77ae5f430a1fd5c663d955a462f37130c49e25850b41abe0bb5a2f0543283ee5

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 04:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cef694c55e79ac452d3e9d1713bbea6_JaffaCakes118.html
Size

94KB
MD5

8cef694c55e79ac452d3e9d1713bbea6
SHA1

16a2c2afcb6cafbeeb5a1829dbfd5767b2a8fc28
SHA256

77ae5f430a1fd5c663d955a462f37130c49e25850b41abe0bb5a2f0543283ee5
SHA512

5a43dc9616e1b314a7586979319d099cad26045df5a6d495621751cb62ea4c1f652963c4b18d0e477b084578aa95240e771c4c7fe6c640e6123201247ffaf0fd
SSDEEP

1536:iqJ/hlHMKz/y6oZOxK+ELdiq1KxEQruWh5c9l0XYXq0/KLKI/YO4qIIwoQQYg18h:Hflsq5xK+C1KQKLKI/YO4qIIwoQQYg1e

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
1984	msedge.exe
1984	msedge.exe
4556	identity_helper.exe
4556	identity_helper.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2032	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe
1984	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 4028	1984	msedge.exe	83
PID 1984 wrote to memory of 4028	1984	msedge.exe	83
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 4180	1984	msedge.exe	84
PID 1984 wrote to memory of 3368	1984	msedge.exe	85
PID 1984 wrote to memory of 3368	1984	msedge.exe	85
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86
PID 1984 wrote to memory of 4936	1984	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cef694c55e79ac452d3e9d1713bbea6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe40aa46f8,0x7ffe40aa4708,0x7ffe40aa4718
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2684 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6832 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6948 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3544 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5996803711434966331,6331313164286169134,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x33c 0x320
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
46KB

MD5
f871dd44ae8c9e11c5c85c961f8b2ab1

SHA1
7618910822a0f2639b405e3c0b13faff0431140a

SHA256
2ae2564f74716a4e44850d845f0cca255c6c0c3a7dc0c8ee6bfca0212cc394ec

SHA512
3b9638f705f83e37c3e0c9db1205b2ac76b96ba72ac56013a6aca6f34a7a9ff3548e8fc67d2b85c9f23f8337f696baa8fab01523fb04b5fd618b130501eed47c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
6892d7d3b54afb4207fcdeabafe38768

SHA1
7d39fc10ca9dc31743e4a8943a77abd6c900d20b

SHA256
aa5c85180af33bec2c87cebb6ea48cdd2593754e20706b8a765a0e44ae5d91b7

SHA512
ad1654440db0e1dee9c1608bed92981de566cb74d622d8bd7dcddcd9d882d09fa2be32f69495b17b12ad66d874af78fa1adade3cabf7eb2f17af7d02ecae9dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
6b35c46c61efb62c462c153f91d859c5

SHA1
9aa45d13aa5b2ecf1294374ac14c383714625847

SHA256
950f4d36a608cfa9eee55e6e0d3148a339b3fad02973c69b6219e4e29966c11e

SHA512
55940bc07c47908c8c47259305eb58363ec94b3a0bea20fbae6fab5d840ae27e31c5ad13faf2ee97ef56f4bede4fcab22345475717edfd481a7d5f651e7fc228

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d74ccbb8f1867e47c4be7d65ed275e09

SHA1
99c3232b9928aa2d42de152eaf1ee67db3a69e83

SHA256
ac87c5f1d57f9296c9265bd153823eaff78c0bb59be9de9292a4d180462f0ab6

SHA512
26564be979edc258324c4ef032b12a9215391bb8c94495faab85a7b06f29440d20df7d936c023f86bfec1e78e1c39ca57e25bd81532600c0fbefc689842f9aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
76360fbfdcb638598f440f7dc719aa1a

SHA1
a427a4b8f7c5e91f6059050b96c6343da8fa4830

SHA256
57c65fddc960dcb7907a107ef6353c83e49661902976e466d744469cdf9e9151

SHA512
e0aa049030cf3c2e4b06983457e0f5dea22b7b48306d1af9edde3ca222ba021db3145c685f81b361bc63ef0c44e10b8d000a6b0d1b47ec10fac2e48af325bf8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2208d705cbe361eca6f77903fe46482b

SHA1
ca00e0e3e817d001c3241153c51884adfa35bf31

SHA256
ef1008ccb152965c724613b7c5fe8f092261c0d594061e2b117e41320368f85f

SHA512
e1fe733f89b81277118285e1e6791f113c2a89e7490d7a4814e42bdbc3450574928ec2ab60daf4fa17ff8ed4d27437f442ce6e9c7b2ac6b047c12d78f1174265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0b5c0d4a307d4e14fceab9663146ce2e

SHA1
a3693f808c58e250e0dbf5a81eedb543905d05d7

SHA256
18840abb40b3d3c4e6e432ede572f710b72ff3ddba0083ef733afa30d4f8872e

SHA512
c6138281f3a5249a378b316b636ba9cc92ae6b2c40cafb6ee8d7e20d7280fd872671c4102d313bf64e081dc11540ddf36fb75dd8b669c4c5f0ddd1d37376f96a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c0f3d24ef1745b250ce5347efcae0e1

SHA1
f725efd6528cdce94aa3785aa32984d9ce3a9745

SHA256
ff764ac0ac4b4f603d4cb24209a8a7ae0a20c81723cd1ee57116265c259acffc

SHA512
7a9046619a6127c881298be1763eadb292ae10914cb0084c3f327caf147e191b41ba1add6505743d2553c139b0b0dc8d4dcce52b43d5d335d76e7c44db3f3626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7212bbbb-7aa3-4012-8954-e7bde38d131f\index-dir\the-real-index

Filesize
624B

MD5
4e305b0d7e02619b718d0464ef122642

SHA1
9e8e7221bab705684ca51ff6e4b327a1ee75796c

SHA256
fdc79d739643d3857ab35cd737a4aded52e8b96c19df23294049fa24ae3976c4

SHA512
27bda5a155f5c93d17981b7e72a6978bb0bd00c0f904942db39861b2550e0f62cd45670c0ada060150deaf23351549d34e7f4764ba31672955ca9cdc2cb7adf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\7212bbbb-7aa3-4012-8954-e7bde38d131f\index-dir\the-real-index~RFe5900d1.TMP

Filesize
48B

MD5
7bd94f6b9f44e0f948c8c26a2e5af2b8

SHA1
7c5778c55b08f334b92de394ea9df4364055cadd

SHA256
e421564b7c031466787289c2f511914147bb9a69124cc9b364f785a993d1c9f8

SHA512
4ca91aaab9a0881d4a2b3d7693a10da8aa4d8beeb7007bddd81eb73025df72206fc849d8d4e57af461b478745f375cb5ab11c62591ad10ed7c9edaeca6a57812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b0639dac-dffd-4620-a87f-d3fed450647b\index-dir\the-real-index

Filesize
2KB

MD5
accbdb32537aa2bed7a0d2bc03e647b1

SHA1
e8173f075751bd6e088928316a08e964fa11fe35

SHA256
5b14307eeba2434554c0c95fa168e58e3ca3a4a6049855754f458499e2c1c8c4

SHA512
a13b5949508d3f0a76578d32b6b2d34e8d6017c14a2acd539e55ff0904a6acb9310c120ebe6766bd041bea7ec4dcf7af4c019952450e2d6ddbc3a69458916bbc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\b0639dac-dffd-4620-a87f-d3fed450647b\index-dir\the-real-index~RFe58fd66.TMP

Filesize
48B

MD5
179aa6a01a71c84e766c2559fae627fd

SHA1
623609e943c37cd415180e55133d0f68e60deae1

SHA256
dfae4cbafa72ab2ef95e278e7a47802c9e094e8e4b437c0661979607aa7e828b

SHA512
f88d749ef567a8e7483363b077159f399c14bd89d0b15fbb7011c725dad4f472b72fd1fabbd263b11e19fa558b11abc5e96364d970db5a0365782894a615bcf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
6e5d0cbd1321bb717fce7652cb352e87

SHA1
0f4f310cb234ffc80dde27ccbdb444254f350c02

SHA256
e3dab2dd5753aaea31c500a83a9893128101be6a18e3a569a024f2f456c202a9

SHA512
68ec1f78856430897416ebe239d4de0f6f2e1c543ee68d5d674d0e0b59bda76143622f2049966190699951ccf8f358840151abc4f60f4c578f4b6eb7908080ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
074aa22d281fb50c05b025d1ecf89b3c

SHA1
3db671d56509c105d17a51b0791199667f6e24a1

SHA256
b80f83f460126117d0c58f9dd68222cf84f6417a7f99a990e8fed5ec8cba5b9c

SHA512
e04c3760e8d1b5f972b390acbbb4c61e1943832543800f7df8d903126b32b3a211245216abd2d61acbbf96c0211a84739fd7a9fce1ef4484841ac67518dd466b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
ad85014b3fd3d35630581e0aefc1f3e1

SHA1
2441600c38da4788377061f9ed4bbe29557f3244

SHA256
0cdf6d2603ab03080f45c26d57a5041d87ec5ced750deaf3c60bd1472404552a

SHA512
be38623f19368b61d23121979df20c7b562889318068664863f43c26edcc64fabe1a198011a823906052308b66c01e6e344c4bd5d444a4e974fa8c5c7b28380c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
b77a847663cfa75ba4d4530e12c4147b

SHA1
3a4f2d1bd27702bccf0ff82e34037c57ecb3c892

SHA256
9d4390970d12bb7c168abaf47616c1c3cbddc0549a928d8e7eecce54cb1bf5db

SHA512
c189277be306f47a3cd24b731f09a90f6d7006cfac68d096838ab8887c3fbd3ea9e04721f16e9d00ffe96447a1df7f2e812c9f152a03b876871ef6fe90e8712c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
56f36777d0b315e05f60b12062bc91aa

SHA1
205b892f58729bdf8106c5e6191bce69788085ae

SHA256
b2b7ab0ed9820558157efcf2fb7400dfb879ceb0c5dcf3be21fffe5d614d3507

SHA512
7f86e75593e452b4f5abbe056480b5370f9719565dd82ad86d77f7372313e28fdaad4e9a5acbb250c4eb216eb9542dce361fb26a7050944882aa3f2eda678b85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
be64ccb2d5eb87c9d9e6e2e514218cbd

SHA1
7dbcc47ed5f63896d80a431aa182c800ed8b2b28

SHA256
e77e1a09610a431665366d9cd3b6c051406d14e0b458e482b38ecb69bc278f5b

SHA512
4c01e6a0836c502a01583a93cf1577e5a250deb84f652a1f3dd4f0b0c3ce5e96e7d3a91fbf8f6717779328fd50b9b4eb9fe94bd263bed665592863a59f51aae8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58f865.TMP

Filesize
48B

MD5
1333a2f9fc635d2d358c3c1d1bbdefca

SHA1
96f5baf7a9cd0f83d87c8b08935f4502f95fd97a

SHA256
739eb999de36e99385de1fc4468119115b15b8903dbe760a780dd0f831163b2c

SHA512
f31ca472ede73fa3a4d95deb35901ff98eb409453bb8cd7b51aa056e52498ccca41b6b766a0e5f5f5b81433c33ad6de5cd864f867cb56b5a859b4d63960c4b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
863B

MD5
c18ea8b384d97ccbcdef1d79f99ad4a5

SHA1
3c4f34cb13a232a3d3ae6e3d5d5ee1b2d8444201

SHA256
9bea3570b7c614dd524e9451aec3c2faa8af6e490c32837b4f567474c1d89166

SHA512
9e4044bded3a7b97aae6f699353cd8f0627c0e530aa4fb1de1a632cfcc9f54c2895e1c4a42b4cffa3b15cb5d98406458d5e449cdf8291d6ba06fdd91dbdaaee5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9a2beaea7fa40a7a3e1cd3fb7dd628fa

SHA1
72c4ef4d49535e7e79cc295774115a45da51bb3f

SHA256
a391322049be85dc1436ea005337758dec91e3c79f530414fe7d7b069c6b4ea3

SHA512
ddeded02da54afb7bdafd66c38702fc3dc03633616cd0bd957bc670bdf12716253daf4a9ce06d902d4195e2f67bffc13d06f79ee4a29005958ad89a54a0730af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580c8e.TMP

Filesize
698B

MD5
f27a34c8802e284cd8495772ba15c090

SHA1
a4770f59a377a2c23b04053412dd3f8931796b17

SHA256
8d75fb9eb1b93657fabde3c5c0be7b7a79e67580fa21e6ede2f59c9b3bb37bc3

SHA512
a44819ac3e2060f4071cc779b7fd678b36c5b3962c03c1659717c7373c15aa36756e3fbf28ad11495efd1e5c93b2732cb7076c1b464c42b61d4fd01b788c1b41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
53cc95cd32e9326145f5c9f1820ea2a0

SHA1
0e15887f4ced0f1bd3b3134171894d8a1d5903d6

SHA256
49aefb72f72c262b07614b81e88de30884e714cd328492847baca530eb2778cc

SHA512
9b1818c1de9adf516af91b29df0fb39e303fb9d339b2f9a46de0c7c1264961c0ee611380d6d003e1ccb5cddbeb6e0601bd02d94d95649d463c537aa084d5278d

Download Submit