bd185923dab1cf87e5349779cd086c723c8d75b3f383be65827cf8ae5f3bd645

Analysis

max time kernel
134s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e9f8d5a2588b2127e6bdb8c50636d67_JaffaCakes118.html
Size

62KB
MD5

6e9f8d5a2588b2127e6bdb8c50636d67
SHA1

ba025866e494cae83e5e75bfde62ba9678ee7bd9
SHA256

bd185923dab1cf87e5349779cd086c723c8d75b3f383be65827cf8ae5f3bd645
SHA512

752420036f2a3888c139102b73ad1cb3b85bf1aa437634441152f267a90a7b56c564a240cbc1ffe8c77172165784eabbdf83a1a87d9e43fcdad1fb69dbacc2b6
SSDEEP

768:X013JcHKyHHvPWUoA6gfcBJxcpQZxIs30GTTt0l29rM9ff:9HnHH2U/cOaTnt0gK3

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
2148	msedge.exe
2148	msedge.exe
756	identity_helper.exe
756	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe
2148	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2148 wrote to memory of 4276	2148	msedge.exe	82
PID 2148 wrote to memory of 4276	2148	msedge.exe	82
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 2456	2148	msedge.exe	83
PID 2148 wrote to memory of 1408	2148	msedge.exe	84
PID 2148 wrote to memory of 1408	2148	msedge.exe	84
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85
PID 2148 wrote to memory of 3816	2148	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6e9f8d5a2588b2127e6bdb8c50636d67_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1812 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:5820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:5836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7252 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,8496149738751123246,9965610112681856231,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
9fc8583d61690566266532681fe0b77b

SHA1
c9a4b126fdc517475d48414a85e54da2fc06cf84

SHA256
313770b59e66883eb293c9b6ac94b945d4730c79a898cb564181bd59d9b4caf6

SHA512
4c2cea05957b914ff6954ccafc5b31d1272f3e84b85e63cee1cab44324a934be00209cf40f9c0c9dd813c314987a60ff08d7b4cf12b1cb36c5d51ad1bec520f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
67e5dbd0f52d411d313d80edbab20f2d

SHA1
e1415c6435cdb56cffe6753cef38a2524d6753e2

SHA256
21a953033d0377d20f173cdc7923315d539fe8c6a4c753415121e38845e61973

SHA512
b05fa9fc85f9bf41ea5d60a3af40b24fa82957adbf0ecb2a0a1b9da968df47c77f8b0bea967a8ed014060cf021a3ad6c5804e06ab184b7f9add3f3aa3f88433c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e1bb51707577000f7526616023fa8bdd

SHA1
f338d7aaf6a90a010d8e72c50ec4c1c5d643e08f

SHA256
c2e8bd0c69b18a6d17b0d7009f9cea3c3636d6a54629b1fd894232a96666a311

SHA512
4c8a37fd51cd0b029daddb82f3cb535bd5f466f52fbf81c357c11900c1cf261e6e99d43944d612d9788bd756f105ef94fa5f51470e51ffc8c06c88a24aae2809

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c08b7756a62a4b36dfa9793a669fef22

SHA1
662123952ce31ba3a085c012f6e04e5dbd18dc73

SHA256
7cbe267eca40b3e123373dbe75364912b74a4b22b309bdb85acac66f4a826097

SHA512
b37fa718a32c838a3137a33e81f48dbb6cb74cf357c53be293d52db2be0577ff1426a2145ad12d31039a4e9f33573b8cb0ac5a143c17bfcf143549009e3803cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2fb8bfdd1c4217ac4a4dbc092774e282

SHA1
44e2ce85be7928bc14411897a8d92c375f78b988

SHA256
0420cd953e98b8c8d97897b4cd002535026e171ef86df9de25077d8f90ad8c00

SHA512
3f5b7080d51ce9dd271ea9ffb1d47b2f4f797b04ae08bea19d40fd17a95a3c97611449be07b6608ad15f899cdb2b0691b1323ed7105146b60aebd1cd27c2995e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dd6500f7c2374f6b9448a0e8f5769b02

SHA1
25d00a9c96a1a1f90d0ab98aa8b2ade38d758f16

SHA256
657fce84af55f0a551ec9e37ed27b7c4d0500d3de874f5264f3ba5509548338e

SHA512
1793c9fbb56a16686ef053da6e90687f26cbb9f9119196693628eb47eeb336ca31abb0eb53f2897bd2ecc14b2abd9ea14b0ce821210ed570b830f8e9850d7087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
21f4fd5b50bd2a2ceed02ddf1ea31c21

SHA1
52b92a30d0678cac71c7c3feebae6a29b402833d

SHA256
cad9492333d18b6277346adbaa4e927a387229484a4d60a96e7e95c26cdd4be2

SHA512
942b026001a6eda5d69078ea974edef3eca787cd9552dbd515ced5fd0b4daa2bdfae74c9216ab1cd167cb081644f21d7b144f5a6376fdb6878917c3507a7d276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5224073a32da0971e1d4760b3df7f11f

SHA1
e1fb394623873a1da719037a589d03aa0630b54c

SHA256
edff81b5a238f0d7b94f91ef28752cb905e429fe53bcdd807802d0f67daec483

SHA512
3eb99bf52b522029870c465f8b60a554c936922f67974f7ea10a096a2719b8efca25b41446d46bee63f8696ed146c15a35629c851156be126edc8fc7b3a7b4f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f52046a9818e8bd39df7626a88f70f1a

SHA1
8168f3b5c1d8a4f07bf6fa34f9e78317b3146f1d

SHA256
9d169b27190c91ef7c765bc1ba79cc98998c7378ad82252528ddd292fedab0c2

SHA512
a8abe05413538e5330e970d1d68f8dcaa2d54f2822aa8eb9b082141b7f87493979a0f908729785070e00abb18ef48b93f4ee21db8e206a7adede1eee45d90917

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
1724aff3c62d166351c491a3b2ee79e6

SHA1
275e0a697e7b5d29fef0be6a7e66b4d2fe6efb74

SHA256
849786baa1246bb889b160e9925ae08a4b6a933c102321c8e803e374237053aa

SHA512
be4dbc06e6946300f7b7bdd2e309ba0dc19ee0d45cbd0d3f800f776544d904708fcde63776dd306bdb79ce9adebdf23427ce83ebc8e4acfb1e2c6efb669466fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a911963042a7ded6479de4d594924f49

SHA1
b95abd534976697076d4b6cd695bb72441ad59d2

SHA256
44818754b5c637d4789016e2ed92d769f392762cdbb61f589055d0aed8550d91

SHA512
0f1d8bb908ecc10f0ae3bc8b6e98b31df8d4cbe9b26a6c484ebc3910d6fa514243cbdccd11ce2919af74f64f34ec4649ac50a07f201564a6a897dfc220bbe8a6

Download Submit