Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
09-05-2024 02:01
Static task
static1
Behavioral task
behavioral1
Sample
27c1e142ecc128caa26062fdbf18bb70_JaffaCakes118.html
Resource
win7-20240215-en
General
-
Target
27c1e142ecc128caa26062fdbf18bb70_JaffaCakes118.html
-
Size
24KB
-
MD5
27c1e142ecc128caa26062fdbf18bb70
-
SHA1
f86cf8512db79e3b88855e03a8c67ea74b8ff3f8
-
SHA256
e0a7bc0415b7c34a6d9710c8b7d0e0ea095eac08b29f5bede96faaf9097101c5
-
SHA512
dc2a14b465b76c052015fbfb08f3c4df3c48d3b68c31c74137d62bc6abb2a2d8acd0db0d8a7a3c37d8e763b2ba0bbfe0e44e7403f26062178da6162aa995b5d2
-
SSDEEP
768:3bUDC7wFUeBq7f7K8fpM9LqqhikPPU5IT2Oag4w:rWURf7xYbhXPP6tOag4w
Malware Config
Signatures
-
Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
Processes:
flow ioc 60 http://btc2016.atw.hu/index.php?welcome -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4004 msedge.exe 4004 msedge.exe 2400 msedge.exe 2400 msedge.exe 3876 identity_helper.exe 3876 identity_helper.exe 5592 msedge.exe 5592 msedge.exe 5592 msedge.exe 5592 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid process 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe 2400 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2400 wrote to memory of 2332 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2332 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 2664 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4004 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4004 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe PID 2400 wrote to memory of 4420 2400 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27c1e142ecc128caa26062fdbf18bb70_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe410b46f8,0x7ffe410b4708,0x7ffe410b47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7036 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8512 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9116 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7324 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9028 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9028 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2672 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8052 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,3857011224057746646,10658965003744376320,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7628 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5a8e767fd33edd97d306efb6905f93252
SHA1a6f80ace2b57599f64b0ae3c7381f34e9456f9d3
SHA256c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb
SHA51207b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5439b5e04ca18c7fb02cf406e6eb24167
SHA1e0c5bb6216903934726e3570b7d63295b9d28987
SHA256247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654
SHA512d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028Filesize
199KB
MD5585ac11a4e8628c13c32de68f89f98d6
SHA1bcea01f9deb8d6711088cb5c344ebd57997839db
SHA256d692f27c385520c3b4078c35d78cdf154c424d09421dece6de73708659c7e2a6
SHA51276d2ed3f41df567fe4d04060d9871684244764fc59b81cd574a521bb013a6d61955a6aedf390a1701e3bfc24f82d92fd062ca9e461086f762a3087c142211c19
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD5139c3350aa64bf829a02597215c8e2c6
SHA1db4644b187c6fa16109f3cdc25f383a1d58efaa2
SHA2567f6bb04094c76cfb00b13b5544f05d6cd9ea163c0e04c2663f5d9f3c71362ead
SHA5122c3b196baeded266717a37b599c48e7938a03f9c147067a5477b14619e1eb0476c7869aa06e4f9a2c372b22f621c150ce495c7539d9ba3cba54fcbda5d8c2d48
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
3KB
MD5ec2dacf5eadf2a11b6880424baf863a5
SHA1bc5742e5ae2ba36fc2e2767db45f8e347954bbe7
SHA256e7c8f43abf8833034b31133f6f5c3094829fb8d040ae5dfa81c01a0ecc6b98e2
SHA51235c80de48802a50f36d7703962cce3a8f5a899394217fb7c72b60e2c25f5cde2679c0f2cf3f0d770e64976a5b6cf00323477c6c3c06918a2eb45649977e4b360
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD508831fbbc8af0120e592f3ff3b35f5e5
SHA1d208771d7c45829d3defeacefcea6422476f644c
SHA256ab7f76d5c5242644b6cb2cf5bdce3a8cd8dab34801650d52058846c445484cc8
SHA512c4fbdd046f0911367636c9863689cd394c46f4e7513743c275576e7b80eb3640a544ea2b561d7d1646b5328085cb182db217583ff36f33eadf04fb6119b5dcbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD55ab2e4f1714271d42dc0ea568e20cb95
SHA193e6da49e767f22cee5a3c43908a51a1b0596476
SHA2562f3323c0dd48f963577e1cc0d793de9b82fce484c135ed1cf73ab1038c351adf
SHA512d13aebb55dee156c86b6c1899c2c5e52c0ca46ac8d01c70073f5844ec382c37493787f549dce79b7089235658b0bf799c29261dc0b298af2064ff6928d5fe569
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD574c56c8b045c816c19f54be6e81492a2
SHA12991eaece15310a513d34c5b52c6401eaa6e06a9
SHA256462b92b241f081b2b80b712669e056cebe601ff04cfd5ff00394e7d0247e135d
SHA512572027fc3032a07dee6db188f8e70195c9cde6b4a442e48de89189c928c1135633dd021ddc22cda217f81c6f609fca4da93bf30be9d4bee4c146571f7a083cf8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
8KB
MD5831bda567ba22b23866e2b546d4c2946
SHA1ad94a5c59cffe86bdbd683e73b94032ce9d5ab0e
SHA256aa32f697663a8a5ab7ea50ba785c66961c2712ead65440058dbc394ce7de32e2
SHA5128ab0730713470ef26bb5945434add1c52ee21582a4a825747f9e7ab664e00dd25144d6e99e4617d49523cff66c6d8ec1fcce07248c9d44ea091d813fa836b37e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD53d9cbb303fb56a8f0e3fbf6254047ec5
SHA188fae6826e39f60f31077bad99b628bfb0e89122
SHA256df2cb2176932f4c7415f37994df3bd273799ab6b3db2b4acb99ab20da25708a7
SHA512263b41f11fc1821bcfb63bb4a4eb275d76e577281a3fc1dc5e9683b090ed3234d4414db9eb35e741b6eaef49e81b396c8e0b8c73a48b430ec30c4269176fab51
-
\??\pipe\LOCAL\crashpad_2400_HQWSTCBVFDXYJNDTMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e