d02bcbbf619627387f54d68ba77ffc25b8398d01058d80fb454317dec4bdfab5

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 06:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7495735924a432dc832bc760a6354955_JaffaCakes118.html
Size

617KB
MD5

7495735924a432dc832bc760a6354955
SHA1

7e43892b37939c29e7a2b19aab626d1677db4189
SHA256

d02bcbbf619627387f54d68ba77ffc25b8398d01058d80fb454317dec4bdfab5
SHA512

9c002fd09aa10f6cef6268b5c50b7628af3568d1755a30f10e315d3faa8fd60148d14848ceb8f3ee07a6e02571892f402181fb7da748b9150cb5d030f85fff73
SSDEEP

3072:Wosp2jdAI7ddL30Clu50t76ISG4dKr7nr1tzo4hSGVcD7FqXwlOrr3JqS7TxxVbm:Wosp2t5eiLirYJWhXos

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3816	msedge.exe
3816	msedge.exe
1288	msedge.exe
1288	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3968	msedge.exe
3180	identity_helper.exe
3180	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe
1288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1288 wrote to memory of 3172	1288	msedge.exe	86
PID 1288 wrote to memory of 3172	1288	msedge.exe	86
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3456	1288	msedge.exe	88
PID 1288 wrote to memory of 3816	1288	msedge.exe	89
PID 1288 wrote to memory of 3816	1288	msedge.exe	89
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90
PID 1288 wrote to memory of 2380	1288	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7495735924a432dc832bc760a6354955_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc114846f8,0x7ffc11484708,0x7ffc11484718
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6900 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7828 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7992 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8324 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8500 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8696 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7844 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,7045731805172871125,13961938062821879607,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
  2⤵
  PID:2752

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
21018902c9254c113fcd41252a26968b

SHA1
cbb817ec57fdccb3ebdfd987aced21be999d6317

SHA256
9a86669460884f34139ee067fc0eba4b3fd4d008c8d93db8d86493cdd9267903

SHA512
3af87ba744f7d0252f66ef384b66a6b6d78d26bb5395d89e6d8de13bec1bf70ee4e182f088c23b9e3b598436ee778fc104dfa5e9b69745f5980731916dac37ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
893a9a681fcb2cff82b65b0c1c892fb4

SHA1
daec584a12de494eec0e84fdb4c5eedc0de80543

SHA256
aa81603b022bd57097ddcba3f06ffe358184ef7378a31f4ebba050003f562d02

SHA512
b3fa26af3e8088410e7da580103990907fdde95a312874111ae86010f72c11cc33ccba6aadb66b733f02036ab837351a36a9f30381baaef5ad5a82886a6e0b28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
2e30bc6345486a39e48107e7dc57a753

SHA1
ddbd2449e420d8a45db334a610951668c585a68d

SHA256
ca2bab220197af74c6735e6357147c2591ee4cb5e9eb117926198d25d2562709

SHA512
58a5796ac6f3e3eb5f39d6b563238f1b5ecfd696ccda92b7792a980d635bbd657fecf7f2bce700407603f40378239e6a8984c248eb21bf15e13027978aa53b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
7d231ba95ad948ad1022a62d53663eb6

SHA1
a74a0bd1eb94ec065e95d67a2344ea22e789289e

SHA256
b463e076707abac0eed53f080bb03885be3c9e61326b3a24f01246214e37db00

SHA512
9a33356201e6f36b452cd4d0186e9ef9355c02c0b4146d1750587ee159bf3037e052040b6f49bb314fc20a725f10af05c57e9b65cfdd6b0fa0fd33beadecdae3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27b7e553ba95fe2fa9c58b5eb1d2ce1b

SHA1
ec48e18cac5bdfa1515fafb295eb2d22ce5c5145

SHA256
25805be6a27dac7fa1465044f4afedfb080f8c7d9c4c579a7d31fe4fd1ca93e9

SHA512
bb31bb81d9ac668da156baaf1fad6e223a7f707a361b292a42a1b2e209308d0ce9d30786bce7d625035ff290728c6853d398046247516ac2ce5b24bdc7d76f8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7633f3f4c0b0cf685e433acfa549ce6

SHA1
de5f43b3b0af70b53f6cf16facbfabed371c38ae

SHA256
6a74dedca54b8785425a5e5805227839da4f96b4173c6453ff8ac8c70e34c266

SHA512
99b8276deddaa520451295d213d66c9ef2e25faa04dafdb0546bb9528dff61d75f5476c198fe0c389c850ab350a3b642786b563bdbbe57ef64ed2bc53026a2eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8362023a879446c8ce0de58136a8df1d

SHA1
832486c4538602d3c7011c3ca1b6b9e1ceb220ef

SHA256
28125b622abbb778405a6b6cabbfd92fa7b880919b545f0c5a6362bab6907915

SHA512
faa831ee976db5b1967c16f9830bdb76b34d547e8971d462b2c588ebc37be88db25405bcb85e22a760107d2408c8b38a3245753f6a0863f833486e6e2747a52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
00eb43f170a65167fe3ce55dc7634487

SHA1
6fa2cb395009351a1551b3bd9a4a25b331c914c6

SHA256
6c74692df35e493065bd548624a5abe96ac4917defa59e871b571f4b09f9e0b9

SHA512
b25c66abaef2d37d216df6bd871bbc1a306489d27fb2f70073472fa96c269e8a241d3c089f6c5f19dc7f7b88e99eca3528cd81872c6b3f1e91f644639fca3f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b6f682738002b770639ab5b60bc6d05f

SHA1
d1f11e4cff1224e4ab5befe034042776c9e84703

SHA256
5f900cc4adbe6f6046f90c1ec73f0fa4f05e8b13cd934b7879821f7bad02348a

SHA512
d2382bbbf741516f6514dcf2042a45c5e30d14b38bdefc4771657563f008eb15fdddd5f837314c7b1939977f28aafd68d3c91fc3fa801335cf4af790ad11c45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7a15564db7a12c1e908563617138e70

SHA1
21b28546bb6edeee32361341f7326b17224c8751

SHA256
54e405b965be6507dc5b8c1f815a85a3491101408e993a21d45a7afb927598e8

SHA512
2c10e5662f2271e88ee8086336f1efd4946fe209fb061956603e4f4107ee183a0b1de0037fbf7e1730fb6d5635f00cee31d7a3b7b9ba39c2ed0b8810dc05e24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
831cdac5266a3a38028d9cecad593c89

SHA1
a6c52d84ac7e47f2264d41a43e3eca19bd2052d3

SHA256
2c4c31d222791434d6e7d12d1753a2130e910f7905c22b2679e80ed54dce5a4f

SHA512
f52fd8e984eb128be2d2d8f2498a9c7b3719b5682f7b7955ad391db851316f8749eb7a7460e90e94b41aee523a9f98d361e5acadd0db713c397c0291f8bddea8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffede1af7875ab221ba2194b227d7e5b

SHA1
3b0a2d580ab73cf8899cada822ede18643ed7948

SHA256
7f634e68e36d56b0daabffc335bbbc899180cd2358cd3ee7f61c9fd9436909f9

SHA512
5edf8b634eaa8afdc0484694dbe6cbf6376624973fd6b5ceebda9f95125736aa0ad7fdee5998c0feff2b929c976b23519e9a9eb8a7782491f13b5fef54142b12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40f5d54fb21cec94df47121b283fdb7a

SHA1
6dc4f99c5279941d309309ce158a455eb6f366a5

SHA256
07c28a4c1d5c9720c7b48e956bd0c7b7801cbb83a7efe420c383ed2354766d86

SHA512
f5d11694d2001c6c0c714cb6be55a7bb84e4c22a8805c648a6e4dd316c7c27d5147bca8988d14ddcdacde336db61c847415494f9ede3d1803dd9f555c0527f99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d2ff.TMP

Filesize
1KB

MD5
e9c98d0aa84b4bb614b3e01a24e4cf7b

SHA1
700fbdbc985f6d6699a39b4113d9f1eee2f99306

SHA256
bf66d6550c97a34113971b5e519aa9c053abf1e6be40285f936f33d95e8af1d5

SHA512
bb71226fb471a3391ba07473cf01b4bfc9f89e4faa695463a696ce9737529097be42d360da65ca80739e72b296af2a78d5bf93266646bda06ccf79ef46905019

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2feeb9e22bb5123abc039a85ef21fe80

SHA1
6f890dc8ab09339d763c643973d7037bec691a11

SHA256
26c4732635757dad7f9f48d36e982f93be2828cfa99e7fe07c6afb11690b77d4

SHA512
98c0d8a641bb3a9669e01548d3a8d5e185e789cb204b4ededca5e1d69afe78f2304f6d5cfad9266d89a68a8b20d3d73f98eee1d2db5d68ed89c9c6220f011419

Download Submit