Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
03/05/2024, 15:17
Static task
static1
Behavioral task
behavioral1
Sample
10d2c41ab57ad6bcb259c2ab7fca62c0_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
10d2c41ab57ad6bcb259c2ab7fca62c0_JaffaCakes118.html
Resource
win10v2004-20240419-en
General
-
Target
10d2c41ab57ad6bcb259c2ab7fca62c0_JaffaCakes118.html
-
Size
66KB
-
MD5
10d2c41ab57ad6bcb259c2ab7fca62c0
-
SHA1
f5f13b82c34729c7a2fcd7afb1e21380ba202839
-
SHA256
dc5d295d27142b87eba8812b6536317729acb42734a37b0fdd70e65b705eb31c
-
SHA512
ae90d06a72b1e87a4181406ff2e677b1517f1a9e347fee2baf3234a0733dfe589ba182fece7d1222930f647365ac13c28a7662f6955eadb591b9039022955ad7
-
SSDEEP
1536:3ImiacglrlLRVtKK4h3fwZKHe3bQ8hPjn1bgQuMYLoTUMSR1Lk/NaYkEynpCcts:4miacglTVtKK4h3fwZhbQ8NbbynpCcts
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
flow ioc 236 sites.google.com 232 sites.google.com 235 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 4276 msedge.exe 4276 msedge.exe 2544 msedge.exe 2544 msedge.exe 5300 identity_helper.exe 5300 identity_helper.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe 2284 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe 2544 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2544 wrote to memory of 1220 2544 msedge.exe 85 PID 2544 wrote to memory of 1220 2544 msedge.exe 85 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 3392 2544 msedge.exe 86 PID 2544 wrote to memory of 4276 2544 msedge.exe 87 PID 2544 wrote to memory of 4276 2544 msedge.exe 87 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88 PID 2544 wrote to memory of 3376 2544 msedge.exe 88
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\10d2c41ab57ad6bcb259c2ab7fca62c0_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2544 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f8c46f8,0x7ffa1f8c4708,0x7ffa1f8c47182⤵PID:1220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:22⤵PID:3392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:82⤵PID:3376
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:5308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:12⤵PID:5312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:12⤵PID:5552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵PID:4848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:2876
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6044 /prefetch:12⤵PID:3460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:12⤵PID:2072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6292 /prefetch:12⤵PID:1948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6168 /prefetch:12⤵PID:3864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:12⤵PID:5524
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:4816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:12⤵PID:4992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:12⤵PID:2168
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:1684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵PID:5444
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8272 /prefetch:82⤵PID:2024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8272 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:12⤵PID:1248
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵PID:5592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵PID:4892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:12⤵PID:4288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,7205386627695803655,3897828908138026261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4220 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2284
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:932
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54e96ed67859d0bafd47d805a71041f49
SHA17806c54ae29a6c8d01dcbc78e5525ddde321b16b
SHA256bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d
SHA512432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7
-
Filesize
152B
MD51cbd0e9a14155b7f5d4f542d09a83153
SHA127a442a921921d69743a8e4b76ff0b66016c4b76
SHA256243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c
SHA51217e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
59KB
MD503f7b25d3c0dd894cd9c03c410faa1ca
SHA11c7298d3c58109630cc03f1c1360b4b59047064e
SHA256fa2e1ab6e9ab10893f003538a857ab9e792cbbd2df9b7a3a5470001f3c9b8d06
SHA512ae9d0236bde263c57c2b3cddbb925b3a124d410c9189aab42a152becc0b3c6f2d205e2afb027e6d5b7f8f4124e87efa53f58999f9701839888232df4c0b63a6c
-
Filesize
50KB
MD53e53e00b0232c8e80264d871bc48e037
SHA1d2d19bef488368a328156b18bcc6537703234327
SHA256c563d9d869a9c258dfab25962680664a2bb757d2dcbfb9960328845bddf87583
SHA512b2b66a3265cd76f1de6483bd505fd696cf66a5ab4632f6423a5ff6c00420ce4ce7100b5d0fe11ea663cd475aa217d3bcbefb72e546383caf4ab05368ac8a2cd9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize888B
MD537ef7c3aabf4a66263aca97c1879b8cf
SHA1ce3636e43b3e46529ec3ae25a0dead05ccf75c00
SHA2563b41c357cc63ab066554267cdb79ecb1569e7e5941ac8fc9a46a5dca00c53d00
SHA51217624a7c7a66e6290e4d05e63e7d85fa52d94144ea0417cd501835a99eb35e3d3eb119486c6ad549b4375855fe50a8d2b73fbda3982678961af1aeecbb4342f9
-
Filesize
4KB
MD5244c2d36dccf7fa40d479a61910780ef
SHA1b989e4deaa29d634e488f162eec7b45dcf66f4ae
SHA256fbe4d51a8406e41ade0dc46ece0d0362eda965b3a6759d4bbd808f4224f34827
SHA512ac4acef186458c851f22aac10f7c5d884a8b980fd1905ebf414256a970feb5359218b5956c04c8b5da9b901f4d728585928f925f00ef9c45a696446b11418f86
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
8KB
MD5fa6271a03336ea5ca33222c6fcdb4e8e
SHA1b12a6a5a01e11d248520f712007988c314cada15
SHA256e480f1ab57638dd3ec2a8b097158d7e1f385262eb7006fadc9f2c8f5af861fc6
SHA512dd98ce26ed85b116b5a10a87ec720f01bae97c983a8dbab1c51862f0b0b1a9be43d92a66e9b15aa89aac534f3aedb72781ad98873e55b37293e64e9efdec6b39
-
Filesize
5KB
MD5e4eff246ee5d0ff912f47a666026d22a
SHA1ab6a3019bbd9d6dca9ce1cb1cd5d5441dddbb29e
SHA256ceed01ac5273a22b1701a2c053f957182cba43b46fed9ea81399f4641011f2f3
SHA512fd7ff820e72d0cbd77cb57ce6b59c629c0567c5d15e70b1885aca71137b48d30afb5d1ea774166322ab95b4100d50b866e1cf9ee4b221c3f0a6fe3c98f00c8b6
-
Filesize
8KB
MD5f6443183b16bfec51f8fe7abebb9403a
SHA170e5c980f8e3a0fca3ab3972d5e2fb9a6a25d943
SHA256b02a5820e14b9408675c625b9db978f4dde4fef739c145146489434c156e33d9
SHA512cc6309962cd5c0de547dda257533a160605d94a143c79346c244a5d66ca6bf2fad25228ac9806c8621a0279ea51abb3739d732cd48ad081ff30bc09c2153c44b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5b1f59a0d8cb0e7c660f4a4a64df7fc42
SHA14f2eb7879db1c5f246cdd3792e4b5a7e8ff9dced
SHA2561af75a9f146ceb1983745531d51630feb5c0f2946609982ad2b4f822fd45b3d2
SHA512588c8859d4d3b3417c75f6c845e1d91645c25bd0995265b3b27c9ea6252cf199cb57c3f0065711e5e443c587a46722f7c874b63f0bd2f1b3cb7a54355050a864