Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26/11/2024, 09:14
Static task
static1
Behavioral task
behavioral1
Sample
a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html
Resource
win10v2004-20241007-en
General
-
Target
a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html
-
Size
75KB
-
MD5
a112363f99ddebfdc3e8c4462866311c
-
SHA1
2ce77bc5f682f4f1fa93f633f6613b267f16e0a5
-
SHA256
a7cc749ab1828329f01a7cde35c2493fcc752520dfffaa939a5e3f6a6ea4c247
-
SHA512
8c2b1d3c67fb46ca8ed5017d14e1d99c2ff8a71c933db05fcd6df2dc50a6866cbe88a2f28893e6657bfd9fe4dc5b36c9b0ad5ea8a8ab59cd0c7fb2a6ab7346bb
-
SSDEEP
1536:wwgr8VSeO33BsFqu+oDnmiaS6cgRrmC9yL:2eO33BsFnnm3IC9yL
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3024 msedge.exe 3024 msedge.exe 3016 msedge.exe 3016 msedge.exe 1576 identity_helper.exe 1576 identity_helper.exe 732 msedge.exe 732 msedge.exe 732 msedge.exe 732 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe 3016 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3016 wrote to memory of 804 3016 msedge.exe 83 PID 3016 wrote to memory of 804 3016 msedge.exe 83 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 2104 3016 msedge.exe 84 PID 3016 wrote to memory of 3024 3016 msedge.exe 85 PID 3016 wrote to memory of 3024 3016 msedge.exe 85 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86 PID 3016 wrote to memory of 3896 3016 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd38d46f8,0x7ffbd38d4708,0x7ffbd38d47182⤵PID:804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:22⤵PID:2104
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3024
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:82⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:3396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:12⤵PID:2688
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:12⤵PID:552
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:12⤵PID:4820
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:82⤵PID:2128
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:12⤵PID:2296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:12⤵PID:3928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:5172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:12⤵PID:5180
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵PID:5832
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵PID:5840
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:12⤵PID:5856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:12⤵PID:5864
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:1204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:12⤵PID:1372
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:12⤵PID:5700
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:12⤵PID:5756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6900 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:920
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵PID:5564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵PID:3184
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵PID:4460
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3140
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD50a9dc42e4013fc47438e96d24beb8eff
SHA1806ab26d7eae031a58484188a7eb1adab06457fc
SHA25658d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151
SHA512868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f
-
Filesize
152B
MD561cef8e38cd95bf003f5fdd1dc37dae1
SHA111f2f79ecb349344c143eea9a0fed41891a3467f
SHA256ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e
SHA5126fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
61KB
MD5468446a7240461af44b59ebb2047c231
SHA147b7c525dc91bece99df0c414960b9490b986ba8
SHA256ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8
-
Filesize
23KB
MD51ff53dae34c4555156d935d6455b5e8e
SHA17b0d480ae156810635d33de2750d7de405c41c62
SHA256b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998
SHA512103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f
-
Filesize
30KB
MD5e99f1712e9ab2361d5bdeb29f499183c
SHA1aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA2569d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b
-
Filesize
25KB
MD5651759109c0101a3622ce3e8d4c98be5
SHA1aa1838164412bbad08112a0895754c54ffd132d7
SHA25601318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA5126313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4
-
Filesize
76KB
MD5370efdc66d9c25454b6930b4ee1fcd8e
SHA1ce84fe659fa4278787757ecd383f398c5e4a4a94
SHA2563ac16f2301bf7bbd3160bd361cee1da4bd56651de39299be0bc6feac7675a83a
SHA51241085cfe80b559404c07af3f0c9d47e78302e78de7f247910d42e48fa11fd5e537e3a24cd9687711e8fae00b5e72cc6ef13887284d9779e6e65d6973876b9287
-
Filesize
118KB
MD56a468fec8186c39967ff0f119893bc8a
SHA17860f106a9d5eed3f251d81051c02b744606cf28
SHA25626988455f821a12110332ad807b830fb8740e6a4a716a94e30cbf1401e036770
SHA512534fb6776721c56d3c8a17b3bbdc6960bbe4b553d47a8f1e6e513736f1b749900479063771e4d529376c625686ef5566af95384429fe9ee5319d1c0ef88ac899
-
Filesize
41KB
MD59631c594f55c395f07b12046cb8fbf9d
SHA1cd6532d1689166c19477923c73083eaaf8cd21e3
SHA256a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726
SHA5125d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105
-
Filesize
46KB
MD5796c1c45a74869afaeb81ce1e1116e69
SHA1e028e17826bbc849126c3f9f5917b734a5917231
SHA2565a08f93ea5ca819120effaf4bc2d68a7f7b317b27a342701b696d5e8427b54a1
SHA512aa598608e350240f319ab87eca659a517c2fa6e983f2806093db583ae42e7c78f6a8b366c14500ba340aea02c70eba39db086faaec5066a60ab30f847b68fb49
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5f4139504ff2b7ec483eed5a49fe59f0f
SHA134b5bcfda34ad1c13a5dccd8b6dfe5881416779e
SHA25680440a3f2ac415eaa6720e16c556f7f75cf5eec59827d24c931098472565e6d8
SHA51224e9ada70f864587079ba0c25d3748813126f175a3113bbecf89e6603879ca7a9d55730d1561627874efc683cb4dab9b9e0f84a1e0654ddfdf1757cb47b1abb4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD501c4f447d51778e0ffeab67cd0507ab7
SHA1e2c4ced0f29c02e0e16ad531fb6d9154f210fbdb
SHA256aa0d93f3e45f12417a6dc3471fb355a95be5c5110b8dcbfaa769edb3e846274b
SHA512a63bf27462e73111b87938914e3edf776085b5e93445a3fc91c13be22d3dbc5f10a4f9fae6914a8fb92e17b256888942f053c21c9abe5d91a52d57e81089fedc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize288B
MD5777c305e5710a20e30c5a7fcda7ddc02
SHA19695f88a9970de32cb425cc46403c77545c54196
SHA256c851a28700d69e627f46f6c0ff6d0bc3f591065dedc2111d6317f7a52c25a91a
SHA51238e97a5c34c37de8996e28e22bd2d3b9b4fec16e0c4c474ea4aa1a9ed622f113865bf1a7a314c13435c4023d98b735a481766460d65aa76e1e084a176ca5953a
-
Filesize
1KB
MD53a830cf36b7b37fb690bded3079b189b
SHA15088c3595e83c3cae08490e6a31627e32a61b60a
SHA256f9de9a9e6b36df44540ff2e4b94d8b892da005a5df722d367d57826c6d6a891d
SHA512119386aa4015c186bd72ec43162a3cdb3cf1e43f9b1b071c24b1cf895a08dfef816c568643bd8bd9f57cdb7d7786ba40dd8cda6578add6a1517ee064d658c874
-
Filesize
6KB
MD51ad7a3d163978e95ca59283eaa33a9fa
SHA112ba265eb4700bf3ff4cb89d02b88a78991d768b
SHA256ed7d07217a22ef2f063318170f1dbf94b32bcd1d6d460a53e0b4c17827b368eb
SHA5120acbd6704835ea8194c149e0fbc39b3cedf7a17e210594a4fd3364901634216787ae10afe96385e9b54555c74e039a2fed2ce04619ad62c3c98dd9f1bc3b065e
-
Filesize
6KB
MD50d07270cf40079bf4ecc335656da0445
SHA157c8f60ca6500dd0a2eed0236fc9aca9f3259e08
SHA2568fb98cdc0e5262eab2decea65966e0be28c93568fe8f5422ccfd9f5a2c45ae9b
SHA51213e9372d1cb55e3842416a27b434aca754a9b11e8edcb434f45876cd2e1352ea198e59c103bfaaafffb906780e24c6ead1190e45dd2ab3585579570a8bf9ed30
-
Filesize
6KB
MD519198a586f9e441a0b31c12f9a418fc7
SHA17c6123a8e513788bc9defaaa66a4b1712a4b0a32
SHA25674a580ff452e913bf71243ad1ae1b48412eaf97c11e97f7f8b3489798aea9b83
SHA51212fca15e67b17f2a5e4c3ce2a6aaa17a4ef353ab832a058483fd73521f81c46e57811b5e70116b71ca52d14a6250670f3a1c02ec8aec0c6fc73f8815076e1c2d
-
Filesize
6KB
MD5efbef2bf80b0188eef108ab3a2cbc286
SHA1048a4ba37e43c074452dbf5c9d181fd3cc7b452a
SHA256c931b93dc345117a9ad3a012a87ffc097592534743ed75101446f1739837eb4b
SHA5123668c5de5614d9c292c2c96e0c076a09e8908b181266796771671eaeb6fd63414eae24909fac0425cc34ae1314c7908a9ed8f8223e010aaa5c820774ee867275
-
Filesize
5KB
MD5ee8c9ab49e8553a65c9216b121ca4165
SHA1b90867474fdbe19e976edb85d9d40bc48a12eaa6
SHA25620dab8347c3357a571cee3ce9683b2d21eb549dfbcc50863db30ad5234544f7e
SHA512d392a5f05ac429491600956c2aa2134bb99834a7b872931b153d6037bf71f968e95b34cc9505855bd65ad5568dc074674ff177e88fac7a0a407b0744b2a548ff
-
Filesize
6KB
MD532e014caf0775258461abdf6b03bd179
SHA137516813ed8eaefa9a3ebe610394c50a207d93bf
SHA256e0dafd0509571ca2b80d908079c9acf4860a889624c5128ab95777ab3241c485
SHA5127b98ccef858aff39b439e2651842853f652d305e368e7d5efd4f19da8a90602c35b661055f7f79fee1290afcf2fe363d5ade4619b26485e19ca1d1e6d7d72a13
-
Filesize
203B
MD5c659e8fc8442fcc960fa17f2705fd91b
SHA11f5b4e17bf200715f255fb340d95ea8046279470
SHA256554bbc1a2bf4c0c14c58fb01fd714eed47fe7f272dbca64b3b25fc7616d9dfa9
SHA512c09d6a478222b4651da9eb34bb5b7e613fcb9661b75f73ceeaced74b42ba820ea477856bd7ed57fdf8e9de664857c790a6f70ef49c4a26def97e47d02c934084
-
Filesize
203B
MD5eb5bf04f04d314c3154af9f441327c6b
SHA1e2b08d501f87cd4ee60604928f071cb7fe11bf12
SHA256bd1eb438a67d546e074385af437d648f98d8c9294b88f09f206049832aa6d9f6
SHA51237ebfc5d4c44a76d11aef9b60adfcca2ccadc45ec4ce32ae19f0e6fffc204e13d944a23011a9411b982c5e18bb4b09555897e138ad3a583f60e2e25b475eab02
-
Filesize
203B
MD50faabd3be4456e2ce0ea739b9b173daa
SHA1017041582a8e075916ae7f0329b3b51e7f9f277e
SHA256fa49e86c02d28fcde4a6b078b744d980583ce5bbd0f42379276b7d8a4c77dd5c
SHA5127834ea90ac79f45a372c5253a7e26796bce8859aabf365cb4be448d1132df3297f9eaf671fa88264322035cd6871e463b0468657e144f3d434ea8ba9e7ea9b75
-
Filesize
203B
MD52730271387997cb800f8f6f34aa83a89
SHA187d527734069c020221852bdbdb132ef32927eee
SHA2560a9aa840546636f774f55418a065aa9906887c4443d3ebe0eb8c7401eaad09f8
SHA5127f900f986085f638f95f2f25f6f8b35075f07cef062864b1fcfb8185b6919550d6aaabd56bb9bdf42cedaa9055fef43b8fd62cc13d37e186b70165fb4281f930
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d91ff6b8-3f9b-4b39-9ec3-dd2c15604d7b.tmp
Filesize6KB
MD5f96c66702d12ded032b26f96aada3cac
SHA1a1b93ad4588812c32ca8d9e4f51c7db07bc3a6eb
SHA256f502f81e5cb2175ca2e5263a7f0b489067f7f0a94458c27511810c3bace527ef
SHA512a9889d6e78a60a31c713f9f7660d6ca4a2635dcb48726736cbd1c50e5ba9c6c2efe220d2012679541f40c1ba1d042c3553c32d800c81e1987b645a9325727b48
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
10KB
MD5d19a1524771571494c659b3e793f1586
SHA1710799fae29ce6343b3c72779f1b010cecbae0fb
SHA256a40fd87d74b66f175e9167f069c175cebf6383ea56fca54a3e7afbf3b3228c1b
SHA512773d4c04a2fd305387da489d75b2c7988df3227baa77303195511781a102c6cb8701206320a3882fe9a3c4adaa1be2c033c0aa23b3e369d81b95f88c983337bb