Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2024 17:55
Static task
static1
Behavioral task
behavioral1
Sample
c57052557afd8f5882a7c757bd846919_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c57052557afd8f5882a7c757bd846919_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c57052557afd8f5882a7c757bd846919_JaffaCakes118.html
-
Size
80KB
-
MD5
c57052557afd8f5882a7c757bd846919
-
SHA1
61170d20630df67a478501a6d84af73d48a1c118
-
SHA256
8fa9f91435a0468b9b41d53f1bde457405b5df5cf7cfa5a4d5ee47d150ae7db5
-
SHA512
590f17217eb84757143d4f1155c1b9672d709847b5dc94d31bca67c1667c64e24ad6d76b5d9524bd94b2a82e69d44def5eaa0e1202855bb7d65c4641d1d28f41
-
SSDEEP
1536:Zwgr8VSeO3xy0ZuFweNWaS6cgRrsKMtHGjc:peO3xy0GZNjmKMtmjc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4672 msedge.exe 4672 msedge.exe 4816 msedge.exe 4816 msedge.exe 1004 identity_helper.exe 1004 identity_helper.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe 2576 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs
Processes:
msedge.exepid process 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe 4816 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 4816 wrote to memory of 4860 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4860 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4072 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4672 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4672 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe PID 4816 wrote to memory of 4208 4816 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c57052557afd8f5882a7c757bd846919_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4816 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd183e46f8,0x7ffd183e4708,0x7ffd183e47182⤵PID:4860
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:22⤵PID:4072
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:4672 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2284 /prefetch:82⤵PID:4208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵PID:516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:1472
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:1788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:12⤵PID:1908
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:12⤵PID:1192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:1572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:12⤵PID:2596
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:82⤵PID:3548
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7044 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1004 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6700 /prefetch:12⤵PID:3440
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:12⤵PID:544
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:12⤵PID:5324
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵PID:5332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:12⤵PID:6032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:6056
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:6064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:12⤵PID:880
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:5144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:5804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:12⤵PID:5728
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:12⤵PID:5808
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:1660
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵PID:4676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2228,11782257686771436722,14409620201261332427,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2576
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1636
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1464
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
61KB
MD5468446a7240461af44b59ebb2047c231
SHA147b7c525dc91bece99df0c414960b9490b986ba8
SHA256ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8
-
Filesize
33KB
MD5430d0f52546401d2f8c037bb84952ebc
SHA1446c9de67e5cc8c01e2108494fa0055693dc6993
SHA256fbbb7e598e30407bfbc0e1415bff3127bf07ff9282937b87330bac620e919696
SHA5126b9f3d0332aedc15d05e0f574e8710678898355cca6b16ec452fc9c3fc80cd4a7e7b45361f0a4f7faf55edc5f6c0c76efbf235b022a895e3aa5a06a4bc843830
-
Filesize
97KB
MD5072dc3be9042b863f465f570fc3efba9
SHA10323377816ff6d31dc7431bb702be82cf0653764
SHA256608f0e85d175cd5a7c54e11d519f682ddd1fa886df48be30f91cc72c4fa7f08c
SHA512361c56eaeec2205a5cba71ae7f26949d80b12a8cf451e6f0b895eeb40eb8700ee5c0fde8cc34d881c304e655ef168b91b3bf241b58db29876e18f6e24cfc42bf
-
Filesize
30KB
MD5e99f1712e9ab2361d5bdeb29f499183c
SHA1aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA2569d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b
-
Filesize
34KB
MD5cd05640564742b1a72a818d15873a1c1
SHA14673e5731f755d45d3899550cc48cb79a40585f7
SHA2560b940c2b7629585e9b218cdd1762c3c79003dd2ac37db8992ecbfb3728359e1d
SHA512b2df34cb210457ed5371085ca2cdfc59c0c1aa291865ff0760805a464f3e6a8ba26e77c5bff1e0ebbcd5973fd85833ab9e71ad2b1a2e2594f7a49c6fd7baa6b9
-
Filesize
25KB
MD5651759109c0101a3622ce3e8d4c98be5
SHA1aa1838164412bbad08112a0895754c54ffd132d7
SHA25601318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA5126313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4
-
Filesize
23KB
MD533a83c16527e4531fbfca2631f653674
SHA187a63514c262ba4bffc52d2ceebb3ca14353507a
SHA2561156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3
-
Filesize
136KB
MD54651a4bc4ceaf8d1811aea20ab8584cc
SHA1e9ba2c1e8b5f2391eac8fce3567c920a68391c11
SHA25673cbb0b6d9c83a076751991cf4db53e24f0a83a6124d74d5fd66cc1d830ba138
SHA5120e2552bdeed8ca32fdd2d9d90c1dfac85514ec4f54840778566b9cd37649109487473b1cd234c0195ddd17e127e185f8782914b2e7dac9bb26fb8233bf615fa1
-
Filesize
23KB
MD5a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA2566add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3
-
Filesize
46KB
MD58cb8f1d27f7825dec81278d4c100cadc
SHA1e9f50d73c41d766d7cb31eedd0b4ee3b4b09df4c
SHA2568b5e5ad206556948105a7d13efb0aa96ee50aa62a0c1c2ad83fd7c8415a270e6
SHA512eab9260f80e253123c478f0ee45ec9dca208d6e21782256d0ad5cab727b1e18c5c4906540019001c939da79e52b482e5616115f6204607a884dfe7271ac5c77c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD55b0de579e17c4fbebbdd1293c439749b
SHA165b4c912704556ef8c87744018d4e029b0322444
SHA256dd53feaed49c776a395d9a626f1ef561be037c7f2f9c53bbe88f104a90d273b9
SHA5129d3ec4e10f582fcd528e74442f736a5a8a7ebbec87261eb262893cb560cc5fe6a0338288654948b3d1309a8227b9e6ebb57060c5cc00afe37083d17d62c550a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize312B
MD5ca09f9780c36a0f1c8bd65c298ac75bd
SHA140a3c0167c97b9caa322c62fbdba1e3a23e8c891
SHA256939d8f4e0ca0aaf6a2495aa8018a707d5a859689b02f9aaacee21a59baa5aaba
SHA5120805f145e4db1466764c9d394e590641dd6f1ace6db5baf678f3faecf8891535ac948f37a1e2d2acc4aef6e1deff68ab171eb483ab2ce6e9744a8b6402efebbc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize216B
MD54417761d2085b8bd4e2438e8dc38a328
SHA1e533589942a7d21e86692876a83045df5facc3f0
SHA256a2db1ac00ce94e07656e5fa024c5d4f824f34957332345562c07c5b8deaa5661
SHA51234e3fb69923cd7e1259adabda0514994f1a0fd547a41acf1e17a0355e8308152080a1ca33788d223bd37d5d57de8b5c41829f1deb0c58fe6b1bbdea8dd985d7f
-
Filesize
1KB
MD562f15006a84ebe87650d451fff0229d4
SHA1bd06aa1944a7dc3d2ab0aac48b79039e8df7ca4c
SHA25654e1bfe798be9552b7f2be5146d0d7c0d630069470b3126439406236b5c3bfaa
SHA512ccd2b822d5544e5e119dabc4f78221164ae32df3f8f469dc5aecf7f41082b62776d718e2af6c99ca9d06ecc55b9a34f4a2f0f06338940531c30a29f195c89405
-
Filesize
6KB
MD595ddf917a3c522d3250a40723c293020
SHA1244841e5c5d33074e44a79257ac278e833557f7e
SHA25631ac09556f64973d1a685f2dbf7a2efc392c4b766a6dfc85808be638482244fc
SHA512e71bd2adfcabbdcecb15b9a6d69828c27e8b483bf4aa57168fc40428ed78ec6324217415f346f3976897923d6931d1561d2f38d918e2f74c4d5cc6450bdf797a
-
Filesize
6KB
MD5dbd35819c265bd7aa57b43c7408032cd
SHA1fb74d29a19f42d6ca999bfcef84c7a21ce86ede7
SHA256037b5965dc0cc1fd37cc44c2f2d84c182157e478379fb7700bdab2156094d53e
SHA51288f5b657a2a82c1fd8630d634d9c8ba85a67e303cb81fcc287fab17e48d45625fa95bc62c0c688575187394e30f474d727754fa7025e53a5520afb1e42de27a4
-
Filesize
5KB
MD52c4851cb01e8f044ab13d820e91ae84f
SHA1ecd6b20ba149acf63f9132d59f7849c938634ebe
SHA2569b9866eddd5a7791390d936821a69f2892186967830884fbb264202fc97cd85f
SHA5121cfeb1aa3ac2f6767f084bd8d279c464ebfca06b3f973deb755c025ba0383c35161498a21baaf24c55866cc0bcbcc5984bdd02299d3cbf3616f0ae7612cc1d3e
-
Filesize
6KB
MD525963721d38c407c5722bd8e1d46e7f4
SHA14572f1ac45411d16964ca8f68910be5d86da7c7e
SHA256b2de78a66b9cae72aa4a9ac5769488a331c9224610780355bc8e1fa3eed27272
SHA512ada8cb20fbd81e8b8d5abfaddf31aac43c06090dbe59ee4dfcf2beb619f9ea460dbb5b68d4d16b534b38c5c072121324da0698ff112efb72888b8fe04a653fe6
-
Filesize
6KB
MD55a03cec646659748d5f3f00464f9b22a
SHA10da7ff2a12a4fecfa05aedef6913f4c99e75b7ef
SHA256d10dc1d61344995a2306da8001f4ff606969c9b6b6f1e44ffd73b2ac80938cb2
SHA512f46bc9a133e882527c0d00aab7ed12f20107b5102e1c68cb33a99b016791c645053f23fb9e7e55f7dc519e5e4d6f68e98614d734439e138267a4a44c58cbbb6a
-
Filesize
6KB
MD5ab50e40c6ef9e2fe4454ffb8c799e2c4
SHA1cb4a549ab9182cfae2629f9ca242fedddac832d3
SHA25609ddda3e98530a7d8da4e31ef7cd123d1cb72e362c3fefe9e90451ef3445fe50
SHA51232d3343f612e62afffa747aa40a7c01fab5107e13ece4acd2a22bdfd0ddbc3e577a28323e229f42ec626b5b5d9b76a1e454f78e3e94c9947f91c219b2d3cfcf6
-
Filesize
370B
MD53690bfac73a98a18440a7c4366501cf0
SHA18d7748ef495c40180ae8b034508246234c550484
SHA2566ebd76cd7644ce36174183f04a76a0b1cc573e8f97edac177e0a92fbb9dfac5a
SHA512a4d2bdf7996762d1f5b952132fcf676b0213c9bdd5dc79e3a1b94fd88e9f83c8b755fbacf53a05bc6992cb13d56efb072b5368aee6e3b17535d51ac22cc3ab73
-
Filesize
370B
MD5413c52129766b82ee5dc8e01b86517eb
SHA12ca13cc9a3019c54c28cbb7bba6c813ebcce12ba
SHA256705ccf71daf5b5689a682f6f9d7d45e7ce7eafd4700aefdfcc6e07712167fef8
SHA5120cdc76f25519b6643779ba116e3047d0ca32a852079cbc3e160d41500039c9ef125c8916ce275ded591a5fcbc1c2b30f138634844b3b9164099de0d6d5cbd9f9
-
Filesize
370B
MD56e00f177e138ff34b8a4021362168ac9
SHA15c462a55ca5a1cd132e7880480e8c277598fea57
SHA25656bc5646b0768984991b8f9069fc6370c9410415a6c250d7f88f16b864f75ddf
SHA512398315a7761bf50fc2f05ee31457ac63c898dda5f33c4d59927ae88c78dfbd916495d68ab1629dbcba1ad22a8d7763975fa17a4b2bc1651c274a37625fdf5bca
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5e3fbe3265fae778358db8e078fc5fb90
SHA1a4ff9ba237dce6047f0026f23ba83663e9a2de4e
SHA2568b80f7da93d3b4429b9458777015c3d0d8764de934281eb15817e93749c54a26
SHA51233ff7f25b0dc6f9353680f2e36306cf0df5056041d505295785cbcac889d29e09d590a5c4819decc1f2663ecd4e3f8a19361d0c4ff6869dd41b7eb632682425e
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e