Analysis
-
max time kernel
149s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
22-10-2024 13:24
Static task
static1
Behavioral task
behavioral1
Sample
6aa93b2ea860efc8b58f880706fdba22_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
6aa93b2ea860efc8b58f880706fdba22_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
6aa93b2ea860efc8b58f880706fdba22_JaffaCakes118.html
-
Size
245KB
-
MD5
6aa93b2ea860efc8b58f880706fdba22
-
SHA1
022e5fddf89392972a677e040391b8f206903dae
-
SHA256
77de49d10cc69673f99c73f1b7885b8029232d9c305cfb36af09b1964ebd960d
-
SHA512
a15935367651bc4214e1838f232ba69ae8ebbf5b3a1fbaf93f2ec615f378a546ffb6ae4b31159f82527d3266be846cfd93a01493f2261cfba40438fd293b6d35
-
SSDEEP
3072:e5Y8Njz2S81Ep2u/boSEmRdsJrQo+mhseroQlgjWb9DpcMlkeZAalXJ2R/I6t5EZ:v8RGSEmiQo+mhserNthEYZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid Process 404 msedge.exe 404 msedge.exe 1168 msedge.exe 1168 msedge.exe 2288 identity_helper.exe 2288 identity_helper.exe 5700 msedge.exe 5700 msedge.exe 5700 msedge.exe 5700 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
Processes:
msedge.exepid Process 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid Process 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid Process 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe 1168 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid Process procid_target PID 1168 wrote to memory of 2812 1168 msedge.exe 84 PID 1168 wrote to memory of 2812 1168 msedge.exe 84 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 3064 1168 msedge.exe 85 PID 1168 wrote to memory of 404 1168 msedge.exe 86 PID 1168 wrote to memory of 404 1168 msedge.exe 86 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87 PID 1168 wrote to memory of 2396 1168 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6aa93b2ea860efc8b58f880706fdba22_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1168 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb346f46f8,0x7ffb346f4708,0x7ffb346f47182⤵PID:2812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:404
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2548 /prefetch:82⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:12⤵PID:4668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵PID:4044
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:4152
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:12⤵PID:1508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵PID:1492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:12⤵PID:5028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:12⤵PID:4084
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:12⤵PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6388 /prefetch:82⤵PID:1416
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:12⤵PID:4072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵PID:4964
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:82⤵PID:5060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7336 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:12⤵PID:2804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:12⤵PID:6096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:12⤵PID:1536
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:12⤵PID:5396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:12⤵PID:5276
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:5496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,8648315060940231110,13198268672593398100,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵PID:2424
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3176
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5000
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x370 0x40c1⤵PID:4876
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5680
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD599afa4934d1e3c56bbce114b356e8a99
SHA13f0e7a1a28d9d9c06b6663df5d83a65c84d52581
SHA25608e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8
SHA51276686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da
-
Filesize
152B
MD5443a627d539ca4eab732bad0cbe7332b
SHA186b18b906a1acd2a22f4b2c78ac3564c394a9569
SHA2561e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9
SHA512923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d
-
Filesize
19KB
MD58bbe477bb3173a6c2ddd4a25d1eca249
SHA1308169a262eecb316e056c94acb0d9a774e0c250
SHA256c0b6b6b634eaefd55fbbdf97c243d79cb6f2647cf901c74d7e8df39565a07f5e
SHA512c9d4194cc3a1ad929bb81652e8ba341b8ee28176b02640596431449eceb61bd6c6939b33c16f504e03daf5d90f286da0e3b1b82ae8739ee1a78ee19e1b22277b
-
Filesize
32KB
MD5dc8c7092c6366ba7cc8f3e317e9bd170
SHA177a2507044c17599c9548e5b6c967ed46643bf3a
SHA25693fd1b31d4e1b3782528056019b8ab02f0e1fdacc7cc7ad8a3d5f8d15a3ed021
SHA5129aa9847c60f9f0491703d374b6f5f81022ebd73cda8bb8a03ee55d71258eeecf3815428e3e71a2e25448f780efa097d1e097e8b65a41d69678277dfa3307fc2c
-
Filesize
42KB
MD5101f2295c59a6c129b95bb68093aed06
SHA112f5843daaf99bdb874dfebaf10660c54ede2120
SHA2569b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7
SHA512f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f
-
Filesize
56KB
MD5b8ec78bb4e16e36b4c33cf015b97bc25
SHA1b3abaacc58ac0883555e56b6f4c41505bac740b1
SHA256df39552da32d628c1bc5e288c1d2c01d043ebcc56d4b9cbe7adfb9f798941ffa
SHA51201c6d82468a436a2b32f8121fd569fa5009233cd2628b8158f68a16a1228990c7b1f434496fd68d459f6cf84f47bb9570815e2e19fb11d5aadc4c7d4c6951464
-
Filesize
23KB
MD53035e2a02940ee3c5dc9839419e0bce2
SHA180dbc3c4b3481873283bed088d5c35fa7f0eb4ec
SHA2568186c075828dcbcb36bd940bf9cd681eba6872e49a3c23fd7ea6a03d24cc3942
SHA512e20e6ac8a0a74c161348bef5b69c93ced4892ebe5cd35173a057fc7eb7f7e958290fcaf22e10413c4d6b442d33679eb82f26cb5ca4f252984ecc6f0c4b179095
-
Filesize
48KB
MD5070a4ed814a1eb3ce6f40d5c5f095096
SHA16037b9e6e679b31ee5f2b28b5cd5cb8982bc7048
SHA2568fb466b37ad64bebfcff27fd80f4b50818ad5fe6a12b0a326c91e450a21ccfdd
SHA51244772a053c1009990c24b654e6da16a99f740c3c57407f54efd3b570d0932565b6faa5af19b094ac58b27a5def4f41c2d191f6dad1e185e168f4a0acdcef1686
-
Filesize
98KB
MD5c94f545b30412bd8e2c80c5d5880cc68
SHA17f9b2d2f067ea2806d8e54de365db753b920bd8a
SHA256c673a928541f4788c7b32c813821825e57c50059c4c5eac61b788fc62f06c441
SHA5124ee4ca26e5e127089f9eecde230ffb979f5c2d37154bad1bab7387ca67d98dc05c027e63d2835d2a3637dc4c37ab0dc1ae3992188fee488cb761afbed7289254
-
Filesize
211B
MD5de756abde25fe331bce07462b2dfe1ed
SHA10bd035e80ce3bb6b88c8c4719a065c3c0595d020
SHA256e1b8a95ab8d0e508137d563f0d2da4be05210c553f5f52158d96bb05eb553692
SHA512a7f26402d53f5e4bf250ef3aeb515dd8244a43047fe21e5d4f8d8301ecc72ddcfffeb90770b9676ea9f85ae450a926ab79673e0d7696047bfcb6772ec10e3143
-
Filesize
19KB
MD56f58314a7e81c823c954e53e2db9d785
SHA137d6fbfb0f3947964be29d990dfbea989805cfa7
SHA25689c9a40ad72736a48c6a7aaa0253aa39cfae0f8880cf2ddc8ba0c66de91a9816
SHA512af0d7a133fc18648f3ae16e87b5295b459516fcd673e5d8246a4a1820382cf8c2ea836861e4745c433638ef198c01ab47d1b0f7240cbb0c9c94fac7aeaf2ac1c
-
Filesize
211B
MD5b7e96cc3ab501c3caae81aac369d871c
SHA195280c91ef177b6733fbefed062dcae95e48c197
SHA256b77707d885743a9201433c4e436314921c1e8157ef4229b087d4456c8048fcab
SHA5125064d085626260b0abd08322813e6cd7e4f59b05d90b3a291121100d1c2222d278e422f2f1f041f08c98c83ac9636c0b7fb5540065d2fb71a8065ca86ea83695
-
Filesize
26KB
MD5cd35f463a795766c43f0066927297868
SHA1e6a39804f06d709fd015fbf68039e7283b9a0be6
SHA25659af92493648bf65955afa1faf511a240a1693c75695728d9f8996ba3e53aee4
SHA512224389a8f24b8c3637d64e8c5556912923cba99753b06705741973d46438cad771289c3e364db913e2e67b6a8a8cab768892ca8e80f553f9c2308717f75cb54f
-
Filesize
259B
MD5e5d0b0018184989e136373e3be86009b
SHA1f13aee5ed74311617d09189c17b08ed97ce88345
SHA256f1031e0b2ecef22062d3f7c7092f175c3fae28163fb6b82d3e08fb5b309f4d5e
SHA51278386e50bd814095ce4f210c6b506950a42661256ad91809f185ff780282cfcce98add3823e9a580a63e2123dd99cd530d72d979d1a820927332e1c781614c24
-
Filesize
148KB
MD5c3701c66dba627271bc5fe1bbf62ca47
SHA17e524cd3be8819ca09bf88223d0cd29c502b274a
SHA2562893e343b0c1f2adbd771d57642f4afdc770424e967e2b21993ac3aa767db530
SHA51264ba84005cc59fdd5dfc1d10d6e6e41366765fe3f93127836fcc11ed871a1fa88fb4cf26f0c6d04fb1e071e090ac3198dbc43a8ca5d2f4bf1d7c9839b1937fbb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize768B
MD53b4df40ad5aaf971e88a3565b0a0ab3f
SHA1f2b6511ff28b29f48a9197be0e231ead742f0277
SHA256c43ca2a789b9d6e9f1847c577e248b798e3086d0e6ce0a784a032b4bae66f624
SHA51298ee32ca4b98fb12181ec46155816032a878e2f209d6f2be39d1a72d366b26f4461ddd357273eded10431b562835ea77d44fdd1f886164a415c0cc199f17cb8e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD5cba6716c56d9a4549a07138f9562d82b
SHA16871d42bd4adfd6eec76c1c787ae687cd2694e01
SHA2564c8959382368c846f8106b6c16152a7851375ce973967b6ce625647b2b3bf561
SHA512a07dde5594e126ceb7b63ff981340ff042e900031c89e1f2f173cc5916c45954d4d3ba23d7c401b9e6b59888ac5806871803113095baa65591a53cb7e9fabcd1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize648B
MD5924506bb4fec00700cf741b48dbfdbc6
SHA1c47a6316211424c59db94b437b39671195745918
SHA2562eaf4340e18b547fd743009c766c36b8bfea45c031a454444487b4396445700f
SHA51279cbcffcf0f510f11f903baf61185a9f72a59b0f00232b7a7e63eba4d048095215efb24c1527fc1f19931e7bd5d6ea9da8a2ec36bd018ebbada21420aa6253f7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize96B
MD5a3aacb0e67f4f08c3d94f29665ef1072
SHA11dd976c26c98394c03b118f4adcd2ae976cc0018
SHA2565d87ee3d983582eee655b6255d7e4f433861c15091a37a5903a3a86e2e3886f6
SHA51247e754ceb583c1d9ac45bd266651cab58359e66d8298feb4a97481b590c46a2fc20fa66b83ee9cf91707a05bd656ec2e271eab04f927ec7b4c308a7f503ff45a
-
Filesize
4KB
MD590068237de32546bbaae7f95925734ff
SHA1f6fc27d186adda04980501e86cd0360dc819f431
SHA25697e1f2bdb4215259bd7d487426e343ac95fe33846d40e24f44921a884734f577
SHA51235b6db69635f210c94254c8a13829571203192611137e0b54bce380e292a0961954f6ab852affc7e1ced5bb01dd6206228503d792ef4edf52eb8240d247ba3f4
-
Filesize
6KB
MD538395b9861bd78a548e87fcc43982c18
SHA1bfb97387918a43bef44e63c19e31797a6055fc0f
SHA2561739c8cbe74e03eed31ebf7645ad384e13c2f295cdad025a5f951a0cf527aec5
SHA5128bcbdf6513451da0f5fd4da8439175616da0499fe76daed35ed039257e1261f996d8bb782d4ff32bb53223fc0296c2c6e209744b8943742bb85134bd16535823
-
Filesize
5KB
MD556cd9c3d1d3a488bfb5c6734ffd1ee23
SHA1bc7ac270f17041d2c3eaa628946e1d0ff9c9e9cd
SHA256b76335dcc2e764576ec0c93aa4f08b6929d500fdece0bf931710c9facdea7773
SHA51245e09fb9e24a9ca288df4d466d987be55784a15f2d50f94aa12388bd23947c59a5450fba2de25508cd1bdea035fce1ea78f78444ce2c9dd527d37c7486357fab
-
Filesize
10KB
MD58ebb0d042dab192913d9507ca6117607
SHA171e434310e99fc0cba81640121dbf95d3b5cd25a
SHA256cbfe88050108e9be25f54f54597ce6fbe78f34860908fa013cb5e796f6228354
SHA51289a504c3ad37d6d7df9dae2c502881a791f4f7f267860ce3cf3c5e14df56f0a4d0aab72ea2d32319ab78fbd7b4f2a1dab4a57d49158460879eb21828611ccaa3
-
Filesize
9KB
MD513f199e43fbdc44bca3c4ffbde78a47a
SHA1acadcc929014c7086aaffeba45a32615e7605d2b
SHA2562945f5357da128091983cba8074e1d414f4929ca3748fc09c5794c4bd9a5ad92
SHA512046734a52506decc573b78bde78ed12925c409cceb4d584fd739dd173fbf42b42f8ccb25987faaac6d90a44bbc5f6b471139229fe0310a126cf04a5973a0f39b
-
Filesize
7KB
MD5462f45328edbad93f407ed37cd71135a
SHA19906c387f7391303d0dfc46e02f1f3fb60cc9999
SHA2568d7206fa5a216d7d46af96effb05250ed4dae3e34ecf86139932f943d6c501fa
SHA5125d9185a9842b21c5ca2700ac55ad5af74e649e8a9001b810544ad26f11cdab518e7df4bcc1ede5dcf79fc4475a5041ab8fe6aeeb01236731a3165da181e8b14b
-
Filesize
8KB
MD57314bffcf4035c87593bf24623cbd52f
SHA113d036c1021300f6e180c7c167793e741bc6ad5f
SHA25617c6e8c79ebf4e85cd8216c69abd7601c46754af1e3be934bd4a9777ce723573
SHA512ab963e99cf2b4373472fddb477a1bbe7cdcf7cbaa7c85d1423aafb8bb40fa49ca8640eb6b91afd93ed355e49883c9af61a24c175a281b8437539c07391b38d12
-
Filesize
1KB
MD52156d6af7116c3d5c78c02309f1d32c6
SHA1dad201e6236c89a1b4c6557cb2d13d6ec1e61c9a
SHA256e8b8c2982b089d829a2df0a6e517535dcfd4b942f4228b62a819f00f9c6a6e70
SHA512b459592411a09fcf21cd703d129378327d2029a4c4e287e4d64146a15d67c28571e6f91a4f98ce86d112ef456e51794a6674f9f9ce39718047944dd88a7c5f05
-
Filesize
1KB
MD539cf0e5daa46c5f527c894196c987d6a
SHA129d73e71364a5939d1a92f23ec96a42a87eaf374
SHA256aa9c3f98115764214c9c4a46e11e87b6d2e11b38ffd0261ec924a3689c9b1063
SHA51285c28971e522b868305d7b9a5c4371d00978f7eb699a2ae716e62a117bf180c3270365f060a8a5874ff850fc280cc1a2f8ba2508f8fa0f6a9a65e9344508fde3
-
Filesize
1KB
MD5567e5254f700234d5c9b83f012512d5f
SHA1d7315fc8dd3f6d88f59fd10958f551b1c3242e59
SHA25686934a448c4f33f3eea532a3be3f61bbc93ae243e65cf9a99e7893aaeace674b
SHA51268d275320f8381486d630caf149ba125ea6508d385241535d83f539f09c8fb51482ce8796f828405adc8e2784f5ff62514e30ad49fc695b9349c1b0bb5598112
-
Filesize
1KB
MD5b6aa6133a562df65fe543ebd7d73dfd4
SHA139c478852916abeadc1a3614cbb513caf7cf5dc1
SHA25664ce36395a26828dea041988a92ced9a9f280b46b06c3ba068abbbd220af8a84
SHA51285af369a2cb79772474825e002c9ccf9d5e990936cea28e6d335ec12a806961670f44a086a902fa85ee0b2cbcaa18b6621b3221bc13ae5311054d5e4c1f39b51
-
Filesize
203B
MD540b934c5a76083f8ade5cd6dbb695c3c
SHA1f2cb649146533128fe4bdcd096246855ae25a092
SHA256e658346759a3d3eca5dcaf60ef3cd20aee10c65693f74d500ee53b280f2479d8
SHA51271f2faac6273c2c652eebf67c3add4aec5b5507ee4e3bf0985c35119a9270e66afe56ec27108bb3bd1691e6bce60d31f306e19973f4c829b59219b41e1663d2a
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\debb5687-e1bc-45ec-b7a5-fe8652cb7fa7.tmp
Filesize1KB
MD51f8ef5b079af90c65dc4542fbedc356a
SHA1cb0b1023193aa0a3352ed931185f0564a6eb2f6c
SHA2565550040e76664e1b65f9aec53e6e14c01c8c18fa56b7a920a1ea3c68ff202a25
SHA512e641786a865201469ed955203430ea4d646489e1adbc7898cd40fbcaed63fa89e4a267a53ea190b5b3dcf9ba887cf4ade3ef8a8e133c1e758177f000aa2f03e3
-
Filesize
10KB
MD56ca67c5d471455696e5b0e278106aca7
SHA18c22d144545fe2eef750f1361eeea78cf5ca3f36
SHA2563c8becc01efcece46b1065040cc6df91865d1219aaa8a9ddd97d06b6c0b7f959
SHA5128b650e659c59cb851a0f5424ef571617b420b28b2b5a78b3b9cbc4816ee58bd34e53f028f1b5f4f9a2b9357bf9eb84a049afc19930ac86fb91ecb9898d67df94
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e