20a8fb6e1552bfba8e07c7766ebccefb528ca501466e5ad89ea060a520fe34c8

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
29/08/2024, 08:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c878249e6c2c7b184ea70e6e5fb9cd5d_JaffaCakes118.html
Size

82KB
MD5

c878249e6c2c7b184ea70e6e5fb9cd5d
SHA1

53b9b0515b731d5ec196c0510d37e9ee0f77f92b
SHA256

20a8fb6e1552bfba8e07c7766ebccefb528ca501466e5ad89ea060a520fe34c8
SHA512

48d077d18cdb4407fe547e51d66e21336afb56e79da598d8b253937cb0ff9a54830a356439c74674c7d14ad4a6a76fb6878eb8a7be1dabafb52fe8e277b4e492
SSDEEP

1536:6PD5HnHH2daydZrA4MRIIIIIIIIII7vcssRHRSnq0eVRR0RajWgxZGCXv5JcssRg:6PDtHWs/Y1NtVlFv7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
4040	msedge.exe
4040	msedge.exe
4876	identity_helper.exe
4876	identity_helper.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe
4040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 2240	4040	msedge.exe	86
PID 4040 wrote to memory of 2240	4040	msedge.exe	86
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 1648	4040	msedge.exe	87
PID 4040 wrote to memory of 2256	4040	msedge.exe	88
PID 4040 wrote to memory of 2256	4040	msedge.exe	88
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89
PID 4040 wrote to memory of 3416	4040	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c878249e6c2c7b184ea70e6e5fb9cd5d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa8a1f46f8,0x7ffa8a1f4708,0x7ffa8a1f4718
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1292 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  PID:524
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:6004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7152 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5559892926045588358,15197867037040649266,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
23KB

MD5
a0423f1305547bb6b8f5a4fb1a9fc2d8

SHA1
092dcf1fe57e6bb53821eb754e04188ee70602d5

SHA256
6add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8

SHA512
b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
33a83c16527e4531fbfca2631f653674

SHA1
87a63514c262ba4bffc52d2ceebb3ca14353507a

SHA256
1156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4

SHA512
f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
720B

MD5
fcb677911a66330efb58562506651887

SHA1
900e39b8b4396511a18226a220c544bdcb4863d7

SHA256
76da90d1216b58a69d9016b5e7239a9ac7fa4c45e8f10b2cab9786a5eb40400a

SHA512
b88e5a7190370fd81e9bbb9eea13d2146d8d18c309e4f0ebeb57a1d7b73a2bb2e8ea770fd4daa0dbeafeb7eda5e38d9c93b6d12727066477d719767295ab0c19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
57556adc7131691751eeb4941b9415cf

SHA1
dae0b47d2e48bc9b60e301544df4773dae170201

SHA256
639473e9f7a386936c3efee286d364fd0525dab6e459bcdfdc4e09e3c79ab87a

SHA512
c73cd958172be73ec419f3183e403d5e78e0e001a12fcf63ea27dd74b737841b6762592a72fec1a9e87a6ec115003cb4e9d8f0b7d863583af919498deb578a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4a7f47a5c3f311de2ebf2dbf972eca47

SHA1
d666ba04cc40c9f4db8a4a940b7afbce69e61b82

SHA256
2dc34f40c96fe5f30f7b99913625b40e37131d4d41728101bf59f8f71c77ed37

SHA512
72bf9505eaea1c560c0490351d40ab679b8fbe6a5f5f538ae7ca7cd7af09a3cd0fc63b5281bafd76f1a4f6ded21b9fd051a326d385bfd40522ac9500407a1442

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c5520b738ee3f39c3796643346029556

SHA1
caeb7b0f4e9eb8b69fd1df0d640efe040f4fb377

SHA256
00e15de8d1be2817610d8b95ae15f4f708ce5e4d7fec61fdacf13fd664387ee1

SHA512
d5796fecae9879e57bc6acffadaf647e8cbc01ba8ad664a7190d0523eb275bbd93a9825ca059e3dbc91a591472cde434144f67b3907e2c981c43bb43e137467a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4eed5ee3432f1278f22256cd5898397b

SHA1
cfa6d4324c74324442d578054ef9a91d57e29165

SHA256
7afc8134273588a718d3050e08b4a0c3b8841edf179a7e090e7166bb58bea6a5

SHA512
4b153c9941e6122b0dbbfcc9a0a914b456430dd349ae8f88eb1c33480861cf7b2a3bf170d7f25893f162c1b71c3a6fb9de93c552e50caf958879fb02293210ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0bf33240ba2bd86ac843ec2a78e01ea1

SHA1
6093af67750f65afc6dbe24cf5d27c785ebd08ee

SHA256
b7b0303ecb54d3c5a37f80b9eac9bdaa524d629a19b9785686d6cf7424ff5f09

SHA512
5910b01c5a2c1f2d476a1668cf35e1b9e9d6b5bc1cf26c5f436b141f65a05b12777505594dd33004cf4d2317cdc158fcc13bbe586d3d466c71781d1531e1ecc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4054cb83f3142ec202f8156354908f0

SHA1
75b16e8b62504dae6ef3d4b62522385f830ae444

SHA256
cb7b22951ea1c28ceade7a7aa66fa031ff173bb71c7689ca33659ec29f99e1fe

SHA512
6867a92a9f5e5700f998765a6f2da4db29aee7ee02e06dab9d92f9a67ffb14cb0159d4ad7c636c78bc38c0598922704fd0341c0843f8668de808599742e7dfb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
fe9be521c69ad4779d2be8987c8b056f

SHA1
229eb79713cdcd19acb146e9fe699b03f6c02cbf

SHA256
7b335911dd6e787595489b642a973a559adb45abbd7ef9672b6144b91b6f2c57

SHA512
1af01e626d9ffec7a2bceeac45680b82cf1ca7321aed684b4e7ba8d65402d87d019c433e1a3ac13e41f667699513e6a79a5018efe124c67bf0fc09b003f0b058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b1a76b80556a431f03ee500ad17d06c3

SHA1
c3080b07b1d6174e8311521e5e65ae05f860e0f3

SHA256
5c662e95ea17f662b1f4aa1e4b7ec21dea27763eec791a28ec5d301ccd9a573d

SHA512
9513f04e04a0e766a9df9ed11a9d28f5c143dc0ee036f4561a42127ff46f833348384c191079da8205c0f82fcb015fc085fab14bf4cae21c8bcb881ad50e3425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
6af99f4c8bd855b25b19df7b9919ebdd

SHA1
6cfb42d0156015ee01c2b72e2f897c2e0535d724

SHA256
3a9c9aba75137447fed2e14a9b9f6a93faf36eff7234a5502595faee74a9b64f

SHA512
39a85a53040981ac3fb862b5c399017dad986e94e4e7b07fb7b7eafa3490c85fbdc9c05ff632b0259c8959c635d8899f7d698e5b6fd9973f00ccd5dd57627b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
17fc3845bbc7c80e8ba6f908222425b8

SHA1
45bee418baea6364c53a04955b75d7596dfb531c

SHA256
6d931b5fde695a3a9ac2d3ead7896930de1f06d7cc9f8d8aa47e7fef8fdf963d

SHA512
52f70969aa59c8d5f406f9553d45e4a8a69a67edc201aa909c35d3a679c9fbefa74901626fad50e062d083b9e4d4b1a8558fd557183ad490aa16a9903bfeb0a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589d54.TMP

Filesize
201B

MD5
e39a6e6091d810abde67a45e1d8212a8

SHA1
6b4abb78f8a8e4a5fc6f1034df57267ff333dbde

SHA256
2c650ab3f653219eb8d6019f3a9a2cc2f10f7f4630ff591664ab961057e1d82c

SHA512
e5a295d84c16b37da86c1054ce0fbe46360095476f9440606134f8c1c370f57c80689a1df5c91bb2546a6fb3fcf2bbcb15bd4cee02e82095cb956f1b4264d368

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c9bf7e999eed61f96d111a80b9f57a1f

SHA1
49c9a64447b740687ea3ac7b063b819bfb097a11

SHA256
32d0e4ad2591425582346d5b332a1403e184d9995c7712744a2f22d3d64117c0

SHA512
00eda428169d18fba194dd0ad6c861fa305b2b8b91de5a1cc72aa1293988c77062bcd1bf7e758b9d1614df604bf5cc86feab73ef7636ddae41d68405e3d9628d

Download Submit