8f31676e8bd318d0837d76d661e46061c9f962c2157865fb621b22a7c761d6cc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fc8d63c40169185c43689e778a4e793_JaffaCakes118.html
Size

78KB
MD5

1fc8d63c40169185c43689e778a4e793
SHA1

3fa1fd7f40983c4439e9d16ec3319da9d216e46d
SHA256

8f31676e8bd318d0837d76d661e46061c9f962c2157865fb621b22a7c761d6cc
SHA512

6b75c257cdf76fe4ece77376699d4c906426ad738d46ba5f5e7a59e9861d76d03d25ab7ac859032bd979a1dd16c9436124ce8dc69d88073cca2171b7f3de8004
SSDEEP

1536:jwgr8VkeO3deLC7Ty5wN4IrTY24ic4v02aS6cgRrR6hA7:DeO3vy5wN4IrF4ic4v0DL6hA7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3656	msedge.exe
3656	msedge.exe
1628	msedge.exe
1628	msedge.exe
4528	identity_helper.exe
4528	identity_helper.exe
5372	msedge.exe
5372	msedge.exe
5372	msedge.exe
5372	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 3836	1628	msedge.exe	83
PID 1628 wrote to memory of 3836	1628	msedge.exe	83
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 1504	1628	msedge.exe	84
PID 1628 wrote to memory of 3656	1628	msedge.exe	85
PID 1628 wrote to memory of 3656	1628	msedge.exe	85
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86
PID 1628 wrote to memory of 1192	1628	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1fc8d63c40169185c43689e778a4e793_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb8a9846f8,0x7ffb8a984708,0x7ffb8a984718
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6404 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2160 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14591129393820419223,6363286785770311328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
44KB

MD5
b1a749ccf0d4d2a3dad2497302d09cd6

SHA1
863acc562014daa38ccdf2cb5c86c1ca46d8d53b

SHA256
529ecb87418b35aa9c74b5cc4c655e7b1bde07826a27c81fe272441532abc165

SHA512
c0d72990a55e61d6c4fed6b7e17f174b640cfbbdb980e83775b19095219d99c9af31e0ce6b68e5f0744dad5bb882f13da0cd35f403d8d62812d8d9e93f9f91ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
34KB

MD5
ce56f347e642788b0bb63cb1a5246116

SHA1
df556d20a18bbd63a86c7aea1979b6ac597df25a

SHA256
b55f429e38dea85f372243e340d0183a2dfd071e744970125bb53c4cb7b51b93

SHA512
1ffc229e4d4f969d964a998c42e59b25251bf6aab7e49f5af388b36c2ae5fb4a4b54033d75c41db20c0f74ee3b687d5d0a576ccd7de21049cb34d08876fe4b90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
33KB

MD5
325994b054fb56bbc44cff13f395ee19

SHA1
fdbbc190de6a5e30713b544166fc5500215deb4a

SHA256
088d69051572de54ae76189a3bcadea4937b714a60af686ce4e344cb8b754d85

SHA512
b117067152177e634d6ffd29aaf05ed281ac4d24199d72dd1bbf8d678f9c77fe4f299abbc62f2dfc43bdfc17ecb93e48e252bfd0fcecbf6c0964d4eddcd499cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
125KB

MD5
61db2de821f492ba17ef47a1851f91e4

SHA1
0418e5fe7bac56001e63671521641f06cf8c558a

SHA256
d6fafd2dd9922514ca3fd23a5078eb2fe3ecafdc11c2500580afbb2c22fd51f0

SHA512
4ab82487d6cc63754d15482a1394470caceef932d99523fe5fa88f69dc80286f375938797ec75e459a0847e43d6cd5053a13364b0131a231626c60718ab7031c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
19KB

MD5
ca70ca03389289a6bbf9217cf8c6b9d7

SHA1
5a19879b96e3cfca4aef71fdc2a3ce8afe8b2981

SHA256
61f5a40228726f252306a46be980e5a91fab1db71f22494e58c89cd074258b84

SHA512
58b66b2e769d21de0ad5dcfa4fa1e2c8f52c8cb5ca77e0d192ab7828da4ce02abf61bf6af87e8ea41cbe18a095c1e67f0d27f80b0bcdc594ee41fa3d39748d94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
384B

MD5
c2649e285e7d0e9b6865831146509753

SHA1
04cbe23a58afb0124891048af04f5a7da7b8a6af

SHA256
45002bdfc6e1fe544e747424d9bc3de2fc786dbe53ec049fb039b7e5755550ed

SHA512
48e2b9f53e83918466bfb61f679e2ea926d21fcecd28b30915e120730b9af69b921288a06ddefb8c9784da9409fc32bcc429f6f3aaa366bfd7a709ccf17047ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
eeccb9ed97785e65e23df5e443f047be

SHA1
6ca5b6fa6040e2ea5246595306e3682cd18336bc

SHA256
3f17361f63214aba9d0c02fd8d5b95e032f98c95584211d80d12743ba5e57b0a

SHA512
66704dc27974bc8616415f777bd8508d9c53f37c559b8dca123250b3ee0bbcb5839b8f2b2ac2ce3b5242e9f06a6777b1eb97d87ce4873c439b40d8adb8fbc52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d57c71ab8db3b8b6c0777a3c5379040c

SHA1
cf184443f28bad526d2899d712dfeeb88a4afc7a

SHA256
d42a55cde21b4441dc5fe1ab12d8d218fb158614d6736dd443ca39d0c74b72e9

SHA512
7a2193994f670d9427f1f86cb71454ba23fab1cd027c165dcdee1028a99cb17e54387b52720c01b949bd1fea534e3e7e4807b37b2b9614ca266d2b88dc42ed5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
12e94f939598a0a3dbf89b9ea49bda7d

SHA1
f2b4b7cede099b3c35b76c2b2aca10b189bfe794

SHA256
3e21cb8eb6fea54b85abee8ab01b3c0c621dfce62481f5ea2dfd436c97ed9306

SHA512
6230677640671387cd7609cea6179be2ccdadc764029249e4d80dcd159aaf713a11738395d0fd43157164206be42e720549777710bab74a82dfe622094a83190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
114b550def82595a51adfc6dd7ab1316

SHA1
59821a65d8b2eb9fa1cd1fda4191c57e57b83d0b

SHA256
d3ca3d1d1b8f0bc27cd76722e26922a8773d15b5e086ff4771dbd6af6207a69b

SHA512
86b5ed940239d7790bf9cab20315b99029b36b875de7b034563b615d122fc8c2b16b49043021199c24dbbca74223b4f1d18b002cecb3fcf6cc12f62e5f663859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2511bc625a5dab1f1b3d5cfccc21722

SHA1
1a2b6a7925bd805b358e6e8d7e9e4dc69398b782

SHA256
a386ff75e2d9797c10cedc405260819b340ec10c6b134c9921b3bc064a1ab1f9

SHA512
f0c9474b96e1ac475e0073b05ec38d9f4d0ebca49b908c3137ec3488507580220d39827fa8bef9b873ace7c287982bec901952d5a64838a0600465d7e9e7e7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fa7c1344baff601fba4ae946a23666a

SHA1
33af0ad4b424fafa045054e676f5121afc241522

SHA256
a279cc4884feae1105d5b368e502c910a17d74e0dc4352d571f69c004d323823

SHA512
18cf145174c7dc41bcfe20f0159e224e42755aa3913fe6c7e8df1f7701efcc47a590a5159dd9d16318d613c532a6b7665f4d8cc07b4554bd6e4e13fb5bfc807d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
11f7018670199c419d2df250b9c46312

SHA1
1c3c7c6a5706894ac8ef87e0655d5b5bc3c97453

SHA256
6d26783ba13272c6f9426cbee5813908f9467932fa150183d68f73891dbcc82f

SHA512
535393e9612393443bf11dead9c067d2c21373fd2a3084a1b48e8baf6da60a8bbcebb2dd4caf9ebc9955083667fafa3abda00ed1389b09a3ad818c877972e68d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57c059c7c134299881a0e38b801b791e

SHA1
85140cc6e5bab4c35926c4f4941558c645dba6fc

SHA256
913310c647b977ef91551f9a5b1b619763e6437f9b9163580f9f5cc970080402

SHA512
eec5ca43f3783b85f53bd681b0fcba8e693537429786c958b42e104fb9ca6d06a6c75e6e1e8a7883b01dca8bfc73a13211fd794e083a93074bed7d0564831532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66f3a93dd3d8740693cceaad577335ca

SHA1
73622cc2b373b6b1be012fb6d46978008fcdcebd

SHA256
8a7d9af4f17b81a8e2fd3210d00c520883f757a31e4e2fedb4aeff9de327a2e9

SHA512
494f40a9ac6ebd41d73b8466b71a58317f70c5859ecbed73bbfd4763b55909b2166cab211cef56935306be5c8b8655c55ae11ccc22faae772adbbe691b9435ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b871aac3401ea01f467ef5160d0d2f72

SHA1
d1e0b87a8adc4ec5a0effefa555eedfc5aca508d

SHA256
573b9a8995563b2000d9e671f8a15b11f8548d28c3996843a742b4b10094a622

SHA512
5dc4ce64bdfe9669996f5289ee6558e69b2f25b37cc497b194d35ab2004cb7919237f0ec420d9bcf7ae68a8a8ec40c2ffe98b6918fe5d02df1b0e05ee8597a5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
be4c39a7a0cfa93765b52628e4c4f15e

SHA1
baf690530fe35480fdcd541a52c2b66ade1720b4

SHA256
812be90013d678c9f0a07b29708c985d8bf2e5a4c6c6f11f0896776cae6539cc

SHA512
6df7c613baab29174460c1e5b4509adea4f5326125c7aa873e50d09d070e8b8d38218d620b408527b1ef36c45c8007e1b52cbf635abe0e00a0d2a9fc93f67423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
60cb3bc942d6aa7dbcc2ce78f550ee43

SHA1
5daa029907371975f7ee71a3ae2db2cb7439e0b7

SHA256
96d6255096ddfd59ea21a1c88f2b062013b137883a0e3a32adec92cf8f4bad0c

SHA512
51a1ab9f2eceaaf1f45051347f1f2dd9968f7fe341d70b495bc02f07730f4ae319332f251caf5d1e3906f6f1652afae5168c66dc069bc362808658a302663cbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58439c.TMP

Filesize
538B

MD5
5623ec9389eef0b9bb611838e1de6ac6

SHA1
938411fd9778750af005e4293ec71e0c86577212

SHA256
cdf0350c451b52d8a3ab365c48cf086984e441ea2812f9d7ff36096e5e11a9c2

SHA512
5e6adb52c3b7e9ed1b7ec22fbed42b23ff78acc06e202cb712195452c7964ce995813e649c6072035777e9455f36b5ddfa8dd3bebd7c2a1f790469c2142a1777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
706432449160adb739fca0f538506f2a

SHA1
1c230c4baf917de245491a2d67c7cd8606144b78

SHA256
37dff58a4ab00a11a6e85950254016126a44bd5e51b33799c8b35b3c54d960ea

SHA512
a86f71432c80a7537c323081b67e0e3edb79ead07eb7148d1a899f6b865596560f29a645d7f9f9f0c0ac41d8e104699fd96c9bc6b603b3982feb3267c14113a4

Download Submit