99e144aa36f4c793d95d1172ebd05fc77027be34001c5aec576525c4790f85fb

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 04:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ff3b02b19d906e135597f691bc71cd4_JaffaCakes118.html
Size

75KB
MD5

9ff3b02b19d906e135597f691bc71cd4
SHA1

ad05dabc6f34f0a560efed51a7194c0516d7bc0d
SHA256

99e144aa36f4c793d95d1172ebd05fc77027be34001c5aec576525c4790f85fb
SHA512

45cd723047f681e461f0f9cbbff30f60cfac542a664ef9e090376962fa1f0001ec6fb3ad9b9265b1506a01e0ae4dabfb251b0f6e2ae1347595b205459e846b58
SSDEEP

1536:Hwgr8VSeO33BsFquMctnmiaS6cgRrmg9yp:DeO33BsFRnm3gg9yp

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
3004	msedge.exe
3004	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe
6068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1092	3004	msedge.exe	82
PID 3004 wrote to memory of 1092	3004	msedge.exe	82
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1640	3004	msedge.exe	83
PID 3004 wrote to memory of 1884	3004	msedge.exe	84
PID 3004 wrote to memory of 1884	3004	msedge.exe	84
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85
PID 3004 wrote to memory of 2400	3004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\9ff3b02b19d906e135597f691bc71cd4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffdcc846f8,0x7fffdcc84708,0x7fffdcc84718
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6516 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
  2⤵
  PID:5604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
  2⤵
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,7175277898437250274,2337866004183841381,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2784 /prefetch:1
  2⤵
  PID:3572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
1ff53dae34c4555156d935d6455b5e8e

SHA1
7b0d480ae156810635d33de2750d7de405c41c62

SHA256
b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998

SHA512
103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
30KB

MD5
e99f1712e9ab2361d5bdeb29f499183c

SHA1
aa1ad85ed4ca152a807101ebfbf7636c49495236

SHA256
9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460

SHA512
686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
25KB

MD5
651759109c0101a3622ce3e8d4c98be5

SHA1
aa1838164412bbad08112a0895754c54ffd132d7

SHA256
01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06

SHA512
6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
76KB

MD5
370efdc66d9c25454b6930b4ee1fcd8e

SHA1
ce84fe659fa4278787757ecd383f398c5e4a4a94

SHA256
3ac16f2301bf7bbd3160bd361cee1da4bd56651de39299be0bc6feac7675a83a

SHA512
41085cfe80b559404c07af3f0c9d47e78302e78de7f247910d42e48fa11fd5e537e3a24cd9687711e8fae00b5e72cc6ef13887284d9779e6e65d6973876b9287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
118KB

MD5
6a468fec8186c39967ff0f119893bc8a

SHA1
7860f106a9d5eed3f251d81051c02b744606cf28

SHA256
26988455f821a12110332ad807b830fb8740e6a4a716a94e30cbf1401e036770

SHA512
534fb6776721c56d3c8a17b3bbdc6960bbe4b553d47a8f1e6e513736f1b749900479063771e4d529376c625686ef5566af95384429fe9ee5319d1c0ef88ac899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
45KB

MD5
79c55102491a45acc28486b6d606492b

SHA1
1689f1a5f433e46529a9dfe0ad9c80d20c46cb70

SHA256
0752ba605369b9e24001686643a991114199d0b477e661bd0faef72f63cb9521

SHA512
5bf8666aa20df93e69affeb9edafb988cf57e9f738c9ff94db227564c2ec1e68d963a336e8dc27e54ae60dcfc1fafdca46f326fa80b3e3faf76e305ae781d73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
66260df7e54314e9caf1a4a175ef889f

SHA1
5d6dddae8cd971e6d15798a39212a69e47b5b05c

SHA256
8e798eab88dcc424c12f0aa5483c178b8260fa284983cc56df53950a0263c808

SHA512
fd9152dd1a3e03eb1dbb245907c93a78dc7062c5ee197089653fa628301cbc22adb0ca1e7f7f13f478627a6a9458bc6c4cd209b571b36809bfa42b37f71b1aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
8d4405df27ce9ef5fcebb6a464a890f7

SHA1
07703a5176ee758d2db194c76ce6834948881a15

SHA256
07404a6ef824e04f788d908d157911a86f1af7d107e71a80f31521236a5d76a0

SHA512
59d9086c98d854930f8fe49d72d64e5d12bf0578b563970689e892f66719698e81eae100aed3112a62cee4cc6094afa353bd3efb0eb410a74a7adc2be8a468e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
b6eb2d557a6e9d333f33a2b6e38d52cc

SHA1
1f874048e5c8d561f0b472f2d73055ff14e7b466

SHA256
e9bfb59906a9d08db4a3ffe36de5034dd3d17533b565d65ec56c6235d8af2bc3

SHA512
5f35b7125e9c522175c705ae98bd082afeee1df5ee36a4df38d47bea90c3286f2e6d3ca434a7d54393b37cb4ab6c82566d9cf3568542255f9c3ef1cab7f51326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a7d10568c21706155efeca59023d6457

SHA1
6aa40a3b6f059b0bfe6df0594a43b3078da52b6d

SHA256
ff3727f57db447b4606a64cb0ca86e5aa125b2c818986d230a840816425a7dcf

SHA512
9eb8363f50bee878d8935b7b2894a9f6779d8fa7affea706efc829a50b939a98ef0d1929f24b0349b9a6019c78c57a5989e85f2a0c424c130facd8b7e1d9ffd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
223e1ca79d0aa6d94c8272b5aa96da64

SHA1
ef245fb851f66dca7217cda1310288d4496ba0ef

SHA256
f6f9c2855f6254b6ced1995e824dba029c75f06ae3f5e4b264aa2e1b8ba8eaf0

SHA512
34fe9337768175cb301f2e37efc67bf2581e2ec306bd63eb47737260368203a4200a994ecd1d3c4ba3b7b5dc1d58a4717cd6eebc4458c168bcb713ab3734eeee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bba97cd6114717c3443bdc2cf819609

SHA1
6887cf2a9d37e09105da07b79214e82555a86c4a

SHA256
0c8c1e0dd8dc0ab06d653dd4172a4db253fca5a7b5c14fe7f15386961308965d

SHA512
823653349ce80fd8d056d19397a3821bbca39373dac696eedcf84797df2a177f25a1b52317e6193a09de025e2d588e9386c290b819caafde3ce2c271baed27ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b87ebf0f00d2c1878ff4d59e3d5e882d

SHA1
422d13d210f7e132b5808889eea18f9c1e7714e4

SHA256
0861bcd42d133595bf6af8c70f4eb87f259ec3c158a5ee621b65be71bed22eb8

SHA512
3dca140cf663127132c392b71d69c6998458e7ad1611096b2692a9aaa2adb11896cbc783b86540e889c4df51ee7265b8385ca680aef95091e9c7ea4bbaccc110

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3494a1d1f62ffe098af26a9699114b4a

SHA1
3acd89ad348db8e4136258a839b0953c75325806

SHA256
e940308a639677fc24b7853edbd9c17ea328fcae7c187fa2a390a7e2859eba02

SHA512
0f1d11009281a80933c2c4f217839b62e1dcb57e70580344b81f5f4209c7e3007215ca39f8fd75f101d40402f7a8effed7a122d2110607bae691f73ca01823a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fd523356519986299b69252575deaa02

SHA1
097353818f84c9da9b4d9d2b0f99154fbb402772

SHA256
89395443e59a47e33a4db0f84bfd15c8800e6760602ad62086dc211985e8fd46

SHA512
5727eb2e0b6cb8ce3813b94c07b313b42a80cdb13ef79ce9f4a8042ed1099b1b0cb766e67813cb75b681d2d8b18956f07ddb710700ac835f1ff771e44dec1548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
147fb1874020d9bb6070c8340e27049a

SHA1
56cb7fc0038b1b5a8bace9f26f0f58f37ce344d7

SHA256
a133de44375cb1ea43e0ba5491d4a90457213baa038071ddd48201f5ff3adf58

SHA512
d63366fe47fb87577c0fc1dd65a1e526fec756579667751acd291d4ba40242d89ad953f84218b2d8286b25160b63c003df152c13c6c6eec0b2db06b54af2b86f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6bc6ceb2e0e04459206dc6f62c0cf85

SHA1
caf13c0f7e8d151f4ab40e98086de9bd24a36e7b

SHA256
92f32577e96e55c5440bcadb4eebf1f8315c177a228fb674c6c08b3ff515e70f

SHA512
413b57d04b3b937644d5381091404d8218da0616c71dc22b5ffcf7dfc96243d0720c7f2692d726b7f99b64922c116b1c1b283280a107d581f6e6fab30487b46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
e6a4cb9010398ac75df80f866b11dd6b

SHA1
87c58e9d93b7edbf1d45500d1143e4226a5c4590

SHA256
b1782e6c051b2e969f5bb4dcf8c9d0764a2bd18d45082fad722d8af62478c104

SHA512
e165458a3fe898122e3c87139292562a2a14ab04265e0f557dd2ab369c3811a67476367759f9cd3615bab5f5c468e78c30b816ff3eda34a316fecdb8f2aca290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
fb2403c9b14ff572d22adb52372d2320

SHA1
fe14dbe8a278d693f35119dd58ff3792870ab21b

SHA256
f5368883100994fb10f9be2e46c7843797c260934e0d047625290b635c2d5590

SHA512
8e4868a41d30169c71599a7e3846ae7e0154c1d1bbe0ccd5ff2d7c7caaba425346744f2c5514e585c7b1605bf73d3f3da285bd8d489aae553897b342b3da1a85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
80574540b4248554432ef6ebdaf78ffa

SHA1
d107c47ca3b2af575aabdf95396e69b7e4b08a26

SHA256
e034e06923085101dec3f350645302630f3667ba2a3dddb72ecfae6fd35bb743

SHA512
10b31f6503e120ee790a71b5e63d15aaae244b05dd385dc56c856910328d1180fe93a873a1d71000384f45afb1efe2f517ea4582a8adc2bf09a344b75c44bb24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5885a6.TMP

Filesize
203B

MD5
1b11e5efc68c8509222a659646d759c8

SHA1
24c4a3e23257497b1a70ef10d219276d70b27c3c

SHA256
c1e27e2bff373241baeda41fdbd6c962bcbb7b1b5c499c24070a8696ae802f86

SHA512
c61d76a7ffe23b233608135a53133f129d876bcf4af394aa050a1f60e3a5bd91e7c35ca045c9925d2fec20d96fc8fe90ccaa3553150a51a42dcb03061a4c4839

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec618829717ed705e0857e00b6c8da51

SHA1
9c400bcd5c7e74083874ecb246e65be102fb0b09

SHA256
5277b50cd183a01328cbe29cf3689b9c006d193244f00340d978529b8c358da4

SHA512
db0bceda4d2fadc5251aa6e0588b85db612d6453e7c87fbcb7fc231fe0546b1869dd0532198d1e42afef7203af5c5e3b2b73a8a48581562e94092ba550f38b26

Download Submit