Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 11:23
Static task
static1
Behavioral task
behavioral1
Sample
c0a346de414b2b2cb1eb616fddb0a20c_JaffaCakes118.html
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
c0a346de414b2b2cb1eb616fddb0a20c_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c0a346de414b2b2cb1eb616fddb0a20c_JaffaCakes118.html
-
Size
113KB
-
MD5
c0a346de414b2b2cb1eb616fddb0a20c
-
SHA1
5a07a90e2a28eaba768c1beba9093873a49e9407
-
SHA256
5d31c62ed2d4e26cfb359405ea895562a2887297dd183b3f55a837d7d615af02
-
SHA512
9c8c45ee50c5eb6e00df996f841880f704e0d7cf345505aa50415890196255b96710e8e1d87403b038eec6df63db8984eb10ab9bab6f4b5e80468695306d1dec
-
SSDEEP
1536:maOPblvgtZEe3+6n/CthBHY5dtyePry3M6rvwwON60r1R5MghZ7AIZvJAjd6:N33+6/CbB45dfwl0r7ZRAjd6
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exepid process 2016 msedge.exe 2016 msedge.exe 4516 msedge.exe 4516 msedge.exe 5420 msedge.exe 5420 msedge.exe 5420 msedge.exe 5420 msedge.exe 3264 identity_helper.exe 3264 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe 4516 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4516 wrote to memory of 3600 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 3600 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 4904 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2016 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2016 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe PID 4516 wrote to memory of 2068 4516 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c0a346de414b2b2cb1eb616fddb0a20c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd21b46f8,0x7ffbd21b4708,0x7ffbd21b47182⤵PID:3600
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:22⤵PID:4904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:82⤵PID:2068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:12⤵PID:3764
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:12⤵PID:372
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:2576
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:12⤵PID:1468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:12⤵PID:4612
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:2840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:3740
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:12⤵PID:4004
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵PID:4408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:12⤵PID:4584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:12⤵PID:3524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:12⤵PID:3068
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5252
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:12⤵PID:5472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:4524
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6572 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5420 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2480 /prefetch:12⤵PID:3884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8124 /prefetch:12⤵PID:2936
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵PID:4560
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3264 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵PID:4200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:12⤵PID:5220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:12⤵PID:6112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8136 /prefetch:12⤵PID:180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,5003051064293407226,17198045358697067009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:12⤵PID:1700
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4832
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4756
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5620
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD59feb40d2f796e7ce2e863fd9ee063c55
SHA169b2fd1a83a5a844af0ea7562f066deba4a77ca0
SHA25619f07acbbcb4b6ae90a99a5b8f2ff37402ddd07b1315ffa5bf4ca25dba328154
SHA51271aa306b563c01ae76756415fe6ff2d50bad78c5df75300f2af0dcdd59bbb4ce0d6a78461f2b88c947002337cb8ebdc18905981aa9add85fd7c6f00b80552d29
-
Filesize
152B
MD5e4f80e7950cbd3bb11257d2000cb885e
SHA110ac643904d539042d8f7aa4a312b13ec2106035
SHA2561184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124
SHA5122b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0
-
Filesize
152B
MD52dc1a9f2f3f8c3cfe51bb29b078166c5
SHA1eaf3c3dad3c8dc6f18dc3e055b415da78b704402
SHA256dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa
SHA512682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25
-
Filesize
23KB
MD5a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA2566add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize432B
MD56f783bde9192f1a400662803a5aebdae
SHA10afdf6eba9ad9704315e4584df42529ef2ea5386
SHA256f6808f0d9a5dbb01cbfe8507320107ebf9993c91acea6d18165f37aa248009b7
SHA51263e5fc36a1c8b9d566437a03ca2429e749b8204b9ae40ffa51c078bb65a109eaddcdfd7cb9aa30a5191a66d597bbcfdeb36e313a3826ea5a632d4067ae07492b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize456B
MD56e28f01af97586ecc5283b91d6940451
SHA1f04fa5dfd1f1dac6e94eebacb9ddace87cf0e2ef
SHA256536379fb148e6128a572b2399a99bf59a8d93dd5e497b594c6151de0ed7761b3
SHA5120410a0a32503c424e2a0fdca4c4969d1a502a08962acf7011e07316a5dbaadb5d1bc94cf519d0b2eff2e576e42f4e5a0eca0963f5c2eab4594b83b4b9ef1c37f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5795792d5081edbb673a0ee4f03efecca
SHA12b3539f038df17728570a534563d71165e322eaf
SHA2569dafc69b363e57df81cbf8c16ffedb30acbe9a947f038663f2318ae4636dc808
SHA512ecc2e288f975c2e19d0a58bbafedc07743bb3da004caf986e22c654273db6fd35b0398cd330be51b11f365a715cdd7ae409749a28de4482fe379a85ad84e6aa5
-
Filesize
5KB
MD5b1800532828c8280dce215c3ebddf418
SHA1b47ef10ec92f682336eeb35b46a7e596b0186a75
SHA2564c6e0535365c63a5c5d1438a7da2490b38a40ee684e0364c9e5b78b5aa861ade
SHA51235b88570ac186662d3efb6567d15f44acaddfe78d233997814b7d02f56f5420131ab3195ca9d950ddd1a132a7cff58c0d7919c8e236c4af5b2fb2d8839318b40
-
Filesize
5KB
MD57dc66b354e79bb1a58c9db7524e3d76f
SHA1414e09aa91a657e5948c8fbe5d1920a36d1ab8aa
SHA256965335ccac44897b8ebec25499341bc6fdd8aca7cfd3e9bea7e28a03a68a2444
SHA512e0092943b3e18df6555b66e3eccf3eb93ab6e30133609c95aa5382e679cb134e6cff18f7de5e7138c29bc17cd63677ffeaf32691ab1ed7f0d839fb779588df1c
-
Filesize
5KB
MD590c287ae3ec6388216a9597786b324c9
SHA19b315935a3b41bc2d27a00ab4389d9edc22e00e1
SHA2569c58b6f2672ac2251222abaf415095dc5c9c7f1c4370ec777beb292ddde0d5aa
SHA5120d10efb121454c26ec7deaeefb18ed94a976f6eb573f1289670fe389907ce504a82c91608444dcdb6109383b0157ce5b0f24258fd1744449871f22b6a367554c
-
Filesize
9KB
MD54783b9cf464f8b28dca2290eaa336871
SHA1eca4e55879065cd10f03d4c9de6cdfcc9674382f
SHA256a5f49250f61ee4fce3f78ddf0c885367761952494af7b31df7109f334f431d63
SHA512a0747c93d6b00940692a92a6fd50681a49ea0af55e069f208e5ab43863efb8f83a0889b43f557acaf950cc88577792313a86843d504966270d4dc4b191d881c0
-
Filesize
10KB
MD56402491f4c03dc1cf7e617c6f342baae
SHA16297815670616a9d7486df897c80d1611041ad9b
SHA25602de3e1457004bdc2df26e84e46977aa3d8072c0a51515d2f96c82ff96a402f0
SHA512dfc890075df4756053e8348bdd028d9f891cce90f0a566698576081dd0eae66dd55e850c2c371f1e9a5b3cbe1dc951046f173bcf7da629f0fafc78806444245f
-
Filesize
2KB
MD5b42ca7d62e46bf5859248e77d1738d2d
SHA1afef5271443598572bc718744617f0f3483eb6d1
SHA256e70d0627c6436f323b6b6128bf8f7a0d63a3f640c76fbd5d2dad97ebcf4e2b53
SHA5127af86f9f2216c15556dd1ad956b0bdb2480433267a611abf362f530204131c7ac8596b737a06adec897396771f2585a04e3239727f283739de478b4dd04811f8
-
Filesize
1KB
MD5f7401f52a9b3cde07da5dd0650c9be5a
SHA11ddc774873331434e8f6932dd4e0d93d6222630b
SHA256be9827e3ce18587fa8ec63a2754b04187f1dfe5a81e1c4b2e86f80d066ce9b36
SHA5123e07b1673aad99c63f9e78182b60d76350097fbb5991c040beba7035f1e916bf294da017ed9a50172fcf7ac469b79358ae425bba701daa860fe77e3eaf11613e
-
Filesize
1KB
MD5436bd1947a589f33d8e285f587c639b0
SHA1b2c0bc51e1818ebef8d07d9d1e54b9eeeb1085a7
SHA256c3e18c871be7c121f9091b80322518b01e385988df3d2168e7d530ea45610136
SHA51275dc36c8f4301080813fbb0dc774710ba1daccef8d4601886185be876505f217844209cab1104693c1e4877bdc4f72700b3ed006e1d4ee2a187ab1211504c33c
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e