4b34a7c7c219da36cd8e361ab0e3efaa6f8dc3e07a0379f13c5679481c7da56e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2024 08:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

939a76c1403b2361800f40195e380302_JaffaCakes118.html
Size

76KB
MD5

939a76c1403b2361800f40195e380302
SHA1

27e8acdf4d38ad828699ec11b7e72298d12494db
SHA256

4b34a7c7c219da36cd8e361ab0e3efaa6f8dc3e07a0379f13c5679481c7da56e
SHA512

ad35aca07c92e4303e9b70954ed1bd5f96a03717456876c28c41da131464117e101cd9d5ddf25a21543bb2dd81db2f7f13ee59c6cd961ab2b89e558cfc4595a5
SSDEEP

1536:Ekwgr8VSeO3LBd9qKBF4TUnmiaS6cgRrCV9h6:/eO3LBd9fFaUnm3sV9h6

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
2204	msedge.exe
2204	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe
1068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe
2204	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 4276	2204	msedge.exe	82
PID 2204 wrote to memory of 4276	2204	msedge.exe	82
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 1696	2204	msedge.exe	83
PID 2204 wrote to memory of 4028	2204	msedge.exe	84
PID 2204 wrote to memory of 4028	2204	msedge.exe	84
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85
PID 2204 wrote to memory of 2888	2204	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\939a76c1403b2361800f40195e380302_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80bd346f8,0x7ff80bd34708,0x7ff80bd34718
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6732 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6740 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7020 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8419599673678226709,9040227764308835499,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
1ff53dae34c4555156d935d6455b5e8e

SHA1
7b0d480ae156810635d33de2750d7de405c41c62

SHA256
b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998

SHA512
103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
30KB

MD5
e99f1712e9ab2361d5bdeb29f499183c

SHA1
aa1ad85ed4ca152a807101ebfbf7636c49495236

SHA256
9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460

SHA512
686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
25KB

MD5
651759109c0101a3622ce3e8d4c98be5

SHA1
aa1838164412bbad08112a0895754c54ffd132d7

SHA256
01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06

SHA512
6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
76KB

MD5
1409187e27a8ccb6ee0cedc8775e94cc

SHA1
750c7bffb94e4d48e5f0cbb84bad07d93bc6422b

SHA256
8bcae968bb5b3590368ef1e46fcbe95afd65bece17460fbab6acf988f826a978

SHA512
bd8f6226063a04056f802fe386000057822f34806f192d2e51e3db0d1ef373feb3e12a7099c4911e8c15381066a6596fd5c5e4a3f07502cf3ca65441f1447a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
118KB

MD5
08272e376a1e151fb9441faccd9f4c18

SHA1
5332efe51c1b47dee549fd0c72d95a6763cdddba

SHA256
fb13fa1af1e6bb4c490bed48ec7a0ecf08a9baffc116dc127e54f0a24ce2fb09

SHA512
7b7227d4e76cc43286b2dec11126d56d308aadad8c98cddcb5aaa495fc5a0fa3916c6ae7455700b19cc3e577fd1f7cd207f364d8c4e73e760ded162e1e91f5a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
46KB

MD5
a819db30adde568edad80994df9f7518

SHA1
af3aebf4f187f48df2246056f98ce8167581d9a8

SHA256
395520e363b2f37d3d0fbd1ce60e88109a771d9e22c3c5c7301538ab5a0e5b9b

SHA512
0c3ea96176ac0e96f674d6ad8635ca24177d4c129d294e6a1b0feeb5756817ed466dea109cbd21791f4616d93ff0ba7d52a2906050e857a491faf411ef955bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
b9b7367ffa50fd11d464eb6a1c2dc6bf

SHA1
c347ba90c07e1c980b17ffd61105d860962a3970

SHA256
47ac59fe96910fa6f1e37c23abd34fd9760993747929a5f82c50e278dac6d4ca

SHA512
560801d4ab2020dc0201de9fb26bd41e8301aa1ffdd005380f3a60fcfa0936cf348ad8f0332838a0f4d84e05ace95c7de6a612cf7e91954d2a6b176ac9ff58d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
072410479fab20c1094c8654a966d513

SHA1
64add31866fea097783d192a27cf9d7424ace526

SHA256
24ee49ad5b61db4dbf7572c3f9bb60930648e2de19163650e9df37208caef66d

SHA512
faa6f94630121c2616db01e39b39e4710ec2e6570ac86f16c6ff4353e496f29abd443ae172ebac8cd64e579afe9d75aaf3a393811e3608e43fa3f9c0ce00115e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
db7651c92bdc9cf4f568130ed4928e9c

SHA1
75455e0c219559ca5728811a401f9902849cb85a

SHA256
231727c022905c4e2ca85a8dba73cf33268fe05d37de0c0d823914a9865f3f4b

SHA512
a3f0ce8bd11907c5664fc7dcf76f5a9a364fd924bc155d490e069770b05c951c5ce67a1cfe73cc2cc66d67116fd2bd0d1599d07973ba3c16505741f55d361beb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1012B

MD5
2098f06a75ef6ba70baa14cf7f9e6df0

SHA1
ce46c58799af3de0d56dde7c6a23bf7f3d35cf2b

SHA256
ad058ad1bc8dfad62cdbd2cca286790eaf6bfba77bdc115546c1ce7016c6d666

SHA512
c6305e7ee100ecb422bfbeaaf028342b300a10844a6c2aba24044b894adf3e8c779406fa3668997a19f9ae7fc42a70b7cc086c4792763e5ed6debeb69d967b35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9aa6eb72f6e40670397e0af5d07dff58

SHA1
1d6fac7911b343ba6bea2f50403b172b03fc5c5f

SHA256
6f926b676df51f7cf29e010cf993f9f4cd5b3998cb6326727402d73a9a2fbbaa

SHA512
120ec85b7ffd18f3326c1ba366a1d22e22bab596003c4b436c002275c68c2a1e7fabcc6352bbe8205746637ad052c6ee9910a8343ee798516624510df9fa8618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
21a606d665f2927c19a4b52de3b8e9d8

SHA1
84ec748f00fcab51a8baa1824bd4c99eced73b34

SHA256
dd3437ce2e53319bcc2f876fa3188a2f12338a752f52d7100852164d9d732a56

SHA512
f914b5d8ee9b0adbcbe35feec12510eb4f6217675a3d45e27741d8b72df4ee00c37e2c988a7fd91d323992899813c431bf60ab43e06f54f60bd1247594240541

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0cfc91ea26207489363fa5c5980b0b48

SHA1
a1a0ab5f8cef78f5abedf26cadf3f6ba5ee86d48

SHA256
4666963426e3a6339288d04f0b7cc07e3072fd18550c078465e30496551ca170

SHA512
1b29ac7c42e4d44beacae730b865ee44197a2490fb427ad03202d4c850945c137aaf7074b9a53552492f22643669401ba4a09e7932ac62fdf86422fd09c34cf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1887d71904e123dfc2f734e370d76cad

SHA1
6dd7a8b332a885af66aff7fdb82167ef9b33195b

SHA256
f0bf7c74971caa4f0e25252beeb32965b2ce15e2b76481be2c0ef7f8e4ff5904

SHA512
879d79cb218dff7d4223c5ab5214a44789044eda9b6514ef90b47c1fe9f4976a0e37c3c6da2082582c13c854a738b28db126587f88e6794638b0cd27d69ab302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8671e4eb2366a62ea0968e51bff7a114

SHA1
02ee4d0329cc1defd6086cb8cdb9a5f2a211329d

SHA256
70ad5dfaf0db8dc35cafe184426e5536577ae15feda0745ca627d7ed97de3add

SHA512
5d72ec6b65bf77fa2a7584e03145f48a5a050270d1bb997a33efea57a5816b150364ccaceaaf7fb33f15c87a4421d89197bcbcbd5159075b8068b01e13a3b163

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
55de3cf048b1fbbfbd3269487f993fbe

SHA1
83fbbc733d86c4adf56c4b48875afddb3a902519

SHA256
6d24bbf300ad6273a227c6d775045684f6ea551105c608c1d9dc03a87602a058

SHA512
a7cd4a34e251da408cdf7af03c93c9a18014c411b6fbd429a1ac7db43b937db87b77efbfaa39c8273fdfa8442fc81becfd114f8cee7f1419d2b011bd449e3ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7e22f4581e40b06da15242735defe753

SHA1
1bd14dbfb8dcb1e856eb595584e0d359df02ec13

SHA256
d081aa4b1c29dcaac099a1676aa6310f04c2541df8ab36bc7aba6de5572a8144

SHA512
9af8d1da5f1b998838fabf03acd4ced8ac3e0fc1f0d05409d10c5d340e3e123a5a7d5d7765bcdf09ca132efb586bf4a594f4e3d025e1f53c7412ee3e8916ddf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
cabf26bf1fa95c2d75e4281da1aea38a

SHA1
ee1cf7a736662d1fe1426a42da27d15fb5e8a5af

SHA256
c6c6b3cb32da5572fdd61c0bc7bbbcade4af35a74fa12357ca2b84b2af205296

SHA512
da01ad5086d41df9baea1ff6e4247a230d6644e77ca81fdadc68c3ec3fedc71b32cd537efdfaaa7283b92924fa3e9b7508cd346e85f2897d8712ac5e9781e648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e30b32154d978b53496c7885980b34e8

SHA1
fdd640592d4cb7ff2a7115ca5b62b55701de2ee0

SHA256
9e0edd749be8491777ffc1f58adff96bc6d4c129a01c9f1cd8252a127af851ed

SHA512
b38bced6d1f09a535b2c14ed5834f2bd44b4c3b3a29838a92c89a162e47d02fc8022fb0c85d6c87d1316ab7b621f647a3579b0d37d294da20b05da61f46113c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
8c20257ee5617964f231d4e93876acc5

SHA1
b2f69d8f5fde2937d4020ab139952df467744d69

SHA256
7471ec3d2db5e1f31d8045b6ccc62eb44725d6fb31c2a3bc681616278fe4565e

SHA512
2d5c06fa227419bc50d5601ed4caa6e57eb85494c9a36054e37636f4557355307577f99afd4e6a5d7deb88a7be548d8542a9dab64defdfd8fab9cdac00e3dc1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe586a5d.TMP

Filesize
199B

MD5
a0e7a3aa9292f5c6d40f0dd8552ada9a

SHA1
0e35edc3c73b5ba4cd1bf862c4aa36c0214becbe

SHA256
366dc930343a360d3ec319288b3676230e3a9cedf87b0c0504823163f3a0bd5a

SHA512
c3ea5e70a127d0b94685af0cff0c34f5ffd49ac1d2732004b2cce857f616a2412ac7d96b326e64d0a6bfd94bd5f2d1de9163050c3542f3d2f0b03597a5a8230e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8bc955d584af301fc549ca0d03927030

SHA1
dbe1282d34c6f4ef2bec39fdf29d52cb0c0feeae

SHA256
3be7f6f6aa3c7151a4a1017518f6597fbab85ac2d812b31f2963b986acc5839a

SHA512
48ec3c3a58e402c72bc9d01c4ba80c975c93ac262809d23790993a9a00f281adc8bbdb9bad25cf7a884f1653bda5757e8f6e0f911b653231a5dc8e7b3aa0b659

Download Submit