085590f0e60d121dd7659452790071277e0bff2fd45565bdb3d6f6262b7dff2d

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
17/08/2024, 11:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a2608a6d72954c33da5865846324ee40_JaffaCakes118.html
Size

196KB
MD5

a2608a6d72954c33da5865846324ee40
SHA1

c159c8f6ea95104a4c62a60ae53d8a6467747d1a
SHA256

085590f0e60d121dd7659452790071277e0bff2fd45565bdb3d6f6262b7dff2d
SHA512

059532b966533b53e3d7c5c9dff27d4b8c936d0f6bec0ec19dd2ce96d57f0010c7a42ce32a49527c73b78f3a2f6d983edbc6bcbded37c89a9d259b76326ffc6e
SSDEEP

3072:yb91VAoAt3A7AZueCXGB7jTwB3vbLwq4M4vRQZYtKloIF/yQodihJKfvQuJ4dbGv:e91VAoAt3A7AZueCXGVd

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
37	sites.google.com
44	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
4936	msedge.exe
4936	msedge.exe
448	identity_helper.exe
448	identity_helper.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe
916	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of FindShellTrayWindow 32 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe
4936	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 2260	4936	msedge.exe	84
PID 4936 wrote to memory of 2260	4936	msedge.exe	84
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 2240	4936	msedge.exe	85
PID 4936 wrote to memory of 4368	4936	msedge.exe	86
PID 4936 wrote to memory of 4368	4936	msedge.exe	86
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87
PID 4936 wrote to memory of 1224	4936	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a2608a6d72954c33da5865846324ee40_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd9c0a46f8,0x7ffd9c0a4708,0x7ffd9c0a4718
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:1840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6020 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  PID:5708
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8152 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2200 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1880 /prefetch:1
  2⤵
  PID:5868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7592 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,1238468741926398700,15331153636532866406,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecf7ca53c80b5245e35839009d12f866

SHA1
a7af77cf31d410708ebd35a232a80bddfb0615bb

SHA256
882a513b71b26210ff251769b82b2c5d59a932f96d9ce606ca2fab6530a13687

SHA512
706722bd22ce27d854036b1b16e6a3cdb36284b66edc76238a79c2e11cee7d1307b121c898ad832eb1af73e4f08d991d64dc0bff529896ffb4ebe9b3dc381696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dd2754d1bea40445984d65abee82b21

SHA1
4b6a5658bae9a784a370a115fbb4a12e92bd3390

SHA256
183b8e82a0deaa83d04736553671cedb738adc909f483b3c5f822a0e6be7477d

SHA512
92d44ee372ad33f892b921efa6cabc78e91025e89f05a22830763217826fa98d51d55711f85c8970ac58abf9adc6c85cc40878032cd6d2589ab226cd099f99e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
bb230bc3d37f53b35f0853bf0f3dc299

SHA1
b5fc159fdc209b61f2fbba0f43413ff641f763cf

SHA256
a0a9b809b65c96022cc2c30139a4f9a48b35d16292af4f604b7e06f099051ab1

SHA512
c103143d3f20ad7d579f31f097772be9f3763037ba6ec12ad95351c7899cbbe5a3c58307479030ca532713417e206aeb324bbefc90c0a33041ab160c6f739e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
97KB

MD5
13a631efc84db28505d0d81f2a418ed3

SHA1
fdb3b2ff18112e8bc0610e6671afe567458ee323

SHA256
ec30b94e900a30838896b56ac41e5a8a723b44865b3529065e254c9185eff869

SHA512
22224efa508747ac67491f05295c4120f230dbd9c8b68d0c42dca7b5cafd46e4c98f808d4882b4b97d130da8a2a43de6b08f46feaae8edd20c1ef442be9b3615

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
118KB

MD5
21258417e05f4a0a3776f793d44ad7ed

SHA1
3e75e135364804b2ed563e19ae1aaf8b943a8adb

SHA256
3abe129118d63e85e993d6d4c4e84731fe3125638bdad4d3bb84955e21769805

SHA512
4baa83d92744134f95875c71e21ca8273afde7313e5f54316f51db29bc81c2a1e8e887534c754d22ce9b76350bdefd4ec92a5212192824051a1f2ec6d27a8755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
49KB

MD5
490bc2e00c0b99eabbbe4d5b7a5e689d

SHA1
20a415e0aadda01d30f0358a53922ee4a93a6019

SHA256
8482a4fb7a9e1669e6706cab11cd5b54e7c8458068aba2b0bd915436e190bfd3

SHA512
c5d2917473cb8a69bf0855e6a8fb96bbfdcfb1b0651f0dbdbef7803d6b289483806e09903f50a66c41d6c72f70b86bf3bfd99ecd62a592aaf9859d25ebbc796a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
48KB

MD5
56f1938d6521db67fad83c055c4173ed

SHA1
ebfb81e42d4bf2c1c5825e9e711facc3b81728a7

SHA256
cae765e89c38588186de4b36811acb8e873a674a2ca9223dca8fb391a012082b

SHA512
9494bd82f7d8e8e31d547fdcdeaa94159df33db313cd74bb5c80bd830b49572b83f668a19f228529a7156f2122287a2d13d49255364abdf4ea64518287f18a56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
252KB

MD5
6152d4161ee026dcc6220f284642031f

SHA1
23ba519f71b07274ec536c46d2c0872a728abc81

SHA256
a131e66bd0da2d1e936f633b066ed5ad26c3c1bdfd659e6072a2638070e53d65

SHA512
28c43e558d54cf9527c3cd1b10e720d39417edbf46f2fb7325efb89895bf8952b5e73b7a18c5526a75fe046b351dc9d9face01c7a72b3efbac40fca801720c25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
38KB

MD5
7e535f2164ddc36c909f91cd54ddba6c

SHA1
e1f202ad3949fba1c0b37b8a739936e8105844af

SHA256
0980082b543f84bbb53291fd9e0798314b92e31f398183fea351930e15380a83

SHA512
8229d7facd28340b7c88c9b6ccb466dcf8b7074035d2eeef6b730dcebe702f25c7cf2a190bd2d4d1d494fbeb01809959d99e7ebdf8dadabe1951910e290d1e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
67KB

MD5
b4b711f3e747704ffe02b49791ce8cac

SHA1
ac7ce4cbd3c8ee66e3c8d9d209c1352c160c3b89

SHA256
f65bf40e2f0ce993b54772f703f72d53f0fa925457346fa8ec2031879ffa91d1

SHA512
b738deba57337a9147927f7dd35eab7c999dea6d2ff11f57fdc2e5b6f64326028a54778886548ba128a3f03ee333cc9e43de5162d8b578b85c290626577042db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
1622a9fea572a57168a8881c289eb161

SHA1
705ceeaa2bf478122c67bb6106f16b1f8a16386b

SHA256
ba3189b9fa23577c276a9d164037e8bae0c3342f8d6d2a185b29c4ab0b468b97

SHA512
cd6e1a9a71434eac8301985c597cead181590bf03e948adfb4dc1d182e2d021539f9f2db7c252d3e7af7b7ef0d3d87c11974ecfb3bf7b637f905ae7fda1d283d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
86afdb6034551618bffca0d70fdccb9d

SHA1
fb89834402a4a48bbeb0f7f2ea70bcf26ea01b50

SHA256
3c5854f1f3f00de57717b363262ebe67eaf38751e1cb6335801577a912158af7

SHA512
512d1396e4c0e29d6fd145f0093d0826eaa8deb30319bbd8d1d8a0021ee7f9d1baf04d4b700869df0896cce2104b0649163f0f834d72436292f9526108e3ee71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
06cffc1bc442cf7ddfb5e83856466fc9

SHA1
6e0e4d726c3b47d4c2d8071a3e07ccfb2e45834d

SHA256
3d5263b3b32069b504008eda8faa77095f332b4c7d041a845a81e1e789691447

SHA512
754cfa45595e502adc1cbbadaa3f921680c2bef2b6a73ec0694d8ae17ea0346bdacb36d85d6113a5c6cce59a04d6f2f1c9e20892ca6e7a55916e7ebecb0810fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
9961cecf4ef5651943e0e556ecf49367

SHA1
b724203193fcd07409a9584bfdadace36c8e1c44

SHA256
1f3b003fded12991594dd21fff7f76f6ace0c4a11a454f4de770bf24698d3066

SHA512
5f3bbf72a87f950dc45d22b02b83b9c53ca17dda03bd2fbe911c6b3975e1431ecf56a44966e3a610b274b360ef76f9afb23eb3fbd5e7d2c8f1aa612c945c3f1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
545e9d4a4d24c3947913171697552c00

SHA1
d96cdbe7f652f98030cb70f615b94496f1baf58a

SHA256
ec468bfcdd97160ddaa74017e06c9c49d0c638ea94e6d972bd1ddde715ae2b7c

SHA512
20a949182f6b3e3f5cbaad6f4e3dbf34a5229eaa0f2686c47f17608e7943f56e39dba89124eb431bb8466db27db003a8309de228843872b77a04b4db7e6d24d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
5de35a5a57d2355674208bec7721aba3

SHA1
0469cd1b1d1890e78e0d78f4f04acad75e25139e

SHA256
f4fb439b50e5da5a85f54b7a9083c2ef5dd73f7ae48e3c39f4dd1b5971d18cc8

SHA512
08f287bf974b4ac34d4f11e799bb9d9efd97ef118105c07aa4924fc8cb1116ae97aa385373ef5db0f1786291d683b0a0a24dde7b61b408fd6dd577de2980868b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c8444ea52ee624b9cf9bfb77aaeb4385

SHA1
d7439264770cb89f4a6a8e0e47cbd27d11860a23

SHA256
7dcd36c344cdb3d44bf07a20749e62355df80b4f8cf9c6a23c277ade91970f52

SHA512
038530a63a7a876a4fb25a07e833bb09321c7065e7105234fd05853b49441503a8be9b3791c2767d04cf0ebe9871f6b45d10074b28c65028626fff7f74052b92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ca6333c14ecd3415119ba53f98dbb8c

SHA1
2174bbd40fd37d588774345932def67eeb3d39b9

SHA256
a7b29f1a49023d65204946156c3f0320dd37c1a626ae255d0762eaa153d4e57a

SHA512
6b5e6df9029a5318d4e88d51d7a0aa784b34b7a2b256b88d0f4b894219f238a33dd084131fde44dca1b2d9ed2c1881fd04da8bce1a9fa9ed178a15b063f490ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
568c8b11acd8b7d7c2dc55828f9dd80e

SHA1
c79d63fb23c3f050546c7f3960dccde8d287ecf0

SHA256
6eb4ed0ad69a569d37fc4fa5a1b9525488bee66564f426d5c3509540a1b6382e

SHA512
5d3382b23f281656a3ec6b1ea903a9c7417f3a4dac850adb9d16fe5b8fccb688cb7bf7c39b961a317fd78ce154c37935ee723f48cf3618d65e739d570fc0a93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
908f2ccbc6ba77aba92c1c3f565024d4

SHA1
41cf8ee755a49b5ff128e7da3f3dc64f96c73566

SHA256
eb66c9333611b5c1f11afb444d90dc0a1c7bd696dfdde3b256adb493a52661a2

SHA512
02747f86bdb8bd73fcfbc078e37ef6f7e3b637ebdf904bfb60560ebeea3c2f6992c5d512b88c0dc8407e8ff82cbe3af9e3479ec0672f25ca40a247892c8fd86d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
115290a6251732ab33799bf7c05f5fdc

SHA1
b9032b44650b82b6fa33cc018766467f2e28f7a8

SHA256
a05380f39f6c794f9482563443518ffe6261144cfa066b1cce972852a4b3e09b

SHA512
8102e0be28af651c2bcfd92548c620c4529972975e2fa2c405239d5144ed7615c117ad7210d0c976f4faa9ec91b86b91ecb22b179dd888bb11aec9562486a78d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581400.TMP

Filesize
2KB

MD5
c6372c9b6fed7dd3dd7b73184a8a937c

SHA1
d6edcd898eb585ba77bb9bd46659713f8270c7ab

SHA256
a6d2477e483b21ed4b5380d2b8de0646c19bfaa05102bd934c24ae400b727a30

SHA512
f8ee7ed3472800cedfa8c6727ea7634f528a6bec4ee51ce12e19acdd24e0db820b95deb45fb1a57592d4f8275471e12cd8907386d1ed1a031f8636252f6656fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
79515a13acf8ba7594fd1eb5ccf47a2a

SHA1
690dd174c1ecf39f32947bc3f23ebf74923cca6f

SHA256
0bf21ee38fb0f4fd7f3bcdaab64f7e13b7d23e0ec540f5bfaa5c3f0f88e18c54

SHA512
b23daf6bdfbca102a434b0c8cb50d1458dad033c0bf1df0b0c0ec2e12f6ff424fd0ba1cfb9116636bdd035c0be752fb3a270c24e1a86d98be6b2df84fd631c8a

Download Submit