Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
14/06/2024, 01:02
Static task
static1
Behavioral task
behavioral1
Sample
a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html
Resource
win10v2004-20240508-en
General
-
Target
a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html
-
Size
39KB
-
MD5
a77121ad93ea9962f55e96ca0c6e10fe
-
SHA1
ee3a049ee7b1c6462303879bc1be1519cdb951af
-
SHA256
a66c85eff0d0f2761e3690b5d8ebe257dbd539686f9e560015dea8c8b3bec602
-
SHA512
4bfbd2e68cb90d776d22158e1845d3a60b07721244b40eda812569cef6848d1f6499ce7aef529c05626c4e4593b6fe28b347a37dcf4828c3eb89e5001978ae9d
-
SSDEEP
768:TAayHHvPWxsPFv9KJ8c0O9OZtmQ2dvYDWsvHR7z2982:E3HH2xsPFQe/Pqy3R74
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2608 msedge.exe 2608 msedge.exe 964 msedge.exe 964 msedge.exe 3952 identity_helper.exe 3952 identity_helper.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe 2500 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe 964 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 964 wrote to memory of 4428 964 msedge.exe 82 PID 964 wrote to memory of 4428 964 msedge.exe 82 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 1744 964 msedge.exe 83 PID 964 wrote to memory of 2608 964 msedge.exe 84 PID 964 wrote to memory of 2608 964 msedge.exe 84 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85 PID 964 wrote to memory of 3028 964 msedge.exe 85
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a77121ad93ea9962f55e96ca0c6e10fe_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:964 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8b2046f8,0x7ffe8b204708,0x7ffe8b2047182⤵PID:4428
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:22⤵PID:1744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵PID:3028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:12⤵PID:1200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:12⤵PID:3312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:82⤵PID:3200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5664 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:12⤵PID:2312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵PID:4520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5360 /prefetch:12⤵PID:3920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵PID:2464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:12⤵PID:1032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:12⤵PID:1720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵PID:3664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:12⤵PID:512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:12⤵PID:3680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵PID:4596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵PID:608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵PID:1096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:12⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:12⤵PID:464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:4032
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:12⤵PID:1580
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:12⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:12⤵PID:2016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:12⤵PID:1284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:12⤵PID:4664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:12⤵PID:4204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,6649421670208798147,3654006375775206463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:2580
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2236
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2388
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5f61fa5143fe872d1d8f1e9f8dc6544f9
SHA1df44bab94d7388fb38c63085ec4db80cfc5eb009
SHA256284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64
SHA512971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6
-
Filesize
152B
MD587f7abeb82600e1e640b843ad50fe0a1
SHA1045bbada3f23fc59941bf7d0210fb160cb78ae87
SHA256b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262
SHA512ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618
-
Filesize
5KB
MD5368a93a716547dcf4ddf35bd4fc3a01f
SHA13162f458de4bf260a6149b1b1cb49a410db63c49
SHA256bcbc68f386c2a0f78d41381997b5b842055ba9bffb15c54884c7e23ea7f0fe1d
SHA512ae5c37f6406b1e7130e0903d6064c4cb2e036bdc31b2bff20989a655b19359f71213583c1d44450635fe9fff03ab664bde4865b7b833a23110624269db05be34
-
Filesize
6KB
MD53ee71c9e7b5386201a03d1fb06bef61e
SHA1341047f365b64b5ccbab4e8e72aba74ec5dff03e
SHA256866ab16863c4a96d13e670f645674910267d003fa19228b027ff84669ec50edf
SHA5129abe2e933c48aa87576edc668f92e122d2c8a204482bcc11a14761bccb849da0f378f175067780d38934469abc776864b2998c07ad7744dfe6dc325360b4f3ff
-
Filesize
6KB
MD54416b2e6fe17db31d410765012271b96
SHA1121ea3993b95670321356f73356461dd4d0181e7
SHA25630f493025632d3f2878f6c4190ac26afd45d140ad16964e5912252714e86599d
SHA512efb812e50ec2b49d48af85acb511044e1284e6d3a8a9fd24a25de0b077770981fd8e4dc069c5b4beaa9858ca9bc423cede835898a80e134dafdc1afc27385811
-
Filesize
6KB
MD5f261e8b0442d45c6e6c927899fcfe80f
SHA1674bbb69f8eb31e9954454bb10efb90e048eae7f
SHA25633303e3c53ec8246b724abff27094363e3f1acb165430ea9944b94f5d2960b83
SHA51207c74c881a3565e2ca053515e902c58523e661ae47516e533cf73ab887c56d622590bcf04f856d204e909235e9148db5687c2708ea4b493098063d37fe5135cd
-
Filesize
6KB
MD5c188ee755a577733a3b41230f7cddeb0
SHA143d488ef1b1c53e0f83d5914c9d451058b227f72
SHA256f4d03cb771fc0e1f514c1f2ce345490a06697935ad461bcc3158d51738d97c46
SHA5127f0f135752805f39b3559aca6116cbb49cce674cda6763541475c53cedfe881f9301fc1204f6fbf63b6375130f35e7a14355a78a316df96dd9a21fd7e035672a
-
Filesize
6KB
MD59f29dfebbde323fd9353dd4bb9a4650c
SHA15cb1d89c65e1f55bfdb1e1f6e3f41efbbc53fa11
SHA2566e64420d7aa40ac2fdbe8a3c0268d43a52d76e26372c4611aed4301a4e1b2c49
SHA512c71e7d8006a03dcbfae07f0b58ded97681ce1e8813c14b70c11640552d1dbd53d7f7d09835b93b5b89948df2b9af5f09ae808c9328991cef1911cf151acd6dba
-
Filesize
6KB
MD5ab1e1098bd8ab7afef59eb210e3e5f39
SHA13f7446a294b5e464fac088df9009ba6f16c8b0da
SHA25694a4782d9da156240d825cf6283b3828f9302d1df0b4c13ebebf5d3087fbe4b7
SHA512d7201e73b565ebc12a349ab37f08bcfe3347d7969967f5e4686f3e5689072c24be3a7d933848512c0cfee649e87c1a8e9a8cf463781a20244a6286605383933e
-
Filesize
6KB
MD5258f84a1937eb567627f30a2342413f7
SHA17a7055e2748521b1daf99c3b9cadf9b07af29709
SHA256c3a40a0c0640be489691827780a8b09053235372f121197c174800ebc6191185
SHA512a9798080dce7d016ccd101066c8ca3612a6413426325c393b72e69c1e4588f0ccaf4d5ecd81aa26497d3b789183660bf124b532ac2389c80fa9cbe35bebaf8f2
-
Filesize
6KB
MD50f220b22790922bef02802a706d6fbde
SHA153c37ac71a19da3b256a265a49d1de3a5155247e
SHA25605ce0a2f6a88acd9a49c8497371b8ff6b8f8c0735dfa7f585d6eec003dd50273
SHA5123298b07e668fc2e34eaea288a9279762a461c4112be6ccf1fffe7f8b0662b60707d787a4e36c26d96f32713f2eb139a2d8b422e5a1f91b3188db8f00c27b7ce8
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD5eeb57e1d2e61f0ef596d777a3be15fed
SHA1f84019b414ef7f3ce6debb4642ea2019fd29af79
SHA256f0f583a19b899bae40fd631322f30150ff2d01513763b9faccf145c967304303
SHA512e67c08b67d5958361ac0c316db57f1788aa01e933a1441c498ed67f61404436a6dd1a5d6b80ddc7a8300c3dd156332a349bef08f4630f900cb06f89a89a32367