a72f74c056a71b2cc01f05e2a93c20bfb84f768ba057c0798b6253635b157e1f

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cd7ad54c493a32bec352ce673c638ed_JaffaCakes118.html
Size

152KB
MD5

7cd7ad54c493a32bec352ce673c638ed
SHA1

ade78d7c152366b3fc1d64bf054b955bf7d88cbd
SHA256

a72f74c056a71b2cc01f05e2a93c20bfb84f768ba057c0798b6253635b157e1f
SHA512

2c5e5ed1bce63dc1f2c2f72b745e34db0a261c2389120f1655c36ed91ebe487e12681d36f93998578786a33e37c73c7766bc85400e5a59b3df6913be81f9f8c2
SSDEEP

3072:9ZY2MYJ6rHfgaToXdYKlCoxYwp5lwA0PFCBE7BKMtht:9moaToDYwJi

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2264	msedge.exe
2264	msedge.exe
4056	msedge.exe
4056	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe
5132	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4056 wrote to memory of 1320	4056	msedge.exe	82
PID 4056 wrote to memory of 1320	4056	msedge.exe	82
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 4972	4056	msedge.exe	83
PID 4056 wrote to memory of 2264	4056	msedge.exe	84
PID 4056 wrote to memory of 2264	4056	msedge.exe	84
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85
PID 4056 wrote to memory of 5036	4056	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7cd7ad54c493a32bec352ce673c638ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefd5946f8,0x7ffefd594708,0x7ffefd594718
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
  2⤵
  PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:5744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2148 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:5960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6412 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,3776143829613961955,9939297410710110741,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:1
  2⤵
  PID:5304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
74KB

MD5
1c7e1982bd31c4ac1f58bcd3bdde7267

SHA1
d672d5a215d6f3cd05138e121dc3a2aad8a584b0

SHA256
f7c3dc7f8feec3cc31ed8f65dcd3ebde31629c69e62c26ee44cb0dfc55c3de83

SHA512
33caa8d1f077129fc36e4da0f50aa8fb29b204dbc7e8439781f8e28a953da49a63a1057a83aeb1b33012aaeaf205ae62c34d1391b8885d375c486aa15ec4000e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
33KB

MD5
430d0f52546401d2f8c037bb84952ebc

SHA1
446c9de67e5cc8c01e2108494fa0055693dc6993

SHA256
fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696

SHA512
6b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
35KB

MD5
6199d66820d319b4c775ede9fc7b6ee1

SHA1
4fee1e4da9484d70b249e1baba854ef299545d31

SHA256
e2cad833dc8c2683c919b79df8b99ef320a786bc2c99331f9f717f4b68d444ce

SHA512
2b76d355d5db8f2cad15faf40ee05276ddafbe3954a3f2c3fda0416b340920f059df3334e92f95c9e733a17cb402ea50d746bc95ccb7e39f3504b376740c927b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
9be780bc06907ecbdf0320d88e6da1d7

SHA1
5af34c97da84ba9319b4b8d6e63352eb9299bead

SHA256
bf111ba484d1fe1d7ebd0f2c1e3e61a844008abb17383c81610efa5f6ceccc3a

SHA512
ffa99bc96551ce59af822011cea136142aba10ea600760012ecc3bc5391dbdd3269e365770f4650e9de12fae39cad2a6f11d2e70a8c3c73ef17cdd93b2fb1822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
31KB

MD5
548260b20981c0be2d9dcf8d01c08c24

SHA1
84230120f8f1bd559eca3fb2fec6acf6cffbf4e7

SHA256
2f8a612a714e5c928525fdb193f8ec12f7965a6c0d63dd8e58ccae239358c8bb

SHA512
9308e58083e5a6989b7646de95d251c5431952dcd55e613e9c7100d817e847da0f4835bfbd0df325d9ceeb4fb9680d3e89311997b801b16bf8426893a2a34c69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
35KB

MD5
29b661fc1e9cf7368c9cf3e167cec1ac

SHA1
d655284f99581cc6a238f20425c33f83c18d5d49

SHA256
4b6275c7977f0cd7698d38c7726149bbb2a9902d33e7dd48a192a889c19f5ab6

SHA512
876d15b2c677a243b072b8e027d46fb66694dde10d8ef56d4ddfeeb56e352fb12aedbcdb57a5ddd13cd4795f1769a8775f083a73ced2b151acd9bba4ee3bbe30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
22KB

MD5
6f52f16e0c8869759029f92150fac68f

SHA1
d7171b0111ecbc51953fb6a6a0fcb639c9aacdb2

SHA256
0ba65009d2629977348e7cc30414a518b21b8fe7f50351fcead70764219b9bb2

SHA512
ebcfdfbd773d2e7a0930684c7699f4e557995473c50ed7875cddaf1ff03fd889684400c6f17558b6f801ab5c66da0dccc312cdccb1b2fe8e8784e8c0987cfe11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
26KB

MD5
47f7ce9d47d5d0e1fe7a4215a9529a03

SHA1
3bcec6a214f53c4eb7a401c2148246c4b71a00e3

SHA256
1cb62ca50c4fe9e24f13b6f9d5639e6f1bc6c9aec947068bcd4de52ebd5dd240

SHA512
d4c922fa8772debd74b619e3a6c789c56413759f39848e9ae22c4e2ef7572c230bdfc07658725bf02022b37f96c4c987d0a89bdd70f198c5df3869a7284935fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
19KB

MD5
9efcf2c0831bf7a548af1b3cace66320

SHA1
dc8c13a72690e47ae3700fa2c5745b7fdf1c1125

SHA256
9b99b13ee43b8246b5102351f52dcaa07c761aa9d4212be1558b394cfac0c3d7

SHA512
44224d4a65f89bef5058163eb6c83934f82dc27376b1a3f744dda76134c2b4fa68fbb4be101b31b3cff93e4dd1dac76a76c04456f3fe0cdff1a146a14f113d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
f805fbe793ad6f1971164a502a518f1a

SHA1
9718c0f1690592068dd0f4cbb92a3c2f38fc2967

SHA256
02a1459f6165583769b4372a3cad933ac07c4cd3c79a5de59917e1bd5c66ade2

SHA512
e1da7394a4222ca239e92a1eaff053c618585acb52d47be76b24d4fb3faa9039f87c76a1571c3c82e6b53ea88d60498f77e83d429c4330a01c930a921dd821b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
157KB

MD5
a07a0041143bc11d11c2fe0d37a5ded7

SHA1
cb14b39ec6f8a362a08d1957af211d81f750d54d

SHA256
233746b5d7f58579f0d5ea21e4907fdb5be5469f05dd7691633448aead77fc98

SHA512
17811e64a82d0810bb293ebafd2a04b20efacff9e12ae3f6bc555f75232349766cc52434947614684ee43ff00478cdc0c92b692053bd31c38638fb15b2586f6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
46KB

MD5
b4e4c40ba1b021933f86142b1010c253

SHA1
8901690b1040e46b360f7b39ecb9f9e342bd20af

SHA256
a1ad4fde10e0f378aeeb97ec0aaa27bbdba9ed434a0334052f0230e09fd891ae

SHA512
452cbfc40d99d69d65271ab7a6fb62c87d123813fe20898d13b938c13d54efb2e33eb04e165f18e9e91b6a0d02b3282b8e3bf2b8c65efaa974022d14c07bcfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
19KB

MD5
16c0a2c82dc0ab50f23123f7ecb11f51

SHA1
fbaef7794f352126af25aedaa99f1bc22d131f71

SHA256
5749a98e9383a271b4f6cac8caefea4d86a6b40e203a750d45fda652e167583d

SHA512
0bf3c5458b647601a1f28c194ac1bcc424ecdeba91871fab9178e8daf1fdf2ee956ba55bbf61b3cd2f54cb1ca008dc894e6a54730f5caf754c61d9ba20da8244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
95KB

MD5
0f978383950b924d31b77aad56c0ae79

SHA1
4481f7635c1cf3d98c542542d0106cfe498446e1

SHA256
afca43c7931d9ddc33882d9a079772bddced944debbf84143192c4eea3292c77

SHA512
b8ffaaf2d63b9582ec4917e970b2033989bd414b9bbf2b9d3b5359aa4a8a15cd3206e556514483e511df2433adab4c8cef9b8a251e2fb942fe4e7d846fdf936f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
23KB

MD5
ee9161a861da0aa45587488bb5b3cf95

SHA1
50845dea7d90f3fa4fbfa907de72d4604d99327f

SHA256
0f8cfe01947221ac2c595e1d648c3ddb816072f03786e4ae8d40bdc92a67fdc9

SHA512
15900ffdfffc207e1e8dce8ea99205284249a46216c692f1a9ae3f86783a7a28c7e918ca5976bb3db2e470cbabdd7bfa4e6a7bd0eb5e517d9c12b4b5ad759b22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
16KB

MD5
61c137de123c895db3bc3e7d96c945e3

SHA1
d2b67f4e4a07904c7316bf1c8ad6e5bb22e1f0ff

SHA256
71705ad702fef1decfe6edefaa784d0e9f4fe5e3ce9f308a68b28cb6f902bec3

SHA512
f1335adbd23213d8d97bf34ec4d2b37037522a48a5fe668d60de8f7b015eaabc7d4a52e364974bf9c2e78be335a2a4b45075aa030b700d82b011df76403b7538

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
800KB

MD5
f941c2c08f149ec278a55f7db3bdfee7

SHA1
24b15cb166be8be824361ba53180cdb1d292af9e

SHA256
0f6c0b2a6d8a24a748eb606d40d97cebe53b9a8dd07c65ad07cc8e2ae190cbe0

SHA512
64b7d47cd96af8ee27036de1ef430372e4950a9b75d0b2ea6d040e941fa22cbe515f8a2dcea6415eb129fa00b6f277ad51cf376e82ef2256aad78d04707dc75d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
138KB

MD5
a777ffa7db21870244446499fdf65550

SHA1
45e5f258d3af00ea356f931640982861b6a2dcbf

SHA256
17a0e6541a1d70fb51ab3e43ead1d1a7d6a42093f6f493665c0e91ed413d4f0b

SHA512
7516b432e6cb32ef24bc75d374b78abc94b0cdc6e0873f3feac3fcc09b8f4cd1e6a3832fcabb44f04b9c1f768c8216719e86e1b383ec79d31d9c559a27456af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
12a53f7f8b1edee8070f8bc1b4b4a38b

SHA1
f2ea18081be8abb3db9700e6fbfdb2c53711162c

SHA256
49200f904f1f737c8a012d316be62aad4b738502474bcd94d75e879199bf70d4

SHA512
1e72e542b25f53c67928481f22c56f6a39cc8f17b4d4dafa708c695782b5fce195b6c421849c99564b010bff7fbd8b54b35d7ef2d44b8943fdc76203105f4d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5c9c920e09a424f414e758c9bce25077

SHA1
210ca20313aaa3787046b3626f2c1c8593aaf7d0

SHA256
e473a2a9716c8008d5cd1f60cb6bbd842c11569dd52a1e1cb8449a18cfaf6b00

SHA512
ab0811f47a1b2dd806b4f91f19b5ccdcfd557f23f8399ba1f46293fabe719735e493bba11833ec84919cfa991427e07a91bd7d917c26f5422d99e79cc8823485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
230955b1f979c5efcc7287b9f268e2e0

SHA1
5eb4d15e0fc4796ea2514ac11a5453dd1f5ec537

SHA256
c18e4e0c8e0adb56cb84edb76c0b29dc5480ecebb6e32fbd11514fc129331543

SHA512
4dd8bfa5e706ac3558f1f4dc055f7c77bd7fb4f5f365b9a4a797103622005c87edbeed5e0afa69df80c5a1ca128e9cdfa4c8799e842c218bb0d8fcd050dd8376

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
5cac185c3cf3481114b4d3a5326a586c

SHA1
e8dbdb1b71a8f8a1c7ae4924fbdd16a290e21900

SHA256
4a84e5b14555598752187db954c9f1ad5fcd6b9463c853a0cbb903829bfee004

SHA512
fe7f0f28a2b18f11fa34d694839d73519a8f67d9f3b16b6dfe53dfc69a01f9dded98b068cc941751cbd84de079075d07bb5ee05f36f2d1ca7d22d74cc28c691b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
89a8553f0325cfa6ac88f96a486a5435

SHA1
477d206a74e46bebb9fb7ce5acbbce1b6d79e097

SHA256
049345c53c45e70ac93bf458f5f88231a2bc2a707ec6d31807dc869c8dc93ef3

SHA512
bb5c67418f3c85088bb32f845db3d0924b95c766296c2221a48268bbbadd427ed0cbb3adc16457d3609311f36a9e2d2c193982e0e1ae546ca54da26fecee29fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4f2f4f0a7090331b11cb4476a1a3763

SHA1
9c207dd977f05bf80cfea6c174e19763498d5686

SHA256
5fa1f791ccef3e9c2509950c1303468e308ba20cf6cf98ce92ebda0171f62468

SHA512
9e305cde98388b722ce9ffe2cd3cc133c1ab07ceb0f7ab3bfe77081eed0abc38223c3ab506aa323db8a8e614a2303e265433492da126a7bcf3b81a240deec484

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d370ebaf69a1c58be5382d8223dcc7d4

SHA1
24786045e70862ecb3a053fe19d05a754e330d1c

SHA256
bfb7d19492db6fd05a24f244e2a5e90ab666a71332eda59e788f6ee09be85967

SHA512
c2dbdc37c26192e4b6229b3272da1707d065a3c6040b482b296d0554bd193e348beae2179071b065ff811bc0e3affecc627f4cb62e18b811a22556e428344758

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
560b0a8ed6da21e80fbc56af4db1ab63

SHA1
6f791f86c155ca811d25c81d03753008b18fcd84

SHA256
4f90b45d0b36d343cd9f5eff189d0181a62d65fc6a01987d2fec7b7ad4037965

SHA512
c15dfd79e176f8660f886847d729c8908c6f192656a8e435f3ed1e4c442370ddaace87536a3565d6ed309beef0f82b3711cae84e1cc286e291c49e91485309ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a4b7c938beec791ec3975568533aceef

SHA1
2832de198bce4eb78efa1df75d7631bab14cb30d

SHA256
f988d04396850f8e94caecbd55a025dfc60e00aef574c1dc119b836b14ca2ed1

SHA512
12476c90b579387994cf801acf2e08d264a3a229cbf3c097bf7e5387cb1f422dcc661e18f4ceb00c5a9506a5c2a123fdbe30b1ba61baec5ee17aac22becceed4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
908bdfd65a7285722ab51a36cb3be5f7

SHA1
5b888e6e17a7aef0663061b10c5eb6904e7a7974

SHA256
7378e1c01928a003e1d4f640a152da26c6e9ab61bcad12596769402820b2c02c

SHA512
22e2e5715421380604692058305bb2884076d51066f0f6bf813f80de269b5eae3b6e689509a094d281687c51fc19af1b27ff6ed03fc456e9edc10c72204982d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
e880d0f10368816610bdd4e4fd40e9cb

SHA1
db6541b4462f2e5cf9767a32c0fba392a975fa6d

SHA256
5df6d7f3ec37086e91468334931efe3e262f824eb90652da15629d68d0f3b75b

SHA512
8ad7c8bf226a916e7ed0ad1166dc1ac8703667b4711c24e67fd956d8fa47746faabbfb9a928288b50e216b5d682160046be155f87cdbb115177555330320f21c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
f1a42df011e5263689297cf187e81383

SHA1
de80a925e0f2fd39448b224af634d9c9b7a1fa38

SHA256
d0fcdbe98b00e346b7fb653f220b658f986a07123b5be05239a417f45f6458ed

SHA512
75fb66fee6c28af048db99ff03678096573ddac3122b941837b13f495a7fca465a16d7c37a940a5af923a354a95f97798c6e36e09596df81ccd417a16c2577bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58196f.TMP

Filesize
204B

MD5
6f32a4f74b0c92f66455ade8627df3fb

SHA1
fb8aedabee2a7c078b4eead8b32a2796bd3cc085

SHA256
cbb4e69ae5a897889b059dc8ae7561adaee4254a48f6cad8f325e5dfff859ba5

SHA512
049189724f5a34217bd5255462b0989b09e9d75aea8e71be4aced54817d43487cfe433b16e448612b0ecd7cb69692a852a3ab14089ee69f72e59013da54f6c63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b3836c41-9d20-4661-a2ab-bafb6aefe0d1.tmp

Filesize
204B

MD5
c6b14e934e7a3c271c399950f7214c6d

SHA1
3721d2a788ef5c60502c42aa71a24edbcbbe589b

SHA256
9b409f1336a9c0592a113b61aa335e880d8504d16291b306f16dcf8693264265

SHA512
b64314fe688bcaf4013474366473dad1e8401305860caeafc945714cbbe06a748ff68a3fbded0e504fdfb340319b89e2dcf7654f16eea8bd114ebdffbedc8394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6129ea185b979885f9cc2a89b9bf2ea9

SHA1
608aca1484a331f6e5df2ae0256c06c383d1fb6b

SHA256
adebb0331ef98fc008fecfbe98375bf390f4514f0b11e2b4aaf00238389ee37e

SHA512
1fec9fde0991ea1f578d7eee05168878d02f0bcc45b49af3f0620d94e09aed280ac412b89057396e7fbfc43227955f599d431ce93000d55484144a20ca392b43

Download Submit