178396c45f4c08579ff8e65fc804c5e2be55ea939eee6885ce08653026234d69

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28/09/2024, 02:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb562c6c648476278f4ca1cab066a4f5_JaffaCakes118.html
Size

97KB
MD5

fb562c6c648476278f4ca1cab066a4f5
SHA1

b654f73b7b419aa26ef3fbfe58ef586fc316cf4d
SHA256

178396c45f4c08579ff8e65fc804c5e2be55ea939eee6885ce08653026234d69
SHA512

6d3c10492a75810847482b33a5264811bb264411dcf4fa6839ebaa23b4494575cff825e585114d52348569323c1b4b4a4e04064fd8a123434047188a960dc339
SSDEEP

1536:Uwgr8VkeO3Dx95JKg4q3D1vfydCIaj4gHekjJHp16aS6cgRrX3p98:0eO3Dx9+g4kfydCIajleIJHp1vp3p98

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3992	msedge.exe
3992	msedge.exe
2164	msedge.exe
2164	msedge.exe
2320	identity_helper.exe
2320	identity_helper.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe
3888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe
2164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 3628	2164	msedge.exe	82
PID 2164 wrote to memory of 3628	2164	msedge.exe	82
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 1568	2164	msedge.exe	83
PID 2164 wrote to memory of 3992	2164	msedge.exe	84
PID 2164 wrote to memory of 3992	2164	msedge.exe	84
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85
PID 2164 wrote to memory of 4324	2164	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fb562c6c648476278f4ca1cab066a4f5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bcad46f8,0x7ff8bcad4708,0x7ff8bcad4718
  2⤵
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6884 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:3380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1740 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6648 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5580 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10320737146621345042,15855370961136843657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\59bdbea7-53be-4e3a-b87d-5d9c52ac25ba.tmp

Filesize
7KB

MD5
1129e9acddda5cfda263b4a1eff059dd

SHA1
26d266a2ccde8107f883ee6fa1b516a25ad84dfd

SHA256
837db3cc62ef90028eb2a020dd07ec1f27595c1d3c4a88249be2c8f62269d551

SHA512
aa65036873eee0b3129b1fc142d18cd65da82dc6800e2dd28cf2dd990841322fa9cfcb4904abae735e66269909ec0fb724420ac7800d60079f99929525b9d592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5baa6cf0-999f-4440-8841-e5dfef007c4a.tmp

Filesize
6KB

MD5
f820ccee244087584758b9058eb2577f

SHA1
7d38de3eed8a861eca0cbd44480c692112b0b2cb

SHA256
6d9ec37dae1f36f98e7fdc1254eee21e197f805a91626c96f2bee3bfe9bf3dec

SHA512
98d45f5b31aff0fd7e0004e68479d570851aa3ddee6d08c4c6515173312a4c01d6a804209955d39f2dea538288f9d6e108b75772eb562f702ebd9ba0c3e3a22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
73KB

MD5
75753d01400ee6d68ff4876b152eff08

SHA1
88c6d0ad3e53c0d3c853b2c644ab57251f678f99

SHA256
c3535558a9aea58aeff5ab30d094ef8457139764d55b94a139d24fbfe332173b

SHA512
3c4a48191f9be986198917dfe7c9df01f47bae6875f33b835ac5c01f9e94be396e40a5daf53888caac7a03606c6b77d88b59f9b69f3b6c9803104a5805e58b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
34KB

MD5
c1db52e299077620db205674392fff44

SHA1
da4ee2d9ced3f2cbfd9e481501282b54bfa821a5

SHA256
9872fb131b7555b056108b7f9b8baba78bd1bbd594db1171cdc0d5a463ae18c4

SHA512
0448ac5d57867f395f847b3eb4c7992a84191d3e7bbee72bcb6e70a57bbef2a7a5abc5e00be33a4d37ec9867fd555382cec2bda71a02d9f3802c76f6365f230d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
33KB

MD5
9a50bcad57128ffce886371593d2038b

SHA1
4054cc653a9e75bea2abd15b138a680650323f45

SHA256
7056ea19bfac643535dbc4b12731af1caaac38529d31e3db8a40e181ec8da1a4

SHA512
9c80c1649358afc9e45539974c1cda9f121ed8c7b310716318697b0aaceff4865897154dc6c4b35d1f61333d3a17a2385c1ed75b73c463b893bf246be223f6e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
4c3dde7d494d08968493435dd5bb4d92

SHA1
3794af885ffa1321eb808e15b612041fd9920394

SHA256
e5fdece2d66e265aef0137c534879fef29e62dfd35e737c5850bf374e9e30e94

SHA512
3459526b8576e5cd9a6d57a6808b7190a970abc24f0f0f9a73caf16b9483b66e7f2d95db1032a720f88d6dce5f1afbfd5ba85a9e45f87b399c6f9e1d9ef63810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
0a60719e974941a795235a7deb42cc28

SHA1
b58f9fbc8dd7d2df2b130d29e24edc68ee0583ec

SHA256
da3b346d4fcda7cd2a5eaa20a592141150ea18fefd5fc76c253128e9c58e63ea

SHA512
e2b816986c4a15e367b5097badce64122c358cb2c43c27460f78bf85b26c3b1052cc8b66ecd028103b34d2c834b6d4f787deaf24348319d2b4bf24877c44f5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
e38de0130a1b27f396d6a21a59565811

SHA1
5e8bbb5082834e9ff2050df16d3e7689efb82828

SHA256
4f4280e347eaf6d64e2451f646f04410d7aafc34bb9f5296b7110c8e515e5648

SHA512
4b87c9fb9e406ad34efd13cf57a51b8ccd9385e878a0bc7658076b72cbcd0167e170efb9c711c4ba66eda89e7a8390bae5fc200d166dbb757fb13036807bbcff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
00fdea3f4cf3058700f6630ec9137489

SHA1
f2620fb969c99ed9193a460ade4cc6f520aa0794

SHA256
1c508f554c863b2a9a2c407f6e8ec5a8575fa18dda241edcb7c1aca1c91fa725

SHA512
044842d5fb82b039a4c3d218a47418a414e332bcfea4453ae6eaef72546ed40146d977092d268e4a838c0cd700949e25fc67d0e9332c4a2c7c0aa9a914374589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d048e1c9f4ec87e38f014aa09aeb2208

SHA1
ee504e6f6664614b8b0a13a03a34beab1546bc3c

SHA256
0b4eafb856f72c7194d210f1ce18b9fbd2b3fc5cdfdcaa58136383140efba986

SHA512
79f14a253119ea86ec5c7e659bc561486484b6b2d60ba3ce5ebfb5922c8f70e10e3b794f5c005b624030e0c70655bc3806bc2ff8fc9dc9acd01e36136449279d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e1a7087202711b110f00b56bff423f98

SHA1
a308ee9711cd2f7568cc21285fd36e00e37cd723

SHA256
a47630ff1a04a065407257bbd9428700f3b78c5cffbbd1fb080eb20a82248fe8

SHA512
3f8c77abbdfb1f0f89cc29ac2ced342a6cbc7d1e6fb6b7c3492edcf42ff8ee01d609f8b78284960ed45ba29713dfa09cf06db99859239a8abb48c283e287b963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4d3d3fb20caebfc862e81b8a7f1df73

SHA1
1f4e370607f10ff935174730fede1225141162ce

SHA256
b6d41ea532890e6fc24a1cb41ce1d17f7c4bc2d20997e2f92625f20bec5b1332

SHA512
ad08102a81a76fee1be6c3459ccd2d575128592d4006aa46cff13dba3dd60e116363893d9a54e071b7f338e1fbc49e8a1c6f7b0ad19b6e5a0285735d7b1c4a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
891d56ad3e2e165b65a199144a2eb09c

SHA1
4e22f71c309ca0ddb4540a6849de0e4eaad669f7

SHA256
047af846a7980e7c4094d1e8a143572cb8365f634a3d8dc97caa123dd6491443

SHA512
de7e161c25855a36f9d8f6cf30f545f60fc4c7fb7e840fcce92e49056183579b442f9fddac80180aa13cfca71637d03e7c462071b20cc67d3ccbb0b8b9e8fc3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbfc9cde667e4d1d5950dc24b2907c7c

SHA1
9f87e791a774c7b923fb23ec354bdfa8eab35a97

SHA256
a5e73316689947914015baea1d57f9f489c4f26e4acd652c6f31cc89a6304c77

SHA512
c032ae48daf793779d8a1acf8fadb287a15cc749ac97cfa53043d06d9fb85cb482fc2056a8f20b2aba93236aa6a71b2876cc12ac5f5943bb0c831ed0a71fb8bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
a39f02bf190ecd66017fe586c4ff249e

SHA1
fe9957ba8c802a12c0abea1e3cef2b721a966bbc

SHA256
614601890f9800249677c4ce180849a9c1602f46332b7941c74fe0de0ab931f3

SHA512
699b86c2942d06b862b67934232a78edb5779d56e1727a537ff4eab8ef420e1996bddb2df263388700978106fd8fb90a36194f8f5539005b62b49d4d7ca40e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
c6962130be35fa6b537499d9e684aa27

SHA1
7a969c974cd05e382e0b9c687346eace2530e358

SHA256
dbae8c72d8b0b183d228ba26db087bbc342b87fba92c685c60d61aeeadbfb2bc

SHA512
37031b9608cf4421c246261bd04c93b8f278fa4d185d845f4a50c3aa634c689be18cb2c2d5a4749006adef0a9c82ffe447f7a6a4d07e576c7722c22f8b88d351

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
aadac86e3eb422f1f11291d08ed58ee1

SHA1
7c0d7f59a4406ff6ec4b4dc7a57b255542dd7f82

SHA256
f6ccae98534cb26e235efe23c087ed96684a0fa387d59d63c27b0d5e1f84d070

SHA512
ace95773a1b4a42f059a19e3be6e255a3d98a42e4f9bced73979399c0609a5ecdc3bf619593eb57226c79c6c6fef26abfd8da9057f205fd454bd5cc633e8a11b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5881cd.TMP

Filesize
538B

MD5
0f4ce565e6cdf91454d02ac3f7c7c894

SHA1
6e7d851a235556c9674cc4ef52da4cda3e9e2e39

SHA256
45b7aa5a386783b81aa170e99d84f74c5fa90ee77dd377d55b89103997558385

SHA512
1a108de81589c0ef2e9828524eeb164edf31db6a0456d67f4ac6968dd6bc191b9c0461ce51ef6c29574e188a02038d938ce41dd6b4d8ad2f9b2ee6d0a0b6f14f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0b19df46228874d8327dcd4d116b317c

SHA1
39be86ad62744a9a376a341d6c0801b3dddd5f1d

SHA256
e97ceb44a7ec25d3a4428ccbfb498ffcf5225505a60e6fcaa6b37f3ea8012d22

SHA512
519b07a64617f00c91fa9c4493405ceedbec4a0ca6cbc56338dc4ac43bca23ccd2a9e395115474e2dc334cc87f809593563f37497094b163577d9f0721daae7e

Download Submit