Analysis
-
max time kernel
148s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-10-2024 11:16
Static task
static1
Behavioral task
behavioral1
Sample
6a38c219fd48ef4612bfe08918016a00_JaffaCakes118.html
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
6a38c219fd48ef4612bfe08918016a00_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
6a38c219fd48ef4612bfe08918016a00_JaffaCakes118.html
-
Size
76KB
-
MD5
6a38c219fd48ef4612bfe08918016a00
-
SHA1
86e27ab95ecdf378bfee7647dff17a48395be58c
-
SHA256
1d018621ad6a0d415247ca71145c72e91e86b240f743997a53c9f299447841f5
-
SHA512
dc33a1b7ff2512e30f79b9e5eefd9bc2eea39491eae5b4ddba7a7fa6ec6bfcfc59f1fa7350934ed4747d9d985530695316cc7a64cdb0b71b948b92eeb5f29ca9
-
SSDEEP
768:BWwgvQO8s4/KJ8HO3xriZGPejixF5++ttfWaS6cgRrhFt9BU29bxzR:owgr8VSeO3xmZuJ51NWaS6cgRrhFt9Bt
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 3508 msedge.exe 3508 msedge.exe 4932 msedge.exe 4932 msedge.exe 5220 identity_helper.exe 5220 identity_helper.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe 432 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe 4932 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 4932 wrote to memory of 4284 4932 msedge.exe 84 PID 4932 wrote to memory of 4284 4932 msedge.exe 84 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 2520 4932 msedge.exe 85 PID 4932 wrote to memory of 3508 4932 msedge.exe 86 PID 4932 wrote to memory of 3508 4932 msedge.exe 86 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87 PID 4932 wrote to memory of 3892 4932 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a38c219fd48ef4612bfe08918016a00_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffc5a6646f8,0x7ffc5a664708,0x7ffc5a6647182⤵PID:4284
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:22⤵PID:2520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:82⤵PID:3892
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:12⤵PID:3708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:3172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:2088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵PID:5104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:82⤵PID:4040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6868 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵PID:5232
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:12⤵PID:5240
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:5512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:12⤵PID:5520
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:5192
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:12⤵PID:5200
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:12⤵PID:1708
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:12⤵PID:1924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:4392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:12⤵PID:4312
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5700 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:432
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵PID:5688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:5988
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,10438696664640570384,5101730483894344537,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6464 /prefetch:12⤵PID:1096
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2532
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3792
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5bffcefacce25cd03f3d5c9446ddb903d
SHA18923f84aa86db316d2f5c122fe3874bbe26f3bab
SHA25623e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405
SHA512761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7
-
Filesize
152B
MD5d22073dea53e79d9b824f27ac5e9813e
SHA16d8a7281241248431a1571e6ddc55798b01fa961
SHA25686713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6
SHA51297152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\33a072a2-0788-4e0a-9442-d60856d9634a.tmp
Filesize203B
MD5c2642128cb5c53ba56d41889d6e8b924
SHA1da898a1ed817a07a94c270ceac48baad0d099404
SHA25661ea3ea0c76eb593d6709f651cd3bea85149b94930f6ad37433814d76fe19bd3
SHA51271c43837b930e266686c4638b8ec7779bbfb605e35d5e52ef63f513c332f2cf7b1afda4e706355ace9b0ee5bba333758de6ecdbe8fb3435ddf9d7fe3a763b8e3
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
61KB
MD5468446a7240461af44b59ebb2047c231
SHA147b7c525dc91bece99df0c414960b9490b986ba8
SHA256ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8
-
Filesize
35KB
MD5aeeedfb5c652fe157e093e3bf5bbdd10
SHA1549e91287fd28e50fc3a13c4d32188609404e173
SHA256efdcf4b39ba18c96804ff82a6ee1533cb789958de5a533a261d2d078bee4a1a8
SHA512a277464695732e7ae94df557c9eefa1544df9ec233786ba83386f52021995848d24f255ff49920e50e403d9e3400fba28e69be6f4d8b631473a99647162a8693
-
Filesize
23KB
MD5beda68c7227c7a5a9f974b1c74d257a0
SHA18a03576d27c23e9612bcbb5b9e758e4535ee4c81
SHA256e9b270df7c8655f05f8336e4897debbf71a38a69c3030f33031376b4257addb2
SHA5124e178897f5ae13f1cbb2b374918e22b5b281a78e3362fd6125701776c8826956c06153147840b52aaf4316bc8078059f83ee4758d84cde70190bde8f1f36e619
-
Filesize
30KB
MD5e99f1712e9ab2361d5bdeb29f499183c
SHA1aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA2569d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b
-
Filesize
25KB
MD5651759109c0101a3622ce3e8d4c98be5
SHA1aa1838164412bbad08112a0895754c54ffd132d7
SHA25601318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA5126313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4
-
Filesize
75KB
MD5d8f203b2035552bc109ca18129d0e91a
SHA10e05b046dc9ed4d7a7e50e28ede6a47093caec16
SHA25617e9c7676d07cecdc4e7392fe1ba34f4271c576c0defae26e7476b51302a545f
SHA512ca0d546fae68c1f58a4d3556f8fc114ba59642d8f9c6bf2a2ba2a6ea446ab01cc6944ee27f75e096d7d57ee14eaf4d13e5a5e355f23091c9f857c33ffd5c3ad7
-
Filesize
115KB
MD533c3faeacddf59e976122c44f9d16871
SHA1421459761e4818a2d12877aeb3b507b8d1bfe3be
SHA2563faabaaf9835ab20677fcbef1e7fcfc93e2b5ae3d3265d04bcc1bcd1e95d4abf
SHA512d62c775dd4b51a929c0b54ef5b9086dc52c5178a6b6d0c4a4fb35f290e4794323a12af40e67cdd61aca81cbd0340deaba4c75474ed1326c21def2cae3ecdc8fd
-
Filesize
42KB
MD5101f2295c59a6c129b95bb68093aed06
SHA112f5843daaf99bdb874dfebaf10660c54ede2120
SHA2569b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7
SHA512f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f
-
Filesize
46KB
MD57a7a882232c1ff94b2d394107f6186a9
SHA1ea6590605d192f49de71c2f65d349236a5b324d5
SHA2568779e0d3ed7c95141d156403a0f30fdf1ed42a318fb415365471a034b394d4cc
SHA512880250481f66fd8eb0a0d836b74fdb531ccaf7e7611c673299976d673295155516fb2ebb919d2693fb9666be65db7e20f680287614b8b439dca6c854d6e7bef4
-
Filesize
408B
MD523e60c8a4c8fb56d38eafc10fa1d0792
SHA131c8ee30cc873b7a6dc2b0e94c1b411751084400
SHA256cd1f992e7246f28beeada6e34ab7d2d9be236f55fd34e24699fea6486f8e614e
SHA5128463be21bd1ff7fd9e03b0106edb8e0dc08eb68fcaab547f5605988e06a998f6fd4e0581293515c46e4c51ad49d5c2ce68a78811514853893bcafa60c2190279
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5a1bb383af304da29c1b4737e6073825e
SHA16bc7df661879b06ddd493a27a451eca1fd853ed2
SHA2566e5cc0aca803dfae609f10733c57625a6ba45ab7b92bf9f20c85eaa5a2473874
SHA512c7d1b885020a27cc3cb085b661253c6263fc8611b45b3f15866b93395d666763ac09f95abc88c0f21147a3dd7197126b68b32944f10619cb56ec3e27471f34eb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5e9cf22c5a9adf54daeb4c080a4ba7197
SHA19eb91e8f430aa30b8701abebb57b1246e9197149
SHA256c15d1a55a3af5ff0efc221e02c7c5b4778c0c0a3b4569f2498db625053daa73e
SHA5122eb864a4bad0d32d890ee5fb418f9d79cc901982b577036d5da645221209c86938223488faf95331f3adbf277190375256c2f5113a339730abadd47e124096ed
-
Filesize
1KB
MD578fa40089dedb929510ac6219e3a2713
SHA1a9891cd7b73b271fb994c5e01aa8e5bb3c20706b
SHA2566c4f8b0145a86abde5f0a5cdefef35e54cc5d5aab0d4806a650a79f77b6f0276
SHA512d412be7804322820acffac57f9f72a83b9a2a726dad6ddb5cfd0a1f9c2ce25e41c2f6b13acfe4514de0f99591f19c06a0c86c644570945325c61694bf41af145
-
Filesize
5KB
MD5c6b612c2b101b0b26fa25b1d6b54d6c5
SHA135ef55d96a3ecd06e96303e2a75ed3861d911981
SHA256b010befb30111ac3c77590017f4625a548522f97c9902f2a3324d9f5e3872f01
SHA512d275268a6aae5570370c80fad755acc190e21a05efd0e6969d6b914ba763dffcb07b76b3e1cdefb1ef481c15f36bde9b8953dc9f207929dc622c7d26b4940e39
-
Filesize
6KB
MD57ea1e7dd5cf5cca818e9e8fc6a2ab8c9
SHA1ef58f7d5a708f154d7b31cc2de4f2ab77ed0ce07
SHA256b96373ac3f444d14858bab95356942b3eac2a048ef5ad9e982650bf77006822f
SHA512aba578f276969034aa069709ca2361ef3576130192bbbf125c1855fe4664880b4aa364699c96c952b360753644fa0acb59cea0020eaebc5f7868f86df74e1973
-
Filesize
6KB
MD5295598c59625fc6bd00d36353553b559
SHA139e99e36362e992bf7e4e4611b8675726f79f97f
SHA256346b64822fa103a88a1da22b335d16c3a93ccf9c3813927b0a0314887f78672a
SHA512b76211fe80771d251630d0b37aa5385c74b45b3bc0cb1e3d7993fa0556ce3fa64ec83d29351065c26c24c28774252d1b81733984c4ca026a5da938d85bce848e
-
Filesize
6KB
MD5ec3c84aed262ea18722fb1c053e7ceee
SHA11ee1b4775b7a3def2628fa569aa33688cdee2d92
SHA25689ae0df3656ff24be4fd291311edcb3263aa74a66ef6616a8b9777c1d59be341
SHA5127b4de8ddc95549f25de0b9176dd573f2327ef446f6c2c4729aacbddf4b841ddf6acbd2dd057bd8d8e98fd5e3426303cc6b9678e0b415212c3125cd4d7f47f98a
-
Filesize
6KB
MD5a26a1152419ec37c90621e22dcb0805a
SHA127b9b05b859379082fbe765291ca8cdd3a214043
SHA2565d0e4f5a211f51bb2771d316e63c874bd341a9de02bd902205438bd0ad4ca967
SHA51285b9feddbc69a2ea8a55032544c12a64781125ca9be6dc9bfa5459257c8af1cb28799e544a5f02d69ed82042479c1026e68bf82f0c3f8b2a6cdbf9a5d4f97ee2
-
Filesize
6KB
MD5d4dc642a0daf2de0e63bbad51cf64a49
SHA14d4afbc9852ba9b5f60b13dd22dd557edbbad034
SHA2567f1940c3ebc37a31afe549460915711518a19b3010e90263c563b0e9a90a8c0e
SHA512304d03a84e457cbad9cab7db191ba69342c15da3f64d8641bf183ad2bd852497a70ca9f414663a1e40f86c34cab13bebe3c6bbd2c4366016f41f5d4e75a49645
-
Filesize
6KB
MD5fa8264f9e8a6e06f9f057b8eb93728f4
SHA19c71650e2cce06345cf99d1593bbb71682ca4e78
SHA25660f9cbd6aff4a9d7e299adac1c0e8b043fc279a091eb826bb1c848d2eb45ec6f
SHA512de89b47b27daa199f1efdf8d2b0db4384cdc4fe77a0477452984bd8f5d7d91176df7fb186ff260b02a84827fade7143933879107dbb339b62f7b82ea75fb944e
-
Filesize
203B
MD5bef57f1fbc7854ea39ce81e315d03c76
SHA1ca0c9daf6f67875341d43ebff9df97f166308ba0
SHA25630efbaaa7b9f87d75bb6158dd2f312855ca107adaa6bb6d63c04f4406e924718
SHA5122f247d586de9a277ed3984ea754bf333e21b3e70bb51e651ed53ee7843089278e0f7d909ab83c1d6fed68eefeeb010323be2865ded022d2edae936e21194239c
-
Filesize
203B
MD5d184ab9f076bbc4f7a7808f85abc9047
SHA14a914586077be52133c620f785a2f550f35722eb
SHA2566e88bba24cfdea18655113cd5bd9e2bf882c08646062370a7f326e45899684dd
SHA51256ab88bf01fb92ffb97f78b2a919143a56458f828beab0d38fa9d5cc2e1d66b581dc12266ec6dc6938c264764ade11ac665fce71702b0f9f969cef08483367bd
-
Filesize
203B
MD5a11d5b8a7507c881a01cf30181aa6afd
SHA15cd13f513208e8323d1c845adb51f91f29ba2df9
SHA256937df2740e1315987e18e4fd246cd5c6a9a8d2352a1671029497c8b3f5db774c
SHA512a07c017bf5967b991f2f3b5ff4f36263ccc28085c9f480eac50d4e59d95562470344f2a95605253248e7e3dd966267c946e9541116c74a47f8f5130696451a20
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD58548f0c5eabbaea3172e90da0bf54ef9
SHA1e5fb4ab2f858423da9319daabb2f91d0ccb6a5bf
SHA256cba6d437ba56fdfb32e54c2a374e6d11da35b96828458148e922662dae1ee989
SHA5124b507b22f84e952fb40e0f6bca88e6c646f955e445ebb57a880a2d82dc29f665da318a93e0fa1a7e199c7235266aab74124cd43f88c2f71bfce1dcea00c9aa6a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e