3a16103bbf1e572ddc076288ab5d5f1b2822f4b7f44750cd7a62ddd0bdf41df9

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 23:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a2e0a6ee9457e4c59da349ef83397ed4_JaffaCakes118.html
Size

50KB
MD5

a2e0a6ee9457e4c59da349ef83397ed4
SHA1

2e02c9cda29c90771c9b77b71f5c730c56b77e7b
SHA256

3a16103bbf1e572ddc076288ab5d5f1b2822f4b7f44750cd7a62ddd0bdf41df9
SHA512

1ae73f520986cb5e65f7928c4cea21d3509226c5745cebfa6ed0264c5c62e66a8f2e5333fa3de59592a3c2a762c9f8f12e41cdd201d29bf7ca4ad1e40ec520e4
SSDEEP

1536:kwgr8VkeO3NC7q7y8I4UO2f6aS6cgRrNwDIWu:EeO3NC7q7y8I4V2fvrwDIWu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2056	msedge.exe
2056	msedge.exe
4728	msedge.exe
4728	msedge.exe
1496	identity_helper.exe
1496	identity_helper.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe
4728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4728 wrote to memory of 3656	4728	msedge.exe	82
PID 4728 wrote to memory of 3656	4728	msedge.exe	82
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 4172	4728	msedge.exe	84
PID 4728 wrote to memory of 2056	4728	msedge.exe	85
PID 4728 wrote to memory of 2056	4728	msedge.exe	85
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86
PID 4728 wrote to memory of 388	4728	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2e0a6ee9457e4c59da349ef83397ed4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa025546f8,0x7ffa02554708,0x7ffa02554718
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2096 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2364 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3220 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10904828527346546515,2454078673618020012,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
20KB

MD5
cdc9f19a52e87121bdff5faad76470dc

SHA1
61786f32243b3384fb8bd1f460070465d32ad556

SHA256
fb5b531776f398b46eda13ed3ccddeece8fc54653f27b93fec45290a31cd840f

SHA512
d80755833280d63ee7c894510ba25d1ef4ec55757798126bb0a2880b9d0f90489c0d5f5765d90673ee7d6670931be05d38c42929b938aab3d6f643e5cfa0fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
55KB

MD5
3edd3ec77c16893c538deadaeca7c5f4

SHA1
3e9f1e516f0041d71b36fc3b23b310f4e92bf703

SHA256
cf65670b49826403201f36e9c825fbf4b175e8d502ee83c12c73089969efed5b

SHA512
8ecd954563db0811087417312b1771681a4fed5f3efa600eb6d78bd793fec798c8b927c690359e696993cba0da0edbbadf568f30442e1986defef686be4f7b2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
50KB

MD5
b9b9664ada7a4c5ff0a962db07594ed1

SHA1
a3b90a130f0bb15e72fe18a933ed56bb1932dd5f

SHA256
807cd8151c29de874c1b0c8e474ae0b303b94248d92d2fb7ff27d14c6b486353

SHA512
9bae5ad05dcbc78c242ba761684bc859f6a5120c2bff947e3590ce5f1f7d9821ccfc36f9bd3d0cc399ed33de3ae32bd004eb10a8ec7ef23d52a377edeccf1642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
143KB

MD5
6f89cd3946652d0c55d45887f87dd31a

SHA1
d9dc3cc5889328319bfa1323bfd9cba7be469022

SHA256
a942b87287d4748e0015d960f26eb32d1268937c3d4848028162e48bf7322109

SHA512
d02ad0439293e83272fe1e8de1419276545c0a4fa5eaa41988adce0387f7822aae7c847d8d7af072682f7964e78e31d9e66074fdea5d5a2b28af9c16d90ac12f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
33KB

MD5
2083fac72d4f4387c80c8cf70286fa60

SHA1
d1afc25a73cee118e065532cda54923ce24e630d

SHA256
f3a14a6ccc1a73edc65c592283ce470d6610916b5eedff513bca10711d5b39ce

SHA512
c4cdbdc289aeb12e8e6b58c58b8f88ee2a1038e80e86aedd2868656481c26a8ee66613a3e3ac3c4fefe6337711dff372e72e602aff8eb7d9acb4ff2936e5f078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
19KB

MD5
e78f9f9e3c27e7c593b4355a84d7f65a

SHA1
562ce4ba516712d05ed293f34385d18f7138c904

SHA256
75488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d

SHA512
05f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
09308b135843df8ddca1dc3207aa9ae5

SHA1
5734a15c1bb540380a5e061e3ac1fca5a2c200b2

SHA256
7915a0a4e969724745c006a949b3864db9923accfe63e7cd73a4e546884086b6

SHA512
bde273f55749f0616f3cadb77524f1ab972507fb0f6d4e2b13d6affe343cba82443db22e378ade5bafeb03f5978b10d2f14263ad672943b3931228ccb64106f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c6c536085d28f8c19cc9fb08e1dc9710

SHA1
72ee781e715daf4787dd86222b54e7cb03741b5f

SHA256
1b182e9c438a790905e03801906d025d2a35034c8fadcd96ba765dd262b85e29

SHA512
6083507ef9addb9722e854b0994a694ccccfefb144ae080606c10b8ef110cab6e434cfa7d0602a507d92ba82ec34cec1c0011b1036fa307d6db5419900a785a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c8cd9dd53af79cea2601ecb510cd6fad

SHA1
ade13d1e845ad8577027ce8effd20e3f2be2826e

SHA256
55de9d586b9ad253d65f812dd1836eafbb8e9381810921fa7e51350bde8d1931

SHA512
c7577899ed3f1cfee749cdeed5f16c1c131328d5e51243f064ec95e8ea392c20b95436a7f4a651c3e85e773ef2a49b22a218d5d032b5b68389c0ab6ed13df78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4ee42ccb4b3c1e141ee3197b8ab2a15a

SHA1
b2d08f3090a0ad4fe5e39dcb09013bfec517a0e8

SHA256
3dd887ee881367d536157e1b0cb35ed382f388684e939177678bf63e9edd7228

SHA512
f851653edc77b77fcec57d20ce13d96bb2ff42f9e4f9a63d0861abed7fdc07ce5d6736a977be2dd37f9a8fedb1636f6c60406fea81133ee6a82178eeb8a999a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
48dbae209777b61192e826a8ae880877

SHA1
81b2eb5429faec426986d7ebcfaf84eb5717e69f

SHA256
9b6be5e661c00e806864e6963b7adde0aba4f8674e7fca76c0c2623b8f774874

SHA512
2e93a85320bd72b4d8cd25d7913b39da20a816f8548e7fa3cad52dc9c107d326b46cbc7273fa8ab91bd751bd2ac1e5f8c14a70aeec19a7355a25864433e967e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
eb4b38be6b973d1636824e7acf70bac6

SHA1
1f5f4cdbc69e1eb7a5b806228692379cc099f0d6

SHA256
09a930a92b6aff8af903e8c942206b6e2c1da767f091c473ea9fe9f21a0d0b58

SHA512
fb64b10331841a375a6288e2cbafaf1967d5e788a1cae4ed36e84f790fa4ecab398b51b34e0d435e46a63e8fa688abb9628dc04ded0964f82948e107404c68b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f43b36bb344658d366e79a309da2fd65

SHA1
32b2e4d513e747db149202116c4c28b49a147a67

SHA256
520cac020f2ca6c199f56307c10174b936daec99c094d2d17e143072227ac7d7

SHA512
feb5058e207f6626ba6f2972064cdb15064ea86244eb27ce98c3e7e1f9c6f0954fff4f36d3b370f8169e30d2fe82d5af6597643eb0a975ca9d71c08e8fe44e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e60ec9ed0e64ae94d78ae8c56bc8f685

SHA1
ba6def36123bf60dbb6210694fe27a7805fdcf04

SHA256
f0efd0792e0851f0f483eb4b2560d44a3b23c1878377defea61148db39d9167c

SHA512
65a08cf6f4200270e85110fabd2284dc0a7fb5de330c2de8e2c238ea59b9574973a0f2a5a12198912149b843c779619b7c6b35b3d6b29e5e00306c03ef0fc079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8606bc108975ec81a0d12f6c86777659

SHA1
3875d7afaff7fb3492f60b3f86d32d6734036c9c

SHA256
11cf1b4fa0f66dbcecf6c528f5393ad321f55e1e87451dfa97609e9ee38d7826

SHA512
ed1d34ec9e1ae45d58d091b3100886192686a3608970a24a89e5bdcaefc8c8bac6a9840b71b6aa2ef505dc59a8638e794da324edcd8632e0037e89ef671a64b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b86790505f33b4d6e7d39cd245405f5

SHA1
45ebad0a42bdbadd965988d4da113df30ee55d81

SHA256
7bbf1637ae78678e3b3f2bb0b1f38b880af9aae3e4383686da19db05ba688371

SHA512
f07f35d7c5c0f2445a558734b0bc7fe05ea66fc6922e237572b4e8a84ea0684a4425d0df9311609a6f0a68cef53da72356785ca56397609d64df81aeffad9fa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7fdea51d69604a745af294be682ea0c

SHA1
b7beb4fd10f25e1d900f971d15e76e991de1754c

SHA256
213e8d22d672d7ee5d736d2a55001053a18544d435b08c1ddb14ccfbda20e60f

SHA512
de989db43b49bfdc58e129c9a64aef36a23c22e43ca1ffd9b4fa385c1501f364726e34fb32ec745af14103da052d04dbb14c4897cfc480e858fc3111530aff96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
164fdea8421da21b5199d0d61f3efbb9

SHA1
3e7b620001f4898e6a9ddafa3d6839f1106383ca

SHA256
849f6a44a45cde5472f950222991fa34b77ce319d803a986995a3c4aeb26171d

SHA512
bb48f5dd7e72241eab10f2782bb7b1fca706d7ac168eca3a5d44f79681b2d69d5c4996fab6e1cdecf3a0f0820c595f9962df1c2090bd5c7c954e9bd97b4876a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9378b9acdd4533cecaca1ea5c49af1a1

SHA1
d03696575a9348f3ead457443f3780206f116ec6

SHA256
490004edadc5d051dd43ac7926d4e422aea612416fe8acad3fe00982417571ea

SHA512
88d5fafd72fb3b9bde2e8b4a5ded3a034262f37aac959dec93f33724c8f08c1837813388478467335379540d4fdf1121ea29362011030ac56f62f149f95cffef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
fcd35d911c79f4a78934af6631aba26d

SHA1
983cdfc2cee41adb56983121a01149dd07b0b377

SHA256
f89113b34a72d0529a7a050270f6c4ff5b0cfd83ee5e9e392ac150441d202627

SHA512
67d915e1d0c7e1723e507cbc80cddea643a17326ec0a1a638af0a391087dfbe6bb3a571634d159dbd635671033faf6d61f9773fd550a0f942c5675e151fefc38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
6dee2d9ce56a99b30fdea850f436e129

SHA1
65fc76659ba36b641dce596da873ea9e907a3d3c

SHA256
91247430ed80a65ae9bad234fd05d3e867e140f424ca3bd42154acb68a81edd9

SHA512
a4c82962e07ed7d799bbf08883c9a07106b4ec91c3ad4b784960f6732211d310fdcf0bcee2ab4b31d7b8ac1189072f5f46043cfcd2e69547a88c658aca1d7fd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
16b6bc78c83eae2fc6f61f6c63d8b11b

SHA1
fe12767146a8cc5b0e2e20b70c42c5da11f4fa20

SHA256
b8e4e827bfd46cfeb8c9c1a88da49d8fc3cd2677aa824da9143937842577800c

SHA512
6f360b2d9a202749f52bcf1c36c236ecab1f2aa876a0fcc69037893fe3e48f4ee4595edb5824a750d9a10499bbd1a20a281114ce843bef8318e7fbda11831b38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
371B

MD5
a87664df7c45b2f90c48d39e173ae8b4

SHA1
15d9a800b0983f2527640de79611983870567258

SHA256
a8dd92b7093ca494cd620e2a0b545d1852fcad3ec34c80382fb9f760e17dff8b

SHA512
bbb7ac121fb545104ca8696844b5f2bb605d18e38630ab2f4184a4321dba726bafaa3f78af77c8c214dfdc7ddf3a1a0191b804b95ccd9d52bf508138c3275788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580124.TMP

Filesize
367B

MD5
ed46f20931985af4b0b535734600dd3d

SHA1
b28ae4117a57ceda6453bf7c2231ec376659315d

SHA256
196802f02b528ed3c9938eea0cee3f44f9647679ffcca3504c551d3352bce387

SHA512
b66c4ff698c73cdbd7d7560217c4a5040cce53278875a4a736a8bc40b8c98bd802f7a38fdfbb2968d25d69c7483bf119f3b5fb04b29655d00dca03c8857046d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\000002.dbtmp

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b0e01852f5567c6d512bde15d308403

SHA1
5d7eab928aa0888ccacd8e413d78dfbf9d0f05c3

SHA256
9f087575e76be4dee6806b0532ec1875bb3d2cf83abfc7b602ef997930c724ea

SHA512
28746af204184eb38269fde6ecd60b51880829310e57f473b9015006091417634328c6a479b358ca323ea6378d87afceabe9a581cfdedaa2f84c41a2c44e69aa

Download Submit