hxxps://drive[.]google[.]com/uc?export=download&id=1n4wZL2ix5QDYP54W-f2hRjDjtyZigSA3

Analysis

max time kernel
146s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2025 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/uc?export=download&id=1n4wZL2ix5QDYP54W-f2hRjDjtyZigSA3

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: FRRsultatjerome.karamel@outlook.frlapetiteperruche35IP181.215.176.83AppareilMozilla5.0WindowsNT10.0Win64x64AppleWebKit537.36KHTMLlikeGeckoChrome92.0.4515.131Safari537.36Edg92.0.902.67
phishing
A potential corporate email address has been identified in the URL: FRRsultatjerome.karamel@outlook.frpetiteperruche35IP181.215.176.83AppareilMozilla5.0WindowsNT10.0Win64x64AppleWebKit537.36KHTMLlikeGeckoChrome92.0.4515.131Safari537.36Edg92.0.902.67
phishing

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
9	drive.google.com
11	drive.google.com

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
64	api.ipify.org
65	api.ipify.org

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3676	msedge.exe
3676	msedge.exe
5020	msedge.exe
5020	msedge.exe
1460	msedge.exe
1460	msedge.exe
1252	identity_helper.exe
1252	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe
5020	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5020 wrote to memory of 660	5020	msedge.exe	82
PID 5020 wrote to memory of 660	5020	msedge.exe	82
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 1420	5020	msedge.exe	84
PID 5020 wrote to memory of 3676	5020	msedge.exe	85
PID 5020 wrote to memory of 3676	5020	msedge.exe	85
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86
PID 5020 wrote to memory of 3452	5020	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/uc?export=download&id=1n4wZL2ix5QDYP54W-f2hRjDjtyZigSA3
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe93e646f8,0x7ffe93e64708,0x7ffe93e64718
  2⤵
  PID:660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1928 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3840 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1824 /prefetch:1
  2⤵
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6728 /prefetch:8
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,113424642214025102,9555206308487982984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1668

C:\Windows\system32\charmap.exe
"C:\Windows\system32\charmap.exe"
1⤵
PID:5172

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\devis_no577.html
1⤵
PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x130,0x134,0x138,0xf8,0x10c,0x7ffe93e646f8,0x7ffe93e64708,0x7ffe93e64718
  2⤵
  PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
d945a34bc9518cff48861ac195bf0240

SHA1
96c37666af8eee09b47eaea43a019673d236cd76

SHA256
878052d174ae1ddb64c4274113e26fed406ce99732317fc74bb1a2f5a29aca47

SHA512
b3aa2050401ff5d338ee6dd7517fa1bd6aad7a8ac125cf041319c9ca44a392f1251188085c4d1d59e9359e3a7662c91191c5437e0ecbf06cf07b0116f7b0a83b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
943B

MD5
64f968673f1f5c6e6772990c5494cc05

SHA1
1e536c267f5bd8a672fc74528915a82603405a41

SHA256
ee5e7644055b361683d2ac34df2194b5132e3562ad577b925e075582e6748b57

SHA512
515a0e5d0359e9c4db58657c901468912fd3ed48ddd7203810c713a287cdb90597979e62896166c67e0d4287653b655aec608111586625bf47ab88f0e487965f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5bf4fa5b587cfaf1c3649d1c4c292c1

SHA1
979605ba0552fc6134355ee68d38313d378b5d6f

SHA256
b3e8a639467b20edb5b219a287009cc0f05dcf715ef9fab81c79dde449a61cdd

SHA512
6580c709a3dda93cd46f98c43c9c94dc439593baba4391803e2b06b1d515f3aba31bfdd83c8c801e0c257ad7ad31484b34b382cf8684a4dae545aa64555f7b02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94cd84d4954eae4229475975720300b0

SHA1
6cbf61a5ec4c727b55e1ef0e2100487df659d03d

SHA256
15e5d60a4508170daa77b26343bb49e4b16fb73073f9f65b6ef658bf908617b9

SHA512
dc3940332344d15979ee40a9c670892be97785ad12c7a62e0152130d18345d771bbc0ffb42a7146066627807cac9d1bd7c6ab838c2721823821e4619dd31c58f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
27a0347c7dd6e6315f339c6229fd400e

SHA1
dba5d7f302d4e32f339fc37c372da3d1619b6016

SHA256
99f357777adf991a1bf634622d5dbe3f114befc11c2d19d305c5252fffdf3d6a

SHA512
4aa699857d869a718da4e78c670871c558c7873270e17f2c334b2503d1ce4c0671301e849941d369142d3c89fcd82d99170f00a93a706e9962071e582c097e0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f1bf676005802c90619a25b9f46af08

SHA1
ff8e003fb8ff64b5417cb4d2b16c067f124fb1d4

SHA256
abc2e23464a5a04af45232f705dadc1073f0c9f3ca6a42111c75305f780e095b

SHA512
a48afe8efacf7d3016300bc4cb656183ecd968be99da1d999c474a6605d615f85f0ea3f115e7668ef8e9c80ff067cb207f72057b69c95e1525f11ba78c02da1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d531ef2c9d84a0ddf3bb78184a05a597

SHA1
ed303c68163162966a69f7da7d97917ca8c91ddd

SHA256
fffd57e0036a1a323f37a01c2dcaedc03415ae6aa8a3a0e838ae3d9614ace6b3

SHA512
fe2eddbb0b457a97244afafcc21065b3f100751d59c4019d1eed8f41aee942fd0be4cb2409cc45e7e769bcae7ddddfe231af6e34344ac61ef2e22c4dccd649f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ac65e7954a2693e4bf3df8c5acdf6ac4

SHA1
f35cf107c8f1d11159042922123099fcdfacea20

SHA256
733c9d128599ce35a318056d3f7fa619e09487371925569b6a55d9391049bedb

SHA512
5e005664188d7c9be1866e5b22166d8b5fcd1926da3e1b998a3eb790f9eba6d92e5008ee62e7ca0c2af1b5ab0aab43db789616f65a40de95713cb35ded2ebc2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
2948c09385b1108947691484cc8a2e17

SHA1
7feb714df45f256615e0c65f5a72a3821d987974

SHA256
574034e2df9e4df0aad9d7e8922da2793c75dce75f9c32db018cc30b85d11b70

SHA512
532e68c955ea5965970c6694643226b78004f81759f4be9427ffd9a933a824dde49c689d1e14c7aa8090caa6de4c99f83fd0d64ee1c292d9483620d068f2a230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f3ff3f08411de332ade5573a5fdbfea5

SHA1
4579bc8e0fbc26b1afab58683b5841dacd8c6916

SHA256
6c8794056449661d700d05a73a42d47ec56e1e3c5828f69f52712700d638615a

SHA512
9fff0861437f9d5a971bd09a620068397c6e9e1d13f48eb08edec4817c91b2478e9d93659a1d60cb198f5747d04b5c68d5350245a6ac4dcf85e65d5bcbe9de8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
81950ea2667f8f308cf3000c39c66b54

SHA1
25766c3e1635c72c87055c177fc0f5ad1b815109

SHA256
3ad6916066a064b4e9401d49bc2d53b0949ddc2a2ea3f7714f22d1747de9d012

SHA512
3deac0cc0dcf93b6c23a0a9faaac64acd191007d9806eaebce8319e43940ec04ccb2bf11d70a841dc273e62886df134c71b3901800a8792fb323a79ded8d7a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
69af15d6e9574f579b2f604a1b199983

SHA1
7daf6edf20f6a7717035ab7819e4b52e30225847

SHA256
14b1767319aa2af34d0acad4ea8bc1509da2fb00baa4499100edc680b60c4ae7

SHA512
7547fcc5479ef7923ecb94122af3718d8b37139b0d07ce5e942746bb999c341fe55db6be678ae6a72929561699471096ee1f49ec9c8124f94fb78a1745518d41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e242.TMP

Filesize
371B

MD5
a69c454921ea9d4e4217d28ada89a847

SHA1
682c1748a038af241acc91a3dc6a3bc8821b4389

SHA256
1a4fbb5faadc83172b9d782d0279f5b3a1962bcd91358e13edf6876ccc6d84ab

SHA512
d0a6f6dfc5338df2fc063277b8fcf2430878b7ea572669e75580904d4d4abbc27e92ea3439b84291437a4c98d4a210d33b3c65500b654bf530e82a7181b154e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
17c35dfb9b78d944985455e82cba5e49

SHA1
8fef587e4dc80d002e8abb4e2b3d2bd0c3c15671

SHA256
c78e857395754da5b85ba072519c05f296fb33fd29a5739ee689e311288c4547

SHA512
cf3426a0fb0ced93eab516c0c59e766dc38902f5b31cc5f7249cee289e7ca8abddc2faccf75b90216274d7e31b4f29c7bc9f889ec23789930fa7520286475049

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\devis_no577.html

Filesize
3KB

MD5
79369facaf10426a2d5f1921d0c03259

SHA1
083a0a15056f81f76864230ab9f6ae61733a9c2d

SHA256
3615ba114c4d3b505569cbbbfe65b06ac03dba930a14252ab1eb5aef714a602d

SHA512
39459b87d648407d4db9f5417398c694d1aa6c4acb58dc3f80f4fbe8dbe95c2b1dda695a5a5b50136721f7ab6db2569d30fb60e8a1fac8c773acd8caa4f1a8ae

Download Submit