Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 03:50
Static task
static1
Behavioral task
behavioral1
Sample
2d30cd95c13f6284cf7c7b82bfbf6dc9_JaffaCakes118.html
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
2d30cd95c13f6284cf7c7b82bfbf6dc9_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2d30cd95c13f6284cf7c7b82bfbf6dc9_JaffaCakes118.html
-
Size
113KB
-
MD5
2d30cd95c13f6284cf7c7b82bfbf6dc9
-
SHA1
ae00fcc07920d97f596a2fe1b368bee43acd27e4
-
SHA256
d5a70297b1459be066822328e04f3449395584ff591badbe0c878684af1a1ea4
-
SHA512
3de1620ee907604e9adcad0361dc975dc7f9a6a2071d306e1256a60717ff889832378d1f9a4617e12f5a75eebd1d2f400b356fe5ef52bf3f23b22eb46f3eb0ce
-
SSDEEP
3072:t4o8Njz2S81Ep2svb7d21D6VleByTPBXJ27/P7UHeaA2o81il:l8RG1AkLT
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 5796 msedge.exe 5796 msedge.exe 3956 msedge.exe 3956 msedge.exe 5736 identity_helper.exe 5736 identity_helper.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe 4752 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe 3956 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3956 wrote to memory of 2688 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 2688 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 3744 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 5796 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 5796 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe PID 3956 wrote to memory of 576 3956 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d30cd95c13f6284cf7c7b82bfbf6dc9_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3956 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d51847182⤵PID:2688
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:22⤵PID:3744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5796 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:6012
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:8
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:12⤵PID:5844
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:12⤵PID:4640
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:12⤵PID:5428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5300 /prefetch:82⤵PID:544
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:82⤵PID:3184
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5736 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:2344
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵PID:3384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:4048
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:12⤵PID:3616
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1980 /prefetch:12⤵PID:1176
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5716 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4752 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:12⤵PID:4480
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6152 /prefetch:12⤵PID:4440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:12⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:12⤵PID:2432
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:12⤵PID:4756
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:5076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:12⤵PID:4216
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8279297567966866163,8922971663801005951,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:12⤵PID:1580
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4604
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3576
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x504 0x4c81⤵PID:1896
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2100
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD54f7152bc5a1a715ef481e37d1c791959
SHA1c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7
SHA256704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc
SHA5122e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c
-
Filesize
152B
MD5ea98e583ad99df195d29aa066204ab56
SHA1f89398664af0179641aa0138b337097b617cb2db
SHA256a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6
SHA512e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize240B
MD5a47464f86d2276fdeca0457189c308a4
SHA1c302bfdaba38ac62c96e4e407c60a03f270d8def
SHA256c94fcb3f68ba97473be602978500383806dce57991cd03b0911399d4380c7eb0
SHA5121cbc6f6f4e1f70018d46f0345db61a7ab6446e7f8f3bea95628994ab3cef01fdd3017e25ea2a362153f02ead9dbd357cddc9c988a67627d418b2f920f64bfe39
-
Filesize
3KB
MD5b8c65bbabb37d46e7000bb3a4870aed4
SHA1a9825b17f75468a91ef73a2af8c6d0e05c0a1ecd
SHA256a5bae6ddb6a9eb54b1df1837c469e1fc6ab2e254c707190ccc7d61b62fb8c1c1
SHA512acc47f781350157269b8ea2cb30ea9ad75c16071efe38ffc879752442486c51da8ba3b7dea42cf74502cdf3eaa1699a208bfdfcaa99b67177e5fa2b8db1d441b
-
Filesize
5KB
MD5daced91f7e9b4b084e220da2bbcb3700
SHA16d5a32553b44506931d2f990003d0c9fa917010c
SHA256396a58e53866d25664caf45091543ed9769ab9e1694b62524857f1d972306923
SHA512c7cb5f346f5b8783ff48c0f8fa0dedc40d7123e17298a8e4f8a3a379d30c9dceadf4e3eec44d7b2243d6baae9b558e5b5304c074f9f22e34ef8493b90e160ca8
-
Filesize
10KB
MD5a17ce61a9c02f43219f3020907cf88fd
SHA12dbc28b820472e4cb646b628ab1b034a46c7c4b2
SHA2564103875ab7d88c61861ad10ad4fcd1bb2976cd27cb11588fea79280e2a7ad2ea
SHA512aeb37e4473524b6ffed701bc51ca68505d04e9db85bfa3ca3ea3dda343fff42195d866b337da8f8667c8c7e265c4fb52a113d393a96d01b428bd4b043abfa19d
-
Filesize
8KB
MD58aab56463da2ed1b1e9196efb7978ce3
SHA1e8dd6e10dbe376c28e2bf1abc4473d288408ec1f
SHA256730f82c3d03ab2e9132dededd3c120f216624c2a65427f6a68fd87796780b1b9
SHA5124437ee44597456a7f9e0bd5512bd2140e59ed43f9cf50cf4053f58832a1112cc0b9ae11cdd6e9d9d3b4b2ccd179bc2f4aa6cbb64d2b715f4a44ee61489528220
-
Filesize
8KB
MD5959124e5e1d5f2a8c0c9b904c1590f21
SHA1f6e1b434fcaed36cc28c0860d944516cd68a89cc
SHA256bef5f4aea192b5cbe58e25ac11b7d959f8d36a6fb425d8e3fcc41553ffb5e727
SHA512ebdad4ef47956b3d9ab5b25242d89568c3deecd462eb6233fe8fd0abad6d7fde0c000a72eb1786d7051775ad4ac59e2cd5054141245c913a1ccf0594a1aef189
-
Filesize
8KB
MD55d129640564ab3c52e00e8009d82ab3e
SHA103a45d5c957db3a177a22031f4e0b7a2695b2676
SHA256fb8038383da6cd7b19743ba38936cb5ec19b5be9cf51a0f41df06f765297586c
SHA5123029a13775fdaf4fc235d05be8bb4e972967325f33ed6cc5288ae55dcbccfbd08ed488835ae4be87baf961c10dcf3111dc67c39971ad7b62fe5139da95154d67
-
Filesize
9KB
MD5bf8fef5a99ca1adb873bfd5059e99fca
SHA100d784464d3e20687e9df5cc6b5e9011f539f3a7
SHA2569012fd4e2a3a615f2387028fd354413130fc3503f2f4b99f56ef2201af25ac08
SHA512d089f9604f81abdaed279dc7bf2893cff5e048e8971c51a7a8f01b3c922d97b39b40ad56e22eb37a772034e5e367809a5984dd3b8478dc695744230826299662
-
Filesize
1KB
MD5cc559e5dcececfcac5940223f404eab1
SHA117ed99c087f2e5d82eb56e56362b37348f5a19e1
SHA256c0b518ac17a9df0b256c0934896d9097a940278bb402e09ef4e88ee0f83a112d
SHA5129df00ab17c96d07fee2bb98108f5a3162199358a0adcea16dfa37d891140bd3036d887e0f5591a863f4602029a599bc9e0f39ef785b125f6d111fdb7a130c66b
-
Filesize
1KB
MD546f1a4c0ad0203846636623c274e7fbf
SHA13ffbaa72744d9de525f6eacd0ca08eceb7560a94
SHA2563ddfd5c31429999cee225a81263b50263529751f62bceb1aba6b991df2619d69
SHA512ddf72a85a5c858f16e2f4e9efb95ec4b61d5a02fa47de220d12461bc1d2d4fe504c1eb8ac9fc0b0c619cdc2cc7caa7dce392c5ff0f8776973c214987a5fc2e9a
-
Filesize
869B
MD5e6d1ef723db78b1de8e90c1b621834c9
SHA1954c6f3775a870b0812599a23696d2815faae033
SHA2564e2e01d5b30b7db7fb8c25d9f4f5eb80840b616dd146ae7df29e2c303cb14cbe
SHA512a0e0d5329741ecbf504e2737686b999535a2cf03aca70ce3bda99bb956b5f191f31b207a08b516a003fce64eca23cedac2967df3039de6dc2e548b4c29874f4a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD58756e6ef7a3d0bf52ef38cc45af4fb5f
SHA1b7accbcb17d6b503fe58d17c53c83001745049a0
SHA256e5571636828bb34c040cae8f97c3973f3f3339ac24c8c2934bfa25d101c00b85
SHA5123bbe7371af586a6153e58046a1d91602b1d723c2646fd7baae46305b6cfd120cd6b0e6ef8115422e13e7f3fb75a8f584dee4c0e14bd3e4a92c2811b201c2bfc1
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e