hxxps://drive[.]google[.]com/file/d/1ldv1i3zSFXXG3-60l3SI5AsDxT7FIH_L/view?usp=drive_link

Resubmissions

06-01-2025 12:30

250106-ppkf5awnhz 6

06-01-2025 12:27

250106-pmywqsymgl 6

Analysis

max time kernel
149s
max time network
149s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
06-01-2025 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1ldv1i3zSFXXG3-60l3SI5AsDxT7FIH_L/view?usp=drive_link

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
9	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\73225bd0-d6fa-46d5-92c0-286b07353e86.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250106122738.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3226857575-536881564-1522996248-1000\{4785E718-8FDD-4B90-B837-04C76CD1BCEC}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2864	msedge.exe
2864	msedge.exe
3184	msedge.exe
3184	msedge.exe
4680	identity_helper.exe
4680	identity_helper.exe
3856	msedge.exe
3856	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe
2088	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of SendNotifyMessage 28 IoCs

pid	Process
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe
3184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4256	3184	msedge.exe	81
PID 3184 wrote to memory of 4256	3184	msedge.exe	81
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 632	3184	msedge.exe	82
PID 3184 wrote to memory of 2864	3184	msedge.exe	83
PID 3184 wrote to memory of 2864	3184	msedge.exe	83
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84
PID 3184 wrote to memory of 3724	3184	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1ldv1i3zSFXXG3-60l3SI5AsDxT7FIH_L/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x100,0x7fffd24346f8,0x7fffd2434708,0x7fffd2434718
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:4560
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x144,0x254,0x7ff7f7855460,0x7ff7f7855470,0x7ff7f7855480
    3⤵
    PID:332
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5972 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6188 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3024 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2604 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4828 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,9334537969782319652,6021349328201612352,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3476 /prefetch:8
  2⤵
  PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b19b7ecb6ee133c2ff01f7888eae612

SHA1
a592cab7e180cc5c9ac7f4098a3c8c35b89f8253

SHA256
972bc0df18e9a9438dbc5763e29916a24b7e4f15415641230c900b6281515e78

SHA512
16301409fee3a129612cfe7bdb96b010d3da39124aa88b2d111f18d5ae5d4fc8c3c663809148dd07c7f3cd37bb78bd71e25be1584bd2d0bacf529fa7f3461fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
23fa82e121d8f73e1416906076e9a963

SHA1
b4666301311a7ccaabbad363cd1dec06f8541da4

SHA256
5fd39927e65645635ebd716dd0aef59e64aacd4b9a6c896328b5b23b6c75159e

SHA512
64920d7d818031469edff5619c00a06e5a2320bc08b3a8a6cd288c75d2a470f8c188c694046d149fa622cbb40b1f8bf572ac3d6dfc59b62a4638341ccb467dcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
62KB

MD5
c813a1b87f1651d642cdcad5fca7a7d8

SHA1
0e6628997674a7dfbeb321b59a6e829d0c2f4478

SHA256
df670e09f278fea1d0684afdcd0392a83d7041585ba5996f7b527974d7d98ec3

SHA512
af0d024ba1faafbd6f950c67977ed126827180a47cea9758ee51a95d13436f753eb5a7aa12a9090048a70328f6e779634c612aebde89b06740ffd770751e1c5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
1bd4ae71ef8e69ad4b5ffd8dc7d2dcb5

SHA1
6dd8803e59949c985d6a9df2f26c833041a5178c

SHA256
af18b3681e8e2a1e8dc34c2aa60530dc8d8a9258c4d562cbe20c898d5de98725

SHA512
b3ff083b669aca75549396250e05344ba2f1c021468589f2bd6f1b977b7f11df00f958bbbd22f07708b5d30d0260f39d8de57e75382b3ab8e78a2c41ef428863

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
a403ee557e29c861bab6f203f929912e

SHA1
ff153e0164cb3173681cc1bf24a13aef83ec1131

SHA256
188212d15038b6ef042ca5b336221c0b30b8f37aa1a93e8a7f94cac967860587

SHA512
809e75cd0194b3827da0bb535228fb6ee004721bba82b44c320308968d19b3cde74cb0d1c7737d7e4c4e116c5f4459973c8e46a82b42096275bce832ff2ccbf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
45712f4759e295b3f12f47222e020011

SHA1
8d5ba7dd8b7a7f90054afcbd476343c2c6926586

SHA256
b0e4418cf285ec42927b132b6bc070127090114d13fafb222113e47fd6e91bea

SHA512
4b666b5cd433d8df52c128a7a6fef716b72d35457807c7058068205af6c815a4a024a748effe730202a34e281339de8905df90a694e4986eede32dac5a8345f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2a13975330b34f66608bfb468b942fd0

SHA1
6a6e5781a99eef99f8a8d33042cacad949d14689

SHA256
b6757abd7a31667c36dbac943a536f817e739b90f63ad4b95f990f47e23559ee

SHA512
b54b4c2eb831cbb4ddf21030bec8ff7f412c272950f7f71b9e1f139a333a90124b191631ce1f6c41dc6bb838e28b4fda53ec7074139343268ddee1016cf8d00f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
273437bacc8ebc8758b28afe3698aadb

SHA1
1a45d59e2fe258e8ff9f40cabcc04b7e54632c9c

SHA256
cac9ccad6fe7ba93143ee0561327fd263b00ac617e7cddc84a61eb4b65fff2c9

SHA512
6e45f90ab3bac6727d212b1a132bf28c5924ec9febb4806f2fc73920c2f18c9527f305225b3aa4634bc869076932c182b5fe4d487f2308a553d617322356dad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
08d627d0fe6e6f5b90eb953cc5931d6a

SHA1
a666a9727baf214fadd5af4f4fbdfda79ed7486f

SHA256
1ae8c2009a837e289ad3e1d2fc2698434d424328cbe975ee074f0d7f3a6ab9d0

SHA512
5f774998ccc5d3eb28f79a0dc158cf4dd3b57366d502cd3349d86669e3c0fbc274e1d937ec4dcfeb7aa3d2bad79308d5cc27eed3a9ad8777892f7fcd7554e5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
69d0b2ba0d9f93ac9ea63f2298d97b27

SHA1
f65894fb2cbb2b9668dcd11b403ee2272865ec7e

SHA256
7ea37f494cd79d98f7907b07ad8eef556b211be15064c3e383ce0ee5afc6ef68

SHA512
680ceae64c0bef85d1af28b85312d1f6131a8730894e3c32d9d11ced06e6e80db0e47e72e4b2d5b0ca85fd42703827909ab26a8ecc0403ae554d79d88263ec54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4b42f0dddf12e9761f3a2d233b3fbe8a

SHA1
183a37b09b5930ab18358393255306672cac7c4c

SHA256
cf38d147968cc28214ce027a612c046a2abf68a086f9bf8a9a4eec4a5a20c352

SHA512
d2fad6d884f6275baaac503594deff4af2327cbdef708fe83aee45b0711965cb7503029070694821af0fca84b7a150dee84247c9d6e58200a9ac052b93665cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588df3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dc95cae8553830ad10d67c5cf144e53a

SHA1
2a63319cf6c0a1ef7e9a7347dba2263e471451f5

SHA256
7084911771bbc28389cfb77432fb1f622e6e239a427c0543dd525ead4659546d

SHA512
71420849bf04c994db9f7431f9b1ba1afacffc553f2d8458678628f182720eb7b40623155d195260e25b7b7d4fa2ebe0e2a8abe57224d187868aea77d804a16a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e648afb2a31c2b15a4568ac87932204a

SHA1
c8acd6154716eddce4fdb26d7e08c8c40fcfd24b

SHA256
4b97a78bf6bb728770b8b079c6c1721a6a807ae67e1a0ee0a359588fa6ba2223

SHA512
c61f56a7b6c5b96d0a7610289be303801dd8e607b1f2ca7969282fe5776c842f5b03da12516d59b11ed525648b7dbc4660087f6aa76c7e66db00855766606ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
56854a594a3a47cafe510eaac162394c

SHA1
d61053c371b8c29b363da9778bb29016ce9e4df8

SHA256
9f1bcd6c3a7e2a39520a37ba700f08004a2b7af7798099e3a384da3235ada0e0

SHA512
9b3fc82f4f6235daceb4e4248ff315ed5ed4a530bc879a13a3284fc792c8c27d8b94f49cfbb390b61f0c13a38bb25518f85578ca154fa4b060df910c9a19c7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39036079b3516b502f81a195ffa9f204

SHA1
6a0240b7305aec3c8980e7f49046b0847fba4fc0

SHA256
edbc9cc46cb90776ac9567227ead822fc70f29116a4f762f5698bfb999549e3b

SHA512
712796cf05ac037c6d7864bfe717c95b6c46fb7fecdb36d918d934f1b2b3a6bf17a63f2e41c14cf24294d6ec73cabd9cee50f353583d73df063cb67da78aef38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2826ef6b46f24c9ed9d979f3299e341f

SHA1
f8d2699f6a31307ec2bde7241fb649af0aa79662

SHA256
778882ef1a08a57ea5d0d9f6475372edff9d737c7b153b240e93de4bc3b002f3

SHA512
e683b3628e5f223a013e9f86f8d9aee81bad2e30b3923e17e5ffc7780df6bcbcf0831fa0a1a896fb9bc2867f65a9241862f60879bb4b7aceef6467baa7c5c9cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7a263fb979965a447b8c12aaf835e800

SHA1
7e5b27d1521465aa6cb4ed3f159f926da2a504ea

SHA256
2ea6e3c484d94a1fce24d39ed895f6a849196cc7aa6cfda883a6b1a04b195e45

SHA512
cd8e5499e750e7211d986c980660274dc6ea859ace9bb41b4168429c33ab2488b21594a9f89c747107d76d896e41e7259498e6104ef8c20761eeb657d58b8771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7a37c6adbb2733cd366a3e6b47e2a3b6

SHA1
7dc2d920d1302c9a32625936342794ed25c40103

SHA256
41a9487a481691a14ba56f4ce3fbe4750f53584cafd278efb75a3fe78269191b

SHA512
013cdc1b3a769b907d4f2770b5cb83ecfee572e0ba35d37656767d3a52e53cd638d832c8da16678d688464e40c1445ea42c584889c22cfdce0108d05d99d6770

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8cd513127214e252edf0454f329bc002

SHA1
6f47fac6be8e7331e54203a7865e86b32cddf16b

SHA256
3df220380a8bf881117c17102a5c70ae7deea18ec92e7c478df2ee904d882108

SHA512
0b6d2f2e12bb8b15175875b7118778e57475934dee0476bc3ec989c5408d1ff5cf1c2d5dce4bd980a3ef9bfee232f974fa90050171826f3f0847f9682ae7e4c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
371edf34cc4edfe5fc16d906571e1a49

SHA1
2b0f160569aff513f7ac25a16adf02758cca07fc

SHA256
ee07b7e150c132312f076f2fe4c58445fcf86aea9eda0468b6ee040b5f690d35

SHA512
9598bca019b2acf65bc0511062e8edf53e00b3801d7a9b49f9c6b7209bcf7ff782ec215716955d5f378f952d77435bccf210384909f28bffa83fa9ac8589cdb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c9dd0cd1ce470fb6e58a6d11626863e4

SHA1
797390ae42bd1197a238c82a8560b2faba008d0a

SHA256
a6dc4e4f85a79edb58b0ac73b5e3a6bdb9bce373c92bfb90fa08020b586ba6b8

SHA512
f37b71aa876a6214e0ac2bd0cbcf2538f4abb8ba9c044360c9882665f980302df2ac2f4ef4a1ddf0891fbb71a588426d8fe562b70908f27ab9c534affebf132b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
a027f0720316a410a6906c497cac6a80

SHA1
c6dd473e53d398afb831fa3d25015a254cb7eb5b

SHA256
02238920938b04c25c15579320dccb2af8d82976c5907704acbba84a0301b06f

SHA512
530dcb68c26a8a965ed15bfb9a972155e83e750bacf0118d97704c9e74500d49083f3b3c6872e208b9cb4e3d70b902254ab90872b0715ddc2f0572f4dbcd5895

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
4ed8f7191423577199c789991b88c236

SHA1
5442e386a48077721aeb05be77dc3dc364b21494

SHA256
da1aba9c5646c0762cb7822371c37cbd18107bf0f818bf2d219856531e39784a

SHA512
e47718518d7feaf61febaeb1809a3cb4cd25ecda5f44b668a883d7104890c4f005e98870bd2919c9cf3eab78db7f308d7a7834f5812fd0d8727f9165fb1e2558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
dcf76c6f19d6909d2ba58efa95470a0b

SHA1
431e1e5ebd414429090ee4ca5f8cb94727a74f61

SHA256
6b1224ca079cfb39013a9da486f4dc65ce3bad0b5495f03ea1f61d6616918ddf

SHA512
3c37bdcef74ef8ee5f24cf8b383d569dcc327b98074682b16c5a5ac79d4ff3c3365f4d1b5bf13837c54911dd0b239a0ac2ee99df44dbe847e8366b9800f7947c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
d967019dd18686d7d07640deffdcc06f

SHA1
21b6721b4a093da26ac0d9ffb941cb5d5f33525d

SHA256
637857d316f5ae24c0466353179d884bb6663d5b9056ba2ffff5f294200c2ed2

SHA512
153208eb43e3207f833795e2f12ef3fc38003aa4659673c90adf35b2d1c1d47d50969c0c3944f095ee0c5c9d7ae31765365becf223ef9803649dfe506474e6b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582556.TMP

Filesize
203B

MD5
d61682bba17c3204e381e11ea6146a1b

SHA1
9e618a17499cb50e6419238a2200912f170c7fd9

SHA256
c6679cb66f2b2629b22aa5ed268d06df6525072c5b11e386265aff6d5e00e466

SHA512
8d87cbd1ab5c4e100380bd83d113c313053d63c2ac4d7af69caa253341e9ab3581fd20235dcb96caa23a9060d97813afc59631c739d8b19670ab4b4ef379ce93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
da4f8ca7a8b87add57197633b86017ca

SHA1
879abd0aaecdb499f51a6a32446d396963cc5429

SHA256
48d6550489a8ff0f88f5c98b2539e3aa97e75e2b4b27598d0d6f914909b512cb

SHA512
b33767f8960b019d59ba921ced1d10d5e66beefc6938d01eff8f16dd3e29a5a358c0c1ba50ec0a5f288a82c41d9d5e290e971cfc2daa3a89b7c5839b4f880db8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9301b11348ff668e9e5a9568aa615eac

SHA1
9e74b89f79f167f08e91df5c84237b9ec0c4603a

SHA256
c374b7c3ae063eca7097bec9935b0f34d9463643fca1471003c0f7b9e5ae6a67

SHA512
054d64761e7a724ed8d6dccd495e3fd030a9814c8d2bae894ec265fd63ca5423dc63525747e129a45ac612bffd3b3377c1f57f516b36e1081e525a490d727046

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
90d22cc03bec71931be29f28f4377962

SHA1
b20b7f466de0d8f69135ed8921bd531b699c7154

SHA256
995486b5521f955c179b9402ae7c37d506b01d4fe0ff3d669fc6bbf349acfb2f

SHA512
7cf4a2cb680a2a3eb7ae952841b5ee5d881b2adc7891e65e7775f72b573c594dec3e61f941a139c351aa24cbd41282be30d41fca572f074f207839d17d3e382a

Download Submit