7ce3a93cd783617c7ff000f1748046292d1ad7be0d91097a718a578951c062c8

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

229f26810a4b03e00396e907befa3a97_JaffaCakes118.html
Size

68KB
MD5

229f26810a4b03e00396e907befa3a97
SHA1

9d13ba14d4fa65caa79b1cb5a4a9b86916d62c15
SHA256

7ce3a93cd783617c7ff000f1748046292d1ad7be0d91097a718a578951c062c8
SHA512

dc0c1ace7b206e9311946b365ea07f0de4634569ddc0f9abe48e164b867d123dae3f2a7065a7f387c9415aa5189d372b6bf98c4257422877b907215d06d454f1
SSDEEP

1536:w9Wrk0ZCMZSopfbhuaUWbGgSBGxr/FIcB2z/xr9aod1ZpyCmfEYTmoQZDFIgT5:w9WrDZS4garGgCGZucB2z59rd1ZpyPf8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-877519540-908060166-1852957295-1000\{F1763413-290A-4FBE-BDB6-EB8FE23ED3E6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2280	msedge.exe
2280	msedge.exe
3428	msedge.exe
3428	msedge.exe
5880	msedge.exe
5880	msedge.exe
4968	identity_helper.exe
4968	identity_helper.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe
5452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe
3428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3428 wrote to memory of 4892	3428	msedge.exe	84
PID 3428 wrote to memory of 4892	3428	msedge.exe	84
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2800	3428	msedge.exe	85
PID 3428 wrote to memory of 2280	3428	msedge.exe	86
PID 3428 wrote to memory of 2280	3428	msedge.exe	86
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87
PID 3428 wrote to memory of 1816	3428	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\229f26810a4b03e00396e907befa3a97_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9965d46f8,0x7ff9965d4708,0x7ff9965d4718
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
  2⤵
  PID:5260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1768 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6220 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7556 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7228 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,9984534858777004127,5736268456433050218,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006b

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6ae636736d04d92eed292107e7d9d5e6

SHA1
04a33c263c027c34cc7c2a421b04c0d7010b71c6

SHA256
60aa593d535cc7a34223a6c0fc2c59409fb8863c8fa312a84f26cabc5a9ba0cd

SHA512
5f85c28ffdf2d278c6fbba8a505f1e56cbfc19daa099ff25bb604da5cd8348a8123059ff200acd57e53e107a3146cb18a1640dbe4d37180215d6c13aa331280b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
33e7269a482d58f5780796c107b29409

SHA1
454c6122c83a6d1a8704bcc5492904863e9a000d

SHA256
9b79f7ebbbf7895cd0561a0f18f91f655e0f4abd9cbdb840cdcbf810632d5334

SHA512
42084829a3a7210499f4cc29814f569d39402aee12028a305408103378544b525a8dfeb61dad5d7d0a6174e0b11ec154f3d2c7313d6fa9a05dfe9b7ccb19eb40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
e5eb3181def8eeab4b370ab82ad42e83

SHA1
d89033939b68802768b056de438c9f9964ec7f6f

SHA256
c18723d6a8ff0bdb73ece32dcd6377dab6e28636ed4694e9ed02a9a36985e81f

SHA512
3739d7f57c022f6ef638304b1e078ec71e5a1d6448a7c58d1115bc095e0c7202f934e03134d5531421c27b7a6e127d4fffc5d4d580d5d4d449e62424280ce3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
ccbd4df2818c6b51edc487d4aa34d3db

SHA1
b2946445f5408ed625107232d32906c1e40130a4

SHA256
fe423ff7905d010c00acb924ab7042a6301109eb9ef92dae46dcc797fdf71569

SHA512
beda2ed3303ac1d7ea13688652b1fad0c3f57e46eb3ec960f798fdd01f839823e148cc40225d7a4608d44111c8dc16a6ba8c86737ee472b838d40afa6d94cb78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
16773e1e6216f7c11a38b9a4cedd52e0

SHA1
239c97319107124d8b3c5ffcef1af1485616596e

SHA256
6960ed9b13bc183bd8a9b0d510fda38b8048bdd2e429ad84ee04c6860dec056b

SHA512
7352fb499434bdcfefaf686a4ae12a20c429539377a32c2121f779a450cf09acb4d61d4be7d4524b1a1f9dcaf7690fa1825a256974e20289a8ac69f698d00fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
65fbd4dc6bf939cb515bb0a30a55170e

SHA1
83e9db07a2c716d3d1cc6d89b9bd0e3c8f41a224

SHA256
7cd7e70e8d2222459edf7568e2e1c372db2bc5805f47c39f790ba82a29e21185

SHA512
51222ac4d43b5c5e4d5f450b374f2d7993bf9b916308da4871bae69f552d88ed839c093ff184bec2823b709b71408369a4350f4e614e0ccc94a970e04f805713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35ffb3fa78d6e11739a42602d4a2f17a

SHA1
c220030d7ce4e854c1b3a0fdfd41f6c25d6db6c6

SHA256
e6dcf6749e3466a8a082b3f33fbcbe79d65466364628939ca4dac2692a826d08

SHA512
aa2bd12f74a586aac0e69f257ee958290ec76346ae908c83b454324c63130dbac71ef478f47d935b63edc1d5ad26f260164dbad9a111c82e737695c82b499178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
afedb87b23e309a43d643550a0d7cdf9

SHA1
08ff4b54e0cda14fd9e8812d5a0da68c04b2ecd1

SHA256
45273f64aeb8900ee6ad91441c6ffe784d07ae99bb21e2e4f13bdb3d58838998

SHA512
be6fbc2aa1d46034d4c807b3364a6f910ed809a27a66f16aefbdea1b2542cba551f0ef10cbd5df865165c2d632ea9394588ea476527a1f13d724ac3501bb1db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b43c.TMP

Filesize
48B

MD5
5101cd7eb04858d2469588ece10e9c00

SHA1
44e642642e267e83943e1551ab66760ebd54272f

SHA256
f3d5f9276031e308f11e87742c3cecb3919dfe1eaeb6d068adbee021ccb42d90

SHA512
4a1c5f7ca5777131f95c562df9a4155e0359a9b968ad641540b08a9b8bf9e101de5fbe12ba82e4117647b99f7e7a18d45bad9a83170191f85b69dacf9d699cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
f4bf4f5ce53dc7fd5b5c7ac0f193554f

SHA1
c672584c1dc135b4fe717301ea5e4790fe25864d

SHA256
cf16f30fe378ef8f30b008eab16919eea50c94fd50c5f79a2ce14dcff59f9c8b

SHA512
0ded1056910bbbf5272acd538e494a10474f7838339d56ee99d79c0bb718b551903f9913267b2fc32b712ae361d6489b4274084281ccd63b50f512e2e4238a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
e2f6efb3d7297bb89bbcb15ca07a5f66

SHA1
477286ad147c3423c8ab3ea344ce647a0d621450

SHA256
c5c45ea03569562fb491c74f05ec7dd883417311085d8cc76da9a099be67723f

SHA512
591d4790028055cf6bdb9edfd6aade508d7980aaf4cdf03f1cb0218f575ee062270429da05220863b929316440cd2b0f406fc5785ef0387642294ed82644ba00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578df8.TMP

Filesize
6KB

MD5
de3702dbf43f0dfedd3eb8f76521ae08

SHA1
ef83fc2b8ad0b08a462a138a402256b7e08fab8e

SHA256
e6b5bad1486de37b41979e04493f294ee9da4d76dc1b3c92612bc843b2e2b549

SHA512
7398853e4f71d2a779a62e270df56b3b5d1e73ca44f284886222a87171e95094946fc472f370d9c607b1165e1862c4fca36193661e9b2edfb0d64438bdfc5c70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c82d0ca047570d7c59d93b10a2d29424

SHA1
b6bd065c7e7f7ea05bee7e8aa674f57a0cced412

SHA256
f51e12b70f9f906511b7ebc5ef7469149213b89cc4afbf2494078eaf82b64609

SHA512
827e2172262083fb445d6ec0cbff3847600f09b03cfcfa246cc88f0cbcd7bf01ea53b2299e1f58e64c5734c68f676cd7cdad1af62928c228cfddcd78461b36fc

Download Submit