Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
03-11-2024 15:45
Static task
static1
Behavioral task
behavioral1
Sample
8c3ebeb4add7db229d127d3460d24213_JaffaCakes118.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
8c3ebeb4add7db229d127d3460d24213_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
8c3ebeb4add7db229d127d3460d24213_JaffaCakes118.html
-
Size
76KB
-
MD5
8c3ebeb4add7db229d127d3460d24213
-
SHA1
1c2cdef7f7c82fafec57f115a8f164a18f173df0
-
SHA256
bccb1e8d86dd25f067377208f407952eb374e2c4a4dca8568e01f5410296f2fb
-
SHA512
44a27dfed672b2cae19aaf4d488eb9de01696f4a1ce77f4b0c34cbb1eaee25fbd36a7400c62fe50a3ef4b66fd6c0b392e67c5fd0f5be2c1a8bf64a67ffaf732a
-
SSDEEP
1536:ESwgr8VSeO3LBM9qKLF4TUnmiaS6cgRrCC9N6:feO3LBM9ZFaUnm3sC9N6
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2504 msedge.exe 2504 msedge.exe 1840 msedge.exe 1840 msedge.exe 440 identity_helper.exe 440 identity_helper.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe 3676 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe 1840 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1840 wrote to memory of 116 1840 msedge.exe 84 PID 1840 wrote to memory of 116 1840 msedge.exe 84 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 820 1840 msedge.exe 85 PID 1840 wrote to memory of 2504 1840 msedge.exe 86 PID 1840 wrote to memory of 2504 1840 msedge.exe 86 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87 PID 1840 wrote to memory of 3092 1840 msedge.exe 87
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\8c3ebeb4add7db229d127d3460d24213_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1840 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcc30c46f8,0x7ffcc30c4708,0x7ffcc30c47182⤵PID:116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:3092
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:12⤵PID:2396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:12⤵PID:5100
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:12⤵PID:3912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:12⤵PID:4604
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:12⤵PID:4728
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:82⤵PID:3320
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7136 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6264 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:12⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4040 /prefetch:12⤵PID:5288
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:12⤵PID:6056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:12⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6568 /prefetch:12⤵PID:6080
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:12⤵PID:5144
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:6036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:12⤵PID:4440
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6596 /prefetch:12⤵PID:932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:12⤵PID:3588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6844 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3676
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:12⤵PID:3784
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵PID:2448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9499577558151131116,10765571950208306154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:12⤵PID:1536
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5104
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD585ba073d7015b6ce7da19235a275f6da
SHA1a23c8c2125e45a0788bac14423ae1f3eab92cf00
SHA2565ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617
SHA512eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3
-
Filesize
152B
MD57de1bbdc1f9cf1a58ae1de4951ce8cb9
SHA1010da169e15457c25bd80ef02d76a940c1210301
SHA2566e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e
SHA512e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
61KB
MD5468446a7240461af44b59ebb2047c231
SHA147b7c525dc91bece99df0c414960b9490b986ba8
SHA256ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8
-
Filesize
23KB
MD5beda68c7227c7a5a9f974b1c74d257a0
SHA18a03576d27c23e9612bcbb5b9e758e4535ee4c81
SHA256e9b270df7c8655f05f8336e4897debbf71a38a69c3030f33031376b4257addb2
SHA5124e178897f5ae13f1cbb2b374918e22b5b281a78e3362fd6125701776c8826956c06153147840b52aaf4316bc8078059f83ee4758d84cde70190bde8f1f36e619
-
Filesize
30KB
MD5e99f1712e9ab2361d5bdeb29f499183c
SHA1aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA2569d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b
-
Filesize
25KB
MD5651759109c0101a3622ce3e8d4c98be5
SHA1aa1838164412bbad08112a0895754c54ffd132d7
SHA25601318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA5126313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4
-
Filesize
75KB
MD517dc0a50c8946e93b5343d2016673969
SHA13d63cdc50b1fbf94e3f9fd4f8179dd8f36a32e03
SHA256a41c9b0891fb342c3e0934ff1bf580f59ec60ac680aaa6849b6e4126c641e656
SHA512b962abdcf1e86f9fea381dcd336927ce38611ba66e764f073bdbdae5071e0c4957effb434e4f4da06dc98f9a4c51bc29be2ecd351cadb5cebdddc3f9bcad685b
-
Filesize
115KB
MD55a6050a7b3a82e40b0778ee05e68dbfa
SHA1c04b45d34b36ba971590dd5b7066e86103cc7a72
SHA2562dd0d757f0c42bacebaa7944afe64a14b7cdbece3285e8c697e343d6d1e20901
SHA512fd778f6ffa09892f18d4c477baf386b15fe875c4a4c6c3e23865e7ec1829cdc4a8ae6b8a426d6fc5cf8638623670d1615eda00f844a1280dcd5301c1e93fd86f
-
Filesize
42KB
MD5101f2295c59a6c129b95bb68093aed06
SHA112f5843daaf99bdb874dfebaf10660c54ede2120
SHA2569b59525954d9da17ff56cac0c0cda55bb6c4df6b7550fe68565fe0d24a963ac7
SHA512f5e54b7609a1884253f1d05d9245def95b3721e1163ddabb6d32f5b31f824a218c60533eef25a6f91d8ae6fa314128ae258fdc341cf9a4f36bf378e874b5277f
-
Filesize
47KB
MD50899bee0c54a842cf891874fbfcca00a
SHA1352e9ca469f9bf7b4c2b6950348586db06330b53
SHA256ab25b3c8d7c820971ffa5ebe4cbac43781ca52106faedf2eeb3ec0cf4ff52f90
SHA512e16547913b47278d676624abd9322330968b68773b82cbbf95fe685f0fc75c956c7724b8d74737618f712bb2153dba71e5abf41d79e7501b420e7384737b7c30
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD535d09a02707fca932243757bc5dc4d4c
SHA19ab32ef6989bb08d8d3d92ffc69ec332457f7570
SHA2564efea6719c1cedced869afb99e33f0b26dc18a4b821d707e5fb9ccaee08e7956
SHA5124a94a6595db8606afab218b1e5d70d33dfcf16a5bb442fc831a7dc33400235a5b12b5b3c0b1c1956dcb8433fa982b92e104a2f73f2fd58758d24ce4b2440bdff
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5de8478bab6084f611574c142a90ec224
SHA1586bb996ab87d1a5eab12cc09d8dbb1fd5f98c66
SHA256faee01fbf15d1c8c655777e5cadff770ce4f04c1ad9b2d99dca8fcdc65daf34c
SHA512fdc4096fa5dba8e7d4710616045b0c820cb444b6b968a12070323b5b8c36e5ce1f7f5d01f83d3cd3a215b8aad04c522dc9f0dea792f971b40e389417d19dcd6d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5ced8b97bdeaedaaa09aa8f17bf5119a8
SHA142a32d7418432795a083ac941a07d169eada01d5
SHA2560e3c3f9471ffec3eb18991fed35c739694c335b322b039bb5288334a363f6bc7
SHA51269b764d745cc104d2a7f159789043295a5dc6903ce50651ceb7216a3afeb5e6a34f53e02c429a9c443d733d5f06030036647cf4e4d015f4ca50170de5d33b24d
-
Filesize
1012B
MD5d88c2fe37fce8e8f6cf59e89a6665273
SHA1e4276a3037b1d58e5315e43f45e39648fd1152aa
SHA256e3818564827485eead0113a862c3255e58a40b44f025a53be555fb750bfe4192
SHA512348da0e227cfebdf7725c1b60237ac316f05f6ea6a39b227bdaf0f66bc00c5021ef0a84113a41c73d2945caa1fd314185a457b1afdc48922a45c7b4b48e7a2fb
-
Filesize
6KB
MD51b2ed61f8f2a90af2b875cb6bfd80117
SHA1ff1217ca96fcafa56fc454f5113be2d8f607a8d0
SHA256743a3204dc90f299dc3dbdae0345739f994ef557fc8020ecbb92847c5a74084d
SHA5123deb77cc003a14c93166ee6b98946b4dc12ad4666d8d169f2ca357072caf75ee4edb63546d38d3b9d97d52d34a0061cfe1bfa98cb78f76e51fb6e1ae085b5752
-
Filesize
5KB
MD59d214fb8caf3c356d118fafeae422f13
SHA16d11099671082ea03b970cf979aea8da7de5aaba
SHA2569ea1b9979a0c5d948a6dfd812b81adcfd2b95a29b1fd26d2ba58fb057d886e86
SHA512ffed3e15801be86fafecf850c15615d28af7c2fa68e903492ec107f5b5b1a55831ede922f4320e1df8829ae3e4529510307495d2a5a86efdaf57069fa0a83c5a
-
Filesize
6KB
MD5476aee994ad80b4a43192f4be82a6fba
SHA111794f7ac70b6d8966d8391460428d1536ccc6df
SHA2561cd538ed14b816209bd8e2c16e96263519f6b146627a2b398082995fca508b68
SHA512a95b92bb09a8ffdaec3a8bbd2105ef90fb28a02629b7e091b68e9359c7fbecb82011abcaac288f6d77f68a919a5d6b1798dcb486b5333e47db5b697d8f65f4b6
-
Filesize
6KB
MD5e2ca5d4a47ab972c27694095e19ecaf1
SHA1593be278b2b9e08112be91a64808b5c746a8776b
SHA256301b1458e36633ae05e8fb1608fc45bf184678885ebab0ffae9c9f21b3d4c2e1
SHA512dabdd3b21ded734a58180e8dbab4607a80d5a0d7d638e931b18330d895d2140e633f8eb0adb57f97dc5cace3da592011c29fa7130ff9cc635afb2349464f6b5b
-
Filesize
6KB
MD57953abdc1b0f21ed24b08f608af01a3f
SHA1ab3daac9eabb996699e773d3f5b74c5a8dab2d84
SHA2568cd90725651f946cd6f3960edeb35294febca5583e0569524f68962526acd5cf
SHA51230a782c67544b3e504ddba4efa142a259906f217283aa2428e9f2b38a5771bc12b3face7838ec6dab3eab554e88a5e0f003e244d2c9901758f41ed0b8c88149c
-
Filesize
6KB
MD50c058bf8ac981d16e62c9010fe261bbf
SHA19df057015c212fd6ec2f33a2fe214cd35714f666
SHA2563b961fc791c9e3b3b44bf9a8e3e36ee0e1083abe5b014f9f18e60ea96d3517d5
SHA512314839aa9cbdc2b16f3858030d9c3a0003eda27ee0b0c69fae3eace75b7c852ec5d61d4454c178ed95b3278fc15395ca17b929347cf186d569b2e236ab8ce807
-
Filesize
6KB
MD57160a140b75102345e6512272b185192
SHA1a6f45849775a3f65b2aa75029d0eabe61cd75b7d
SHA2563aa0a236293905d3b62b06053dd35dbb72817ba4effdcef608236e0d598bd78d
SHA5124e26249d73176e98546f2a502b37ecb19c6e014831e0234ffd765839648f73c2b6235ab976e7bb5dc17c91b57138a64ad18745b3c15960aa0b580c622e816683
-
Filesize
203B
MD5dc5d9a09dcc95241738d648fee7ab795
SHA165e2d859718067be01dc916e8d54340383aaa6c9
SHA256f3f43f25aeb6c54eef0255735e28d39cb14d737ad475c1714b817cd20e163435
SHA512d2e9431011992177a2abcc76003e89f2529e9834d8c9cdbbfe49a55ac0843370b8042b031bafdc5259f6c8b2a01bb72f13afa954a3fbf80075f0081b389197f8
-
Filesize
201B
MD5cad2f05525ebb16e44357af28ccb2152
SHA1051fd70c2a823a1ea45a11b1da86bf813ccdea9b
SHA2568797250db098bfb515adaa5cf82a798286723c7fac058ced3a2722598265cc0f
SHA512bcfa3a3c8bb3f040a8100a5c8d977d1ccb1c39fe7eb059c3edb8eb3d7d398675480cd6feab99caac370acb2d97c65a9cf7cb07f68dc12b854420c28d7c2e1b72
-
Filesize
201B
MD5ce1107a60eb71406c18663823f50a030
SHA11d343c4345e91746c2f1243b06da176040274443
SHA25608c9922d3945b1885ea1e2048c09d12965e85d5843ba30955d26548579dd7eb4
SHA5121eed1ab2755b01c3ac85850c4cc0c0458c1f44cb269aa551555f50003ec388228f8cb1a41b51ff4a0bd85916fcd0bff1059088ca042f534d48ab77fb98b7cf25
-
Filesize
203B
MD521803cc85d629d0bb45e289eadda4a02
SHA1571582438d0c90bda7761f760781d2ac3d37ab1d
SHA2566daa5542cefc40b3a4cb9b0a5c5a708ee83dbf84fa0fa975862206f10c657552
SHA512c5953c274ee48c3926b23026185996cf049d3f32c6d813a6eba053678fa868b262a9b8a7b249e8d1b5d06a023c9e2458bafe92a3d8928b7ae6e8dccea5a3ae79
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD57912336709c5479239f50b167648cc33
SHA1949d3bdfe0f6c0d909ef950ae600b1ab51ce896a
SHA256c57c53048e3c560fee805584f0aa7e5d7f73bd6432775af3fcbf57ae08a5e4e1
SHA5122552954bded8b8cdd7ef3dc672e788f1dc9f48fbe96182524e0916c00d59eefa68ded25e06865b27692c2995ee9689d7c325443d309f7b59180c7f23f3489bb2