb16

SHA512
9f1a0ccce80522e14b02c76047a3c3fc8ab238342619f6f2728888c62f25de40cc8881d5f7f223186223bd8fb66895f1ad863b12cbc0036d1357cd8aeddd47cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
06387384cde15c96828edc41e67238f0

SHA1
35230150770fef41fddd96476eb0557c6e38f728

SHA256
c04fca4a8064032af3ff00cf58b4ed5e8ae35865b7c06af37c1eb51036595314

SHA512
0b2543d6de0dabfe29fe2a95d2f287c601a0c656b5c61b5dfcc9062a1771accd984a68ed776e5393bb0fb9c04193031128a4c1dc8449795a0cae82f7ddae2a57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
79180488ffc56e02f40c7e33a63a43d3

SHA1
e7d2232a0d074a71e059d39e9c20eb73a9223f9a

SHA256
2078e709e03e436b182c893af90563a6b01503ab4e6e065576b4f01b1af945d3

SHA512
d68fd7b26267e9d5c6a00ca5f1bd2222bce5397ebeb4850bc34d475f9f83ded78dcc0b32139f775d1cc809e08fd5b22704f4bc606f7f9d1b55c9c34c862dcc98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1eb6e6357100363949126ae21ee54cf5

SHA1
ee22b589573e1db23e9a9a4c17c4d0d9814da1d6

SHA256
a9709a03e0ba5e97ae130f6d60707d3b61d23448cec91bb1e8c6916be06ec38f

SHA512
c92fad925367cdcd71b8a02e98af5f8774c137cda1d0c8765ef212d8704464de21b0c4549ce2c2174f824ea9199bc11e4e9d39b70b4d75a686abb6945af5be3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
97B

MD5
b9f8d68c08baff14ef9282f7adbfbd5a

SHA1
b21a1267c6f049fa4d663710cc0c40ef53d53c46

SHA256
92ae4e016b528a96a0c56aef0ff4393ac3daa7fe1475fc3656adc332259fb5dc

SHA512
66f22c6328c703dbf1e6cc864da816710d854414608d22bd7e6d6b1328fd01316666e23ee7b9eb6f0d8699031fb6c9daa730c48d20f65a3b5605f2e8cc4b0003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\0f4c87f58e3554965c14e5072f508889705a6c84\index.txt

Filesize
33B

MD5
b0195b619cd45d0f8af48fc59c3d7716

SHA1
d153ae8be73da841309a68f26d26642d05ac20cc

SHA256
37bb3e6cd75d830156a6934fa1d1516121b37b4a220705fe32adece7b7ed927e

SHA512
6d917a97131baa380386bcf2c83dffb97f832e85f9510db3df4f7cdcc35396da58e5e098fbcf3fa7867b7909c09158d091ac0432919ca685ca5c7966b88a23c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d5124814694d7e910f7c268eaea1845

SHA1
e5aedbec6386e5374e062b30f76732d793fd932e

SHA256
cbbcb10fee56cb28b300d6b0c222548880098658baad089b6367a6f0e7af629e

SHA512
74ab5c96ba19513b25886e25da6e3bf4c8b2cb946c2fb58f4f12ee703095cf7303471ded5f84a0c0f3067753c776ef88297ccc140455d02167fd3a9c353eaeea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58a2d3.TMP

Filesize
48B

MD5
39349b4afc5f6de8af3a0f84dac8d0df

SHA1
1b4101399c8eda3dbe77f5fd0972c10ccb371087

SHA256
9d0ca090088305f2c2dea3cb60f05b96a0f60d2dd2abcac79bff4a5c39107f97

SHA512
07e452cd887dd82823da8c7c7bcbe06e05f52f7662a827ceaa4fde4a184eb91582d02a8d0727917d92e233429f7bd7b5bca064efe63c8db45364856588cf94bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
dd56ce63e282c5a29a4e887bbce39994

SHA1
0339a110729c6d32e3e54fa908d1bacc6a2aed1d

SHA256
f89ba35bb76229685569b50c5ab567df8d685616b749dbf5d720a71606e9dfd0

SHA512
1112cbc48b2ced644601f44b1042825ed28f938a24a254d90593edfa6df9f59fe13b95408d2ea19e00d7d8ebfc2318cf1b7c5d19e0664e3773a8b137dc217195

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
17e76ec12170cb4d50a27304e335231e

SHA1
ac150fcdd38d5c5ebd2a79dbb2f1aaab664f7c27

SHA256
f0d9e5e5e932f6638ce1e9490fa96f292ee48dabfbda1e123e5621a40c21bc96

SHA512
08e73c436e7b7851784203d1be75bd62d8f39492d35c1b410e14c654baa34d90851c6f23c8a86b39343e8fc0363a87c9f740ff20a0840e206f67e7615de35a9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
93c57dc955f22fc5c32db43a178f8fb0

SHA1
0bdfd13d1d08d3369ea16fe7637a2655092b2d10

SHA256
477e17a690bb8ac9f698c863a7ec5272b6a7fa753a8bb00da22a5dc66dc9fd5d

SHA512
c7607af2efd0d372283e05ea17cfc217692ef94f29f0ff0cfc198962e1810c7b1d1bd710eca22eab790fdcd7003a82bc5cfcc40b96e1087b9beba0e08f650008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6afd28eb90272253a7f0152b64101505

SHA1
3fa731d7b32d9b085be33abb10249814a7f60389

SHA256
121b34f5b5084c3b272b5c2acc382c4800c29d7926dff3cbd6e953181b7b260e

SHA512
786b4c93cfd75a773bf379c0be63a80baeb38ae60243d71b5c54a0f046194e8e24d4a412f4961bbd3b5bd55d1bfb3b79864aae15bc6a55b637e693b39eec3a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fcfd.TMP

Filesize
1KB

MD5
05d257c13acdadc5fb05fb4c9a6a6b1e

SHA1
91104494d3cba29d988bca002d2baded5f8381de

SHA256
7d922e14f2b45e5d9e081fd5e0e120e58de3cc8807567912937627ccf4a967e5

SHA512
02cb39004c1cffa3d51976982a87f27fb598256dcea94a7fb0b15927b128458c9f4b62187618c6479a513a3ba6e47be3d19d7022ec160affcaaa11344d16f2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
34bedc4cf252ac1211c47de0c93fdfe7

SHA1
6ee83d50efaf5ec985e8e308993423db0412d876

SHA256
d0059feea1f5d19f2c2896d9db8e5e66a949f4cca2585cf1b5608f786e49520f

SHA512
9ddb5ff2016a624a06d977f570c90f03cc2a54cc1e87dadff393b7e9ee7e1c7d3f17fb6220298e018c375f89c2ce455ede9be75723c1ffb66cd013808e64c9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c40d74bc0a5d754410fd480393471bd3

SHA1
2eb850a504cc29785e16d73f352081a62373f3ab

SHA256
87b092d1194b101610088a99346cdb0bb266f708fd6fdc43b9bb98859bab9667

SHA512
26cff5493cee8ba11dde2a79e83baad33d0e02749e94a3bb4d690589d68ec07459efd5d41442e259ca3b6acaf238cfbd95f7de5ed0419b08e5abd88cec73bb8a

Download Submit