3e25f3c8a2228796b33fc08936d2ded3ec43fd1f1422ab7c87f8e16bf589086c

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16-10-2024 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d30499f122e5b8dbe6edd2c63050801_JaffaCakes118.html
Size

76KB
MD5

4d30499f122e5b8dbe6edd2c63050801
SHA1

5901c00dbe576c2b2b997696768d7a4822cb5d3f
SHA256

3e25f3c8a2228796b33fc08936d2ded3ec43fd1f1422ab7c87f8e16bf589086c
SHA512

eadc29454f5abadc7b09843aac78bc5b186d6d0730c139a60301aab484a4251911d247cae81e0e74d5766f505adcbfc52c4bdcb6cabc143ec8d7b460e6a428d0
SSDEEP

1536:Eswgr8VSeO3LBq9qKlF4TUnmiaS6cgRrCQ9v0:leO3LBq9TFaUnm3sQ9v0

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
2732	msedge.exe
2732	msedge.exe
2920	identity_helper.exe
2920	identity_helper.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe
4616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe
2732	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 4940	2732	msedge.exe	85
PID 2732 wrote to memory of 4940	2732	msedge.exe	85
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 316	2732	msedge.exe	86
PID 2732 wrote to memory of 3976	2732	msedge.exe	87
PID 2732 wrote to memory of 3976	2732	msedge.exe	87
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88
PID 2732 wrote to memory of 4576	2732	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4d30499f122e5b8dbe6edd2c63050801_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa048146f8,0x7ffa04814708,0x7ffa04814718
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4912 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2084 /prefetch:1
  2⤵
  PID:6016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1684 /prefetch:1
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2664 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:1
  2⤵
  PID:2200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12212038491994386321,10009864641721214961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
a54c41cf7036861af3ae7a24f14b47c6

SHA1
6c19bbaa0f4c7926d269519602444ad93dbccdde

SHA256
6b700aef791f926a10ac46e8afad3515706e03db96d36c22dbb4a818f217e43a

SHA512
a1e49368cd6b0da73f78017332d0f472c1f344d466687b2f931e8b4eb99eb637ccb321c5e009cd6a8b920f788f3d58a713fe9a0578fd6ef79c8981bf7b5e8267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
30KB

MD5
e99f1712e9ab2361d5bdeb29f499183c

SHA1
aa1ad85ed4ca152a807101ebfbf7636c49495236

SHA256
9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460

SHA512
686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
651759109c0101a3622ce3e8d4c98be5

SHA1
aa1838164412bbad08112a0895754c54ffd132d7

SHA256
01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06

SHA512
6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
75KB

MD5
fd4ac951178af181945b2548509dbc8c

SHA1
d61f40f3f3c59a4a2298c864ec7d7336a62ee901

SHA256
246b35a2e85396a5a3bf2737ef2665788c0bc1cd383ebf8bc90e56cdd841c6d2

SHA512
6b77cea780b18d371feccec8332dfbb025cc822675ce685f33731faf31594f40b2ee5926219b1e13fc98df433d3f8c0ac72d6a2a1b971eb90fa8199278b1a3a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
115KB

MD5
004cb69995f15410e8e6615957cb32d4

SHA1
3179ba8aa8450a8b3bbf30a3d4646ef06044df73

SHA256
28220f9dac7c6c2173af0f2012940309b519ae42a8323a7dda33602769a6ddfe

SHA512
eaec68e78a253b223965d31f7d10b9f9d2ef84b4726afd5e593733b111a80af2cc12b188b5a698b09886ae51cf6fc60819915fc1c09f2ff7c4d988ddddacbe2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
45KB

MD5
ede70f717200a59b4cb831635de913a1

SHA1
d4d6e893ac192b5df087e924ab3356852f8a7bc0

SHA256
c63fbcc69de230e4844cf735ccf668eeaf30e42126eeb464da39c2de6b0b0051

SHA512
b621bde28b90ba97c122677989d994cb5e88fd0906366af1a23ad3f9d9f3b7f2bbef95873f29100433d4068fbbf7ab798505e68deefc118097fc5f76dfc4b672

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
46KB

MD5
433090c7edad534ac2683a2fe7bd1b38

SHA1
0b5944ba18fb366e743d214ac6824af37f61a0be

SHA256
093a80322597bca5428fbd4fe797c5589ebc46d665b6b3c6bd4d1797c5f76ba3

SHA512
b1669914e263234544e9f2b86d1a71686a96616492d30c855a533f5d586d0a9ce6a91c74ad37704302e2584d9f8904ec402b169d42b28285b4fdf9aee6389954

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
6a42c0cc1f60d83ea492541fab59ac26

SHA1
07da0a43b5d370a8ecafc63d8a7537ffeb0374f6

SHA256
0598183de44733071c46c08f4767b44dc18b7a2925c1e09f4a1bae6dd4f57398

SHA512
1ffc00dd1339175bf758ec578c3fe718defd002800def4c84c49af365eda667461aa108417e6dbe6191afd56880e90f5d5a1457b7abd850b9a1fc6ec88e3e4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
5311c894154328bded13f089b05876a9

SHA1
b0a346e9316cd9e6154e1d05909b0b1eb8347ade

SHA256
46b8d29773d1f222bcb423bd18f68948bec689906ee26fab7dea3773dca3f9ed

SHA512
f4247c16c20d15bc3fd6764e02b33a701278e139d97b25a56f563f95eaba4e4403dba41ed52c8f40c5ecef51576efa053d895035c83307062a2049d1d048e148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
a9b155702734c98453b627cee58d91ee

SHA1
b581b30abbd0b818ab6353b99ff329c9cdca4953

SHA256
67241c56feb273b34e9e75a777c9d6b106b7fa3055b874e0b96444d66199fe23

SHA512
458c443cb17672fa9e4455ff353952baa1729a504e7ae00d4aadcf271814c97da44ec782fb8c6272f8518691260fd5bd14955cc619e16cf8f0c7fcdade8cc134

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
fd384f5789277d644e2577422ebe6e3a

SHA1
70a475e400e6f444387903ee4ca86f6f5a31def7

SHA256
392421e7716517fb384ee187e228a3a7d5f7d69cbfff209bec026952b40ac5f7

SHA512
accc70d2961b91eec5917a3358ca27880ba9ba09047d123c77ccefedce885b13a3749a5f1122c6647982f1d3eca748d0e6477f3e0b38085a735520d9b811927b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
651b509dfe7fb81e91596ad1c9cd1121

SHA1
422dc5fbcb7f2107419e2dfa51886a37fd12e1f5

SHA256
056b90ff418480aff094b795b496b02e4e81a0b8fda24de4a5b76e6aad42fd91

SHA512
67cbe332b537d9052d7824e03003f7266a55b0b872e57fc6c39d71af7098633cd1bf251b1af697ca7b766f459c211c7b285f5b5f1a5386e6881c2b8f46821d88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8de9aa3de94ca5d0af8aa0af1889d65

SHA1
8595779290f721f98da1573d240ed8f4e14c6e20

SHA256
d096ee965f6e8f625471ecb49352b8b0b096590f32c1f697b9820061071d8f5b

SHA512
67d37abd416f802c41c00e580f53febf06e34a32c24728143b9c07b2caf8a911fccff79a47d930d4d95707bc52ec7f336fb201b3d19390a3036b51edabe6109a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
45fcd8d91764ed6eb40858a103cdac6c

SHA1
5361addd454bc3ad8f0558b25ce089b776fa05ec

SHA256
b79125da491e015ce9d095f9575a8533aaad612ca73545e5398aa8b672f862bb

SHA512
a5abe03b37f9c7fc4b2ee61a0dff0f8ad8f66fd8e512de346cc4ff7af1ee91dc919d5d9c6b89ad7d4e00f76126c482092e67b531cb7d917c4bfad3a51da8d330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f3696bc289c11e199241366d7a8f5df

SHA1
5239792fd9887cb359b2c20dab77a28f7fc2701a

SHA256
0053aaf5b35f516414d089b959f54bcfdec62501065d26267fad95d0c4fe6a5f

SHA512
d14d5474c554b643e9ea26e503bdd68d6179a7a59233941599a4604864e48d1d6655baf6ef5e9281db6dd9b4fcf8e956c15c7cecf1c6434846f7cafca2325150

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b8da44f4852d5a4675275116490b8400

SHA1
68d0aa41d4e214265d092cb1644fdcc01cbb9aa6

SHA256
a94c1f6ec26e16a57e50613a2ac4976d0ebc73ec50e0414e7ee72db608bfc252

SHA512
4d9a6054b5c189f8f9d1ff00097f0d9c7a5cb666a0e89b850d19dcb862d575ddb3709cb6cc64143459df291418535bf293d778893f1cbfffa14f91d1b6112a44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
53ba712d39614b3db13e93a8f41eaa28

SHA1
7e561cea6bcc26c474e850b2aa161b46c5248b46

SHA256
fff2d53252b49bb3e9d6d8d21aefa505e5e7be499c264d4746afe0722b2e7be0

SHA512
cf4d668fdd998e04580369714e3747f47444cff8999f1641e95a4345c716bd032e84974f518da304e9acea6d40062fdb4a5b3ae567fd5e9c683951265684f2bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
35a96d3c2d64f26e9e2a904e442bb631

SHA1
7b6e807c3161db7e15d106b3cd3bb88bde584aeb

SHA256
7bff97949e607df75cd7952a543b08df7c436e2fab93812b6f6290efb1e4dfb6

SHA512
82bd873b538710ff05ffe7af29316db7cc5823a849c94267276a450aaf108d933ecbbfaf5d62accc582c2ad2e1cbcb44c5c9ad900bff27081d8a255180cbc342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
a525f5c4dacdc2c5703f60ac8b55c1c7

SHA1
899a46f684b92460f6eae14e7c8556eeb504ed30

SHA256
e5e48d3df92deaf7e64ac006b3a612046eab7ed197073fa4adb43f93310c35fa

SHA512
a52ea504318a6f5088b209c3d7ec784c5b76637efc4dcd3ce24419e380e84afca9b045447733660d99846388e35d2e5ccb5243f0a9c642903136a2394bf3362d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
ebed9ddf0bdb58cbdcade188824f00dc

SHA1
1cb63f2ed090c63a6c1c29870ac6f579a93ffec8

SHA256
c1ebc70987e86373ef414f25b869edd930d1cb4bf7532dd9241116a59a032806

SHA512
ba83990d62115ebc59479f28d91fffe970937975724b75590ac4aa3ed4a4023a4005a1776f89bf2875df2f2ba15a1eae3dacc336ee8559b86c80cf9b8604ded4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588577.TMP

Filesize
203B

MD5
9708dfec6cea166376f929e37f572cad

SHA1
69e7e3442e47c0651ccd4c01dea9e15e34f318d4

SHA256
3ed3eef3b8b4088515c0228ffa9b7768115ed543cf321104813713f58b19fe28

SHA512
67544c20d3ff65b09237543ebb0a3bfa9ecb69c357b028c2498c0e5ecd85b0c997effe198d084f13a2041d4c60ae8b7c971ef953b379deb42863a4802f15897c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dab8151a-47b3-4ecc-81bb-e03c6fae4fb6.tmp

Filesize
6KB

MD5
7b5cf16a5cc0cd106948a33889d36643

SHA1
2b6b680735f5551d0302a5dd3267f4b61f95c72a

SHA256
5307f39cd0c37ac1128c7c083c245f6d67fca41bb9dd958efe3e090c06c13708

SHA512
b9a5886dd7ebd5c60e2df0773dd1c0965ad8e885286b451de5fcb81144c8e670027e39b4dceae73eda84aee9fba73ddfcf0a562baa7d7702b49ff92c4e003c46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
46af228f279b766151d5d6dd44ff062e

SHA1
4940deffd07506b5101e2ba2b15044c776d2775a

SHA256
9d3fca110fd1995920fb8a36c9a059d62b8f364f5f3be2b8558c831b5d0f5599

SHA512
2bc62983dba4b62e14be82343ab91189fbb23d9c4f16dc33708203a92601970f903095af13b2962474a6c6c2f5e3c28acae82ed8d8d6c364631442cae9d013de

Download Submit