Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 14:19
Static task
static1
Behavioral task
behavioral1
Sample
2f896545aebd19b7d3201ee42facef87_JaffaCakes118.html
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2f896545aebd19b7d3201ee42facef87_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2f896545aebd19b7d3201ee42facef87_JaffaCakes118.html
-
Size
127KB
-
MD5
2f896545aebd19b7d3201ee42facef87
-
SHA1
cd69da299b5d301b24ee866df910493b9da390c4
-
SHA256
d286e463da62e4b5583462b26ff57a5551c28a487a60ae574b9b3196ed26d98e
-
SHA512
b6fb51cb1f0619d10fb46ae78269f3f42696ae2ad514263ec44913234d069b3528a65177b0439eb82fc0479021e542788a1ec6d05b4c0f7cd27688ef6819942a
-
SSDEEP
3072:w38Njz2S81Ep2slbbk+21yOVleByTPBXJ27/P7UHeaA2d61NY:48R+1xkLM
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1012 msedge.exe 1012 msedge.exe 2832 msedge.exe 2832 msedge.exe 4840 identity_helper.exe 4840 identity_helper.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe 540 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 2020 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2020 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe 2832 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2832 wrote to memory of 1872 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 1872 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2364 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 1012 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 1012 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe PID 2832 wrote to memory of 2852 2832 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f896545aebd19b7d3201ee42facef87_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2832 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae23946f8,0x7ffae2394708,0x7ffae23947182⤵PID:1872
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵PID:2364
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2500 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1012 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 /prefetch:82⤵PID:2852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:5548
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:5564
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵PID:4248
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:12⤵PID:2116
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:3924
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5560 /prefetch:82⤵PID:2208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:376
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:5140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:12⤵PID:5552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:12⤵PID:2360
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:82⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6956 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6828 /prefetch:12⤵PID:3272
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:12⤵PID:3940
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:12⤵PID:2928
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵PID:1424
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4652 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:540 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2760 /prefetch:12⤵PID:1708
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:12⤵PID:2464
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:5568
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:3544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:12⤵PID:4100
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:2292
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:684
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵PID:5228
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,1227486912117209086,8525927159648009485,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:2296
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5140
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4b4 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:6116
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD52daa93382bba07cbc40af372d30ec576
SHA1c5e709dc3e2e4df2ff841fbde3e30170e7428a94
SHA2561826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30
SHA51265635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b
-
Filesize
152B
MD5ecdc2754d7d2ae862272153aa9b9ca6e
SHA1c19bed1c6e1c998b9fa93298639ad7961339147d
SHA256a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7
SHA512cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2
-
Filesize
16KB
MD501d5892e6e243b52998310c2925b9f3a
SHA158180151b6a6ee4af73583a214b68efb9e8844d4
SHA2567e90efb4620a78e8869796d256bcddbde90b853c8c15c5cc116cb11d3d17bc4d
SHA512de6ca9d539326c1d63a79e90a87d6a69676fc77a2955050b4c5299fab12b87af63c3d7f0789d10f4be214e5c58d6271106a82944d276d5ca361b6d01f7a9f319
-
Filesize
22KB
MD55e74c6d871232d6fe5d88711ece1408b
SHA11a5d3ac31e833df4c091f14c94a2ecd1c6294875
SHA256bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105
SHA5129d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5168f4fd61a88aee1c062e1d42878a82e
SHA14be221b533b65eef78741212684cca309e0296b7
SHA2568b9d57afecdde70933db82f5fb0614ea89765cb69f4c4cc4920d3f637617b829
SHA5126725bd386d5e5763bdf095cf654cda33efa537fac7d7d481514029405879c396b0aab2dd96465c86a12b59846ab1a0be15e4cc2aaa56d196f1dd02f6cc935be4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD52c5d8ac3e962ed77c694c8b724f312b7
SHA16f3c1755a72f50376a032d2d0c8f4a32b6e51262
SHA256cd2c1e5ac7eccc4d423d1a981f8b8977d25d9a0f4f3b2bd595f3563460b457a4
SHA51262f7b39c3aeb73a3ece811dd407fdfb6d4049f36956ae2421458aa9ef9efff35bb9fb9627c396900559515c07404d82aaa38d2cb9437a1c1525ec07e9fc93fb8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5fec23167aa02b51f66bc3899d855dcb6
SHA1ab5155bcf8124f35fb4471cdad1f0c44ff1c74eb
SHA2562d1a12d321c53b1927d3fba7401c2af3f515f46dbd8d53ecde102d914a8a2330
SHA512b6c1f6ac82e56adc0c7c2092290d42d60793fd7774d4acbffb4ef75875b25d5d12a7701f561f21e5e12dd29c02094ffb18e973db005456d91b07b17d7514909e
-
Filesize
3KB
MD522c1e71962a2852d075f1b8980ff86df
SHA1cba59b3391391bd93cafb720610b25c92516d6ff
SHA25659a06fe8df66ed342d71d14cfcd6c58e72ba8914deeb33c887904fa5d1bcc9a9
SHA512aaa261bb737c69ecb875859b0466352c36d06fca7e75afc88ad773316b318c2f73a5f4d0fcbba05122fb5ae823e9a94cb7a190f5f431b221d37bd5e68c619b8c
-
Filesize
4KB
MD5f4a05c2213ecbb17d12cc4a8ebcf23a6
SHA154f069fe655d8168d7e51d457705efd62f9cb972
SHA256b71926c882b541b3185d2137cad70b2aae04274345ab9d8fbcd2b42d223a1306
SHA5123591923bf8ab114fe7048b43be36fbfb5e3ec6295a380f7746338ae3d4958d35b8c86eb3dc9410408306fd4eecc7dd3fc00dabfa025c7b7eb15f87bd49b794a4
-
Filesize
5KB
MD5f97a2289a1bdaaade071398e2bd8ad4b
SHA10b8417df7e9c838e8b2bfef3858e765a5999a83c
SHA2561b9194b3cc571943f0baddd471af03f867731ee2a3042eab1af685457425359e
SHA512a641c8bbe156fd89ca7eb7aa402b5ee9ca61eccc3a650c5c68869dad56b1427f72515ce33942ff378718fd4b36511a39bd584c04a0f3c74000cad12a3c2af5eb
-
Filesize
7KB
MD53a7f1ba518d679de0dc6353d3ba9b1fb
SHA1768abad3b1ba3041bd06f76538bdbd7e060e9d3f
SHA256b3ba101431d0d77227e7392032e37ece85a88ee987a3a3ba856e1e334d5d42db
SHA51263d7942023313eafb74ccb31675914d1be4e9b8140143bfa84667913db5ab544fceccb3efa84ab5099082b1aa2ddb50b275ead78b7762edd3abb6ab69104b6e2
-
Filesize
9KB
MD528d4105ceb43ae040029c0b2fb16c991
SHA18c07d9e43e60c37dbabcf77a5ee841fa67542a3b
SHA2565c342c86e0ad01292d160e7911613d84b9da93d57dbb00b1ff11c5c91f8f0af2
SHA5123b0e69d27a4f258dee0133ade714f85824c86420483927a46f959d3cef9a0b26a8d223f6658c72a644389919fc76e06110365e85f3541720d280dedd01849aaa
-
Filesize
8KB
MD56da9aa06d510f1cdfb57db2498a1e09a
SHA12f7aa6a5365498bec44d59198985fdf7d2dbe111
SHA2564f0ba24a74dcd6e7c732bc2c4a3cab043115cd40152d54ac2d00e0d32d097b08
SHA512a2b5f045b8b80dd70b9ce14670b92babc90779578bfaecffde586bf9be6c64fd6f25ba7a344b02baf2c87e713c9197ee185d7e5e680eef1347b7471dbb29e96a
-
Filesize
1KB
MD5fe96424d0d6f3bea22dca29b52a01d75
SHA162fdee755e1f9647e14be8b5e7203170da9a6513
SHA2560c7bfc0dfac8b4af62f15a0b28c6505d9c2e450fe2d9c1112deebccd649146e1
SHA5123b951bf126c39a6ae26b2168bb976202a16d2cc21592d963e42fbd511f61f6b56db4b0350ff03e354bcd1fd44b6a24ef9d7f0f8c630a1f421fa15788b0de7d83
-
Filesize
1KB
MD5acf4cd0eb92a09545d5954c3e1257bf9
SHA1ac527997f8c85dbe33d3f5bc3172418f9e4a28bf
SHA256d9dc685ebe0b84fbada93904b7fb77e6aa298dbd35132529aa6cc254da720b2a
SHA51249e66ff759fd222d6cc2fb7699f3daac7ecc09f02d8fa10bcf27edf4b40feec49cf40aee59fa615f58a6e600c88d78ae05c6987e8400131990c1dc9c6cc7d899
-
Filesize
538B
MD5cb198d56b193492d79c3d4295af0ada0
SHA183287c363e3bb899abc8a6e85461d8f53baa3807
SHA25662b8be547487c68263fa62585cb22b1f2d7b78162f8897d007f89c18c6b91dad
SHA5124a07f45b7f8df552c52a46d40b8b9a17654b5e62c70a816c79a8abc3f0af868603436a941ef7fdcd91e42641577dea44b40f0e8e051e2082bfe3f66c59c54011
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD5a7c3361cc6eeb9eaa025ea7dd0cf05b0
SHA11e8d711a332235f309d192e63a79113e083497d1
SHA256939044dd8eed06a9846ff0b50b21eda6e1e1924cf3c749e0dcff18f2aea156b4
SHA512086c010b429748f0d71f1740aaa42c0c952ef8872c3481f42a3840afd3052b8827ca3bbd71e86bc410d98ca3b72955fe637641812c0dc22aefae282ba568d8f4
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e