de0fa71a4faf2d273fa062bfd33bf6a768fcc260e171fcf2fbfde1053b5ed4e8

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63f4c2f1453f054ce1365402ae4d0678_JaffaCakes118.html
Size

144KB
MD5

63f4c2f1453f054ce1365402ae4d0678
SHA1

08c7e38419b5e3069f101481e35463e2c1fca01f
SHA256

de0fa71a4faf2d273fa062bfd33bf6a768fcc260e171fcf2fbfde1053b5ed4e8
SHA512

1a7d8c4ea12ed6f0cc697c5960aeccc90bce75348731b7ff7f4a85f92e02ce2dc22dd6d8b9ecad8a8332fd30154392ad70616ea8e15d05b257342e436232f7dc
SSDEEP

1536:Iwgr8VkeO3nSzF65+oNd0iywNQjCMEvY8z+XdZ0aS6cgRrCvZlk:oeO3nSz03d/ywNQjov9z0dZlIvZlk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
2424	msedge.exe
2424	msedge.exe
1820	msedge.exe
1820	msedge.exe
4396	identity_helper.exe
4396	identity_helper.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe
3748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe
1820	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1820 wrote to memory of 828	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 828	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 996	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2424	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2424	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe
PID 1820 wrote to memory of 2372	1820	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63f4c2f1453f054ce1365402ae4d0678_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff935e46f8,0x7fff935e4708,0x7fff935e4718
2⤵
PID:828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
2⤵
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
2⤵
PID:3984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
2⤵
PID:428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:2404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
2⤵
PID:4756

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
2⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7136 /prefetch:1
2⤵
PID:4704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
2⤵
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
2⤵
PID:5188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
2⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
2⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
2⤵
PID:6008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
2⤵
PID:1208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
2⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
2⤵
PID:4572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6872 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
2⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1688 /prefetch:1
2⤵
PID:3676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,5981862769197880844,3831809137377356761,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
2⤵
PID:5412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\80fcd604-7f84-43f4-b649-0e811401af51.tmp

Filesize
6KB

MD5
baa47a88854ff6e6fe9aedb41cb3685a

SHA1
5f09b19e397cd9be11e9c25df4840ea8877cc5f3

SHA256
5819eb5420896ecb1678fd65ffd1a8bc050ca9fa2341205474a43632dd0abe6e

SHA512
4f93e34225fba28528eb6e64c8a0093053f53192333f2205f0a8f4f6b1665908cdac450a9534b6406db8f154785222a9901a1b8c8ceb5f54e21e746839a64a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
16KB

MD5
c1ae8532a94b3b88518268afa04dab53

SHA1
807d378c619cc5594e267664c9be33879e861a48

SHA256
f7816bf03390b391724a2cfc24de01a65e1b2696899717b2ad3a5a1ee62c9809

SHA512
2b14c5ac22feff76d4d125826524e1fe4d7fe7a34331c2b26222b6df119b880b11306adffecb4170eea9ef70af577997a4f22341dd572ca8514cfa9f6c1f9afd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
18KB

MD5
93c282548a39cceaafb043ea875bfcba

SHA1
d8ad73a3c27fd226cc423e412bf274494837866e

SHA256
64e40d1396711f697460b5369dc1638e4baa9e76b7006baac8145f3916ef3707

SHA512
bad7911b7377dae843feb5f076dd8cfbf5fded65abce6b660483683167cc73667a0a034b1559929329f97f278380fb2af59a4a219ec2792aaf745d9427154be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
14c6ef688c64bb1607f8a1ce1a425396

SHA1
891c686f485af3ebf5a7783c2c3675fc711dc02e

SHA256
05e3f1e7ba02528dcefd1836aeead5f5eb378c85126af7bdb6f016622979c58b

SHA512
8367f32693d7d453bc9f51688d04b1568b7f4f2027ad6c1265fef18d43c9a23f6ea37d45c0dbd915c5bedacc36dc7279b5d2e48ac5a2ee0a8bdf08623a9b31ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
33KB

MD5
247a453a7827c21734bc971aa76cc1fe

SHA1
d33920eb075a9b62d19520c93129f526b7306f28

SHA256
8ba0c75a65a3c579d5aca0e027c2d6fbfa35a80c6a0b2f110fe16984ae60c7b1

SHA512
d0f839853d94e2e215f5fca59603c0324a84d70465fdb8566b77a0bc7752bcd60a5fe72217a6e6c1173dc67090fecdea8bd3583823287828c5c3c21db34ede18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
04149ed8e80ed5a76024a919674eab64

SHA1
bf560be8538b928053e349870fb6e6cac53cb0af

SHA256
bfdc464c70c8e0a756d94ed4e56f6ac0efbadbad2327e62b421632694335b799

SHA512
45f049249ef4f745709f5c1bf74a3811d6637fc769a207170acd15b155a1035556692d7760f7bb9647a32d0b6841cff248dd77697b3c793618f39ae452c25079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
40KB

MD5
0f2bff1637c6c3bad5dfb168a012ef82

SHA1
f49e9d0eeaec06280d13efd717cc5d8542c0a751

SHA256
80c8b5dee46c5d2a25da3411836462b52374fa6b6e523b61d7aec394637008b2

SHA512
bb46ade3e0516d2d32f4282e310707d4a4a208fe644f6d1d4814de8e7659e8a7a2894010b1b20c32b2913a033c382e340dac56e3254ae33431fbc71f30a728c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
35KB

MD5
d524840bc7b53e770b07ce2382252ecf

SHA1
8a962c2d69f636b7f932c8170952a50e34c0e0a4

SHA256
b34979aff938b1d0d5b28e965c788bebd74f2149e6b599c8097370f9753026b8

SHA512
1989f72b5559bae48419700c3a566ef250a0df5bc2a65351a06950bf0a1e6afcc79949cf55fa1e287d9d06cba67a12c3f41d3db8820c22e80d602f26822a26fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
27KB

MD5
fa6ee7233a1d28b7d83c1f995f56f521

SHA1
810a73781a8dbeeb12f1c62c0a66a2885a5d0ef0

SHA256
c109bafd4b9271df2e2c974fc5a56cfaffdb20267bdc6d1ea82cdae1278ae786

SHA512
d8a2f469109b8c9d9f10ccf7ffdcf39b6c3ed904d4758ae6ddd4b545cdf4a82d911dd22cd985ccc980471c533202538792b6b047a566434508b7b8bbc22250f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
6324a306e1b6d65042e0ef68a60f043f

SHA1
bd9880ef9ffc14033befa7ae7d883f986d1a3510

SHA256
805e10cca6e188ff288d6a1a9a224708417c52ddc090256737e3e5b02355822f

SHA512
2fcb38f71b3a7587e0c7b7d523f7f2f025aebb2037ae4ab41bb2534779162633096d004a0a99765ef5d29b144b1ca5670e085c345f704d76a59753ca836fb5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c22a2817cf8e75f7fa4f1f18351108a1

SHA1
df83754455afe04b25ecfcd375ad81050e2f0639

SHA256
0f732038524fd5bc60d29250d6a14dabed65cf941877e0e43d43c6706d345e7d

SHA512
3fbe4d5d23d561a57f1a58cc61a001a94985da1f9961dd83d9f27faad5aefc886189933e5f1ecf1a1e89d212632585685939924f2e766bca189c742a45c8b8e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
b05f3427069cf9edce8f4d432f954452

SHA1
5e65de9e773096aceffa3d8053415b9bb244dbd2

SHA256
d8303c243317c45f414ae8a4b74bf1c71f3130a37c179146514ea816e3de6297

SHA512
7c19a41a8f23a7de1801013867b92d71d0f0908910ffddf902d37094868cc875e1b5ce04586df6e82ba7e951cc56e234d82fb4161eb9c662b3d91e66f21ebdbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
7852134747a2258b7fd27068cced1321

SHA1
d7db4bc93885b64c7ca76689fec611ed25b2adfc

SHA256
05238aaa24287c867ca7669a4bf910ff3771b83f93f13d83715d21883bf750e8

SHA512
5503498d402c6d8061a1b671c521fb078a6f578b8f45fb99fac3efc2e8ae0fd0b5f92a699aa6cf50cae1168790548d9c46a57dc9d86a81b6d7717f086d812209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
49b3abc5392b56714f79b2b26e36a693

SHA1
5538a66d097506c12feeecbc8453dddb3b0e0313

SHA256
789fe33bb9b399cf5724ad74d1c396b105bacb85a99bc542cfb918eecac60c23

SHA512
b6e31f8aec98a3cdbcd57e8380e287a9926cc50c879407eec008065f97339efc0ce151f1051d1b09cce4d783bd40c1b0ff67515ccb3949f6b156f510be902cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2365b132e2a8dfa30085e9c22213f3b1

SHA1
ac2b141d29ee32de6caa7c43449d5c1894df2a99

SHA256
2ec5ae31bc7a86be566b53c98509f68b218f53d9a9eaada7128f5a4fa7698fb0

SHA512
fb634ff9a4233f597c5460e29f09ade814e76f01cf8bf50202d311fc4c56f9cdd0c0a72a604603e0e983a9d4b2958df623fded79c455bf5a4c7c1ce30b793f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aca46fa977d74cb516c6acee50c2616f

SHA1
722e5412fa861910761b8bcf5619153e1a748f69

SHA256
7b46a52bd37503c081070123937d84b8474df8cab144fc462955760359e8f68d

SHA512
95cc0361b6e05bf766abeb8078fd79cfc4258018adbc5ef66f93ffd40268e48d3b5e45060414d508e5da8df8c49084c81e6a70e0ff4ba8831457e4bf436d8ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
413c8a7165e71f3f56a8ffdec7d377a6

SHA1
98f4dbde3f23fde4e7a1c70de3f51924f0f595f5

SHA256
4049e2d180299f90603b82b3a67325e9295ba228dfc6d104186bda9f10b63dfc

SHA512
98434d193bb79e8311dfc5e1931f638f04582d9a475d46790d6c246c9f4374ac28953bf73cba9fd7e8c3897534485eb4137c7659cc943bea6bddcab03f712177

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
780b03d981fa906246346e2d02952ae6

SHA1
e2cd410f57298ffc56966bab8e10fb65b15f8fc5

SHA256
0c52331b52670b7a44f59f2266c31d8bcfa8ac30fc64cdffa5c1656f06a9f3ae

SHA512
e64819ec72011fa68ee8566e1c032e4ace1b70f594e1cdba42e986984a4371210a234d1ace7a0ce4ca4a3adca50236cbfd0390c033a070f8a5a78fb356a03f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
03ab4a11cc5ab1b3a42ce9b75c9e78c8

SHA1
4d8024beea99ac75ec15cb7407783678ce74f1a8

SHA256
3c45c97afe2b283eacfa764f174e651dc0c41b0969a05a276b019ea25c474acb

SHA512
a482cbb8a53f213cb874852590d8e4a73fa77ca443cf1027fee51e5fd98e06c84fbca05ab73e8299030c740845f3fa3dc6e1d753b0abba13df460d9a9f002e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
aee50e66d10587f376487d2c9ef67aa2

SHA1
d59caebf7e99058907c908481b93967c6984722a

SHA256
04204fba215b8abec52cac535077b0a4b3f8e2853f48e1fd9a633d66cfad6caf

SHA512
edf01884e860362c5d54cb87a4c3e7c5b255c58963d220ccf77ad911476a52a94284cad1d79a55ad0a142a9fbdf4c45968b06f54d28f51211b092bbdeca7d9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
fbd175d62f0338cad89d0269eddb9974

SHA1
559f711d9661e741d35269546bdccb2ad214b608

SHA256
f7b8432ffcf9192fb03817cce8124bdfc73d8c4134e23c59f95aa6c76fb3f27c

SHA512
3416c5a2db3554fef5f2693b065a13a3b093bab6d49170b7a1379ce820767f71a5981216244783909f3b3514091ff32950970d3eb22bab3eabed27c9f3a2d27d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
955448c80e6526cb3cb1d9e4988cd508

SHA1
b61069709e4f63a2edddb479ac1bad90c4c489db

SHA256
76dd28a033c8aa9f723680d9ef3504d2438a2c7487c059edde38ce0aa79e83d8

SHA512
84c1481ed9dbf05e17c9ace67134d1ac182507fc4f84ca0b5e2d20ef8fe20f58b168e9164e71f7427061a37277d1edf48dddba5bccefe800d5034681dc20f7c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586cbf.TMP

Filesize
538B

MD5
41d79550d897eee8c5732e3075e123b7

SHA1
dffb161d5431a63c76c670493ea1d1a4d2d2fa55

SHA256
a167f43a692da85aa88f4e8161a2985e28714b46e237b48729a32c748f4b4289

SHA512
cea2e9ce58cc84c57fb38fca7109ca92ac0bf3965b8c6706e4cc645ee100bebd6ce02ff91ad0e49de517e51928a4c30154229e1248bc42252a2142b776b328b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
242d692e4a22871f9f54f6fcf561d701

SHA1
b22c161068aecb60294fad1c45739832a59c1a15

SHA256
feb5a816cfe1b8edb0840d382e50abfd7ebbab948c1b51b856678c2abc7bc130

SHA512
9641cfc86574995768253953932fc88447c1b6416b6c0c4983d3f061fdb0aa6b0ec19dc689323c5a4ba16bf30a203fa12823519914f0c2ddad00eb1cdb934c76

Download Submit
\??\pipe\LOCAL\crashpad_1820_BMSPUJJFPZIBZPXV

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit