08515e9671d625ca63f4c16df89d819a29d71ba591d6d10af7a500a59d37011a

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-10-2024 12:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

47d3fe1da543db9cf370f5eef99c73ed_JaffaCakes118.html
Size

128KB
MD5

47d3fe1da543db9cf370f5eef99c73ed
SHA1

92be5611a7373bc546ecf34f7c2582791984a78f
SHA256

08515e9671d625ca63f4c16df89d819a29d71ba591d6d10af7a500a59d37011a
SHA512

2672adb33461cd8fd16c95de129486a63e668c773ec2b7091e0495c4518e27e500ae3f27f139a78f632f30bd997eef4bc8d4333cdd7f93a2c302c2ea23cc9712
SSDEEP

3072:eJY8Njz2S81Ep2avbWL9DpsMlkeZAalXJ2R/I6t5Ej42hn1GC:b8RQBBEY7

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
2584	msedge.exe
2584	msedge.exe
4852	identity_helper.exe
4852	identity_helper.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe
1936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 3232	2584	msedge.exe	84
PID 2584 wrote to memory of 3232	2584	msedge.exe	84
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 4700	2584	msedge.exe	85
PID 2584 wrote to memory of 3628	2584	msedge.exe	86
PID 2584 wrote to memory of 3628	2584	msedge.exe	86
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87
PID 2584 wrote to memory of 428	2584	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\47d3fe1da543db9cf370f5eef99c73ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff575746f8,0x7fff57574708,0x7fff57574718
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6280 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2404 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6408 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,2094496730023064706,12814201022972147347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2432

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528 0x244
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\872ff87e-7d3a-45f6-b676-839156d6bbe2.tmp

Filesize
6KB

MD5
7f02a8b61462e5e673dcfe211152522e

SHA1
cbd2fecf5eb988a56752a73d656b8657d39ce0dd

SHA256
b87309d4ab13ee1d1f7d6e114a18fafa8737ce095cdc8466aa19766f07dadd9e

SHA512
bcc9d01cc9e77e249aaf8d68f929d6607838de4175afcc0432640550b8ac611f808c3d6aa0902376c6160c9fdf48bd436f95d8b07ec3c7c3e4dba97db2a7b550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
23KB

MD5
c6ee151c95d5bd2339c67eca774449fe

SHA1
c2de7e4a87b91ddd246fee53b8274b35fc55603a

SHA256
65edc4727e2bdb04a0ad28564af17bcf3bd7029811429804d283c8f0e186ce09

SHA512
eb04604f00aba42cffeecf266cc7dbfc096708ebe615ed2141bd422585db26a12b54f9c22041c798cb01e4c3d3e5c70fff935b0c7a508fbf61f6201c3dc678b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
82be009bd1f41a487a56a76113d7fe85

SHA1
35901f0a467b186916f4c0ee61a9d276b5b6bdbb

SHA256
6da0b17541177e8597c1343f94e95ba47ada209ec0d41c2328b6282cc7f23a8a

SHA512
fdeeb4b18b5f1364cee31c87156f2e47c540902109092904b3dcdffe4abdbf04e49e4897d6516114db12c0aa680ba88916400a727f484d404645384b164a5528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7e82160b5f903a3e1a7c0ed477dc13fb

SHA1
0a8d2bcd1bde4cceafb557de9703510bb9172113

SHA256
cbf2d9971fa957e2df0bf00e52cb1468b591069ec7c3639a5316be5d5231b995

SHA512
40826017388ce49dad8dc246195aa7c8261631a55548e1c7a9c018b906c913bd8b887347544622a49f5492de068507a39a4e2fb81a10c44f0d278b68830930d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6637c9168935c32a015eaa996425a7fc

SHA1
36e86f3cb2ad1da3d68279941209a7824d8994cc

SHA256
9886c408e7e29d7cdabf94003cc6c5e38cf1b96b9fed893709ceaa96491ac251

SHA512
befbeec68310a69b3c19f482540f43c9c8083b9a85666e64fa02223e50db01f566d426a5c4e2d47f8f2f27d2e7756bc211de63bcbbdf611675ba4d662f488a12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ee012dc340ea1af511f8dac89422e503

SHA1
80f5e58f079a6676adeeee5a977cbba24da4e9d2

SHA256
4deda918be63bde3390da146251d7e0610fe88e6fbdfdf7f14a56c8d5dcbafc8

SHA512
ea5178e24046398e0feccdec3700fd0be0dc7f574dd90b06f95c006945d62695f6e86b1201aa492ceef239dae27f533c37bf8747b5abb444cc2b12d6423f474d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
73cb99256f4faaa42cd945617b8b803d

SHA1
e1337fabcdef68c2dbc0bbd128bc372a83ae020e

SHA256
12d6d1afc80eac95d1d7ea99854d07d2f26681b613d3029205c83538216f3953

SHA512
805686e3fd103e62808d39699fa22bf6482c91722e05fd7db69675db42a50599918036877314a41a44f4c23ba49196be905222153022e1f2963ff6a6d7ddbaa5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bdd1a443ee1276984674bb4d989944e7

SHA1
fd220ec013f3dc410d8ef22fe2aa36d9207e9f13

SHA256
a531ed17fff68b06fc2dcd67c2145b78c35bc1f1e36409ff4e9be65dea01dfd5

SHA512
6718239213cf070b840f61def2b33d7045eff05579bf2a93128db3ea87e09ab6b2ce62e6432536fddcf06ddbb9823dac2f91b082b55ed9929338601ca8a7b9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e86dd52d8a8fcd7dc28dbffc6a565376

SHA1
d2692518e3a7984022de1a28ecef9412ac1011f5

SHA256
5fd2cdd104d1cd8df5cf38b1d20c7867fd1670c43bbe7df39d8245945497416f

SHA512
29cecc95dc0089971eadf66ec680161c0f274307a35be389e1d2814a7496eb8d6b87e8ef01c760ca5fa72863e06875852e0350e83852669cdc9bad1ee0f90af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a2d60b5ead27dc77cea3337922e5e9ae

SHA1
4918f83b85044874c8fb17f64c30dcc20747b474

SHA256
5302ddf79e8e7b593123d82c0ae6487427340773f0c132594709e7475e048f86

SHA512
62e20abee33565d0766f07a2f52527670936318b61bfdb5bebc007b139a68444d779f9c5896704568c1147d8de93e038f491d974751eeba92c4703b536e4e375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
90d634e54dcbffd8dc64a85df87b8925

SHA1
bfc0ea6dbe126083a84756f4fdc3c1ee6ef5e309

SHA256
79fe5f74ce8710a21dc19c1b53aa061a58336261b3123795f719b59a69737af4

SHA512
083e2459ee086056da152d281edebc55e79b120a440fc96d1465745a69cfd4a1eeeae90b44484ea37773d4b57d105ae57502cdea55a7cacdae236dd6ee112570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
200fa353a6cacabdd99208cc96cfec94

SHA1
377ea7c2a7b732e6a96c6b0c8cbdc05b7caed71d

SHA256
ec5a042a6ac3218ced2dcbde89358d303019b4bfc09cca5501a666ad43bf2eb2

SHA512
f02f36e54948ea37f959162fcccb25b869e65a338122d27fdacc574df7bf5318c60b64aa98f2b3b7524e902f9c4a6cb5ccb8430af246fc28bc6a9e7465ee0492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26c5e0d0788b48e05e17ad0f10440ce2

SHA1
0c9a07aba2010839bbb03ca8572d79dcbad69354

SHA256
61d600160c178571cf619d35b2e10051865aef98065c4da3d3e1a711b4a1c933

SHA512
29ec6be8aed818756614b8b28d07425601a0b2d863590126bb594e59d328ddf852add5fde85213ca31461f7f7ef2f008b147d15b1e2a7be9e8c6c3e9392632cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
869B

MD5
6fffb50128160d46fce00950591fcf80

SHA1
cd27c6913e98deaa4547e4ef8809953e8d3fbb1c

SHA256
171396a3260d61115e2b475c1d0fed69259b6c4b591b1a7c7511756374d259b5

SHA512
d53186d64a4b747d8a15d72b5770daf06d9d6b11c015bafe05bbf8dd2675e3b0c7872b1f6c2f17cf6716efa5461e5dcda9ef0d950f9bc5b82972aca56aa32804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f879.TMP

Filesize
199B

MD5
2b5c22251adffc298f0f0c6224811deb

SHA1
666bc9ae5d946e981f86d8fa3f8303671989b4da

SHA256
cfd8193802ba4959e881d59fe80f629a29da8ddc4e974a1bb6d02198877c0188

SHA512
2caa1e9c7f098bd2cd735fb5f664abde9f1d52587a5dcf8d05d510d71ffa2d54801b27613493f060c27815947763f764a71fd287134d743fe2c78fb369650d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7f007e6df7eee6a449c78d69eef7c9dc

SHA1
207b7e2cf4c8f3cee3f91cabf1bd9dca71e704da

SHA256
57d2f4800981836b73b93cffeb349f922aa488eaefb5eb121025e05f840f89b6

SHA512
2410941e00a14e4f6e274ede1a44c5b2b5a141a161da17af59c5a3ffdb3db2df8fb66be5e40581f16f2701a7703972db8878168768e31360746b94e359c97ffb

Download Submit