a7cc749ab1828329f01a7cde35c2493fcc752520dfffaa939a5e3f6a6ea4c247

Analysis

max time kernel
147s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2024, 09:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html
Size

75KB
MD5

a112363f99ddebfdc3e8c4462866311c
SHA1

2ce77bc5f682f4f1fa93f633f6613b267f16e0a5
SHA256

a7cc749ab1828329f01a7cde35c2493fcc752520dfffaa939a5e3f6a6ea4c247
SHA512

8c2b1d3c67fb46ca8ed5017d14e1d99c2ff8a71c933db05fcd6df2dc50a6866cbe88a2f28893e6657bfd9fe4dc5b36c9b0ad5ea8a8ab59cd0c7fb2a6ab7346bb
SSDEEP

1536:wwgr8VSeO33BsFqu+oDnmiaS6cgRrmC9yL:2eO33BsFnnm3IC9yL

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3024	msedge.exe
3024	msedge.exe
3016	msedge.exe
3016	msedge.exe
1576	identity_helper.exe
1576	identity_helper.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe
732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe
3016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 804	3016	msedge.exe	83
PID 3016 wrote to memory of 804	3016	msedge.exe	83
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 2104	3016	msedge.exe	84
PID 3016 wrote to memory of 3024	3016	msedge.exe	85
PID 3016 wrote to memory of 3024	3016	msedge.exe	85
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86
PID 3016 wrote to memory of 3896	3016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\a112363f99ddebfdc3e8c4462866311c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbd38d46f8,0x7ffbd38d4708,0x7ffbd38d4718
  2⤵
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4720 /prefetch:1
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6736 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6448 /prefetch:1
  2⤵
  PID:2296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:3928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:5172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:5840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2580 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6208 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6900 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,14292444162538103050,13344575795307040039,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
  2⤵
  PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
1ff53dae34c4555156d935d6455b5e8e

SHA1
7b0d480ae156810635d33de2750d7de405c41c62

SHA256
b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998

SHA512
103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
30KB

MD5
e99f1712e9ab2361d5bdeb29f499183c

SHA1
aa1ad85ed4ca152a807101ebfbf7636c49495236

SHA256
9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460

SHA512
686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
651759109c0101a3622ce3e8d4c98be5

SHA1
aa1838164412bbad08112a0895754c54ffd132d7

SHA256
01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06

SHA512
6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
76KB

MD5
370efdc66d9c25454b6930b4ee1fcd8e

SHA1
ce84fe659fa4278787757ecd383f398c5e4a4a94

SHA256
3ac16f2301bf7bbd3160bd361cee1da4bd56651de39299be0bc6feac7675a83a

SHA512
41085cfe80b559404c07af3f0c9d47e78302e78de7f247910d42e48fa11fd5e537e3a24cd9687711e8fae00b5e72cc6ef13887284d9779e6e65d6973876b9287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
118KB

MD5
6a468fec8186c39967ff0f119893bc8a

SHA1
7860f106a9d5eed3f251d81051c02b744606cf28

SHA256
26988455f821a12110332ad807b830fb8740e6a4a716a94e30cbf1401e036770

SHA512
534fb6776721c56d3c8a17b3bbdc6960bbe4b553d47a8f1e6e513736f1b749900479063771e4d529376c625686ef5566af95384429fe9ee5319d1c0ef88ac899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
46KB

MD5
796c1c45a74869afaeb81ce1e1116e69

SHA1
e028e17826bbc849126c3f9f5917b734a5917231

SHA256
5a08f93ea5ca819120effaf4bc2d68a7f7b317b27a342701b696d5e8427b54a1

SHA512
aa598608e350240f319ab87eca659a517c2fa6e983f2806093db583ae42e7c78f6a8b366c14500ba340aea02c70eba39db086faaec5066a60ab30f847b68fb49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
f4139504ff2b7ec483eed5a49fe59f0f

SHA1
34b5bcfda34ad1c13a5dccd8b6dfe5881416779e

SHA256
80440a3f2ac415eaa6720e16c556f7f75cf5eec59827d24c931098472565e6d8

SHA512
24e9ada70f864587079ba0c25d3748813126f175a3113bbecf89e6603879ca7a9d55730d1561627874efc683cb4dab9b9e0f84a1e0654ddfdf1757cb47b1abb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
01c4f447d51778e0ffeab67cd0507ab7

SHA1
e2c4ced0f29c02e0e16ad531fb6d9154f210fbdb

SHA256
aa0d93f3e45f12417a6dc3471fb355a95be5c5110b8dcbfaa769edb3e846274b

SHA512
a63bf27462e73111b87938914e3edf776085b5e93445a3fc91c13be22d3dbc5f10a4f9fae6914a8fb92e17b256888942f053c21c9abe5d91a52d57e81089fedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
777c305e5710a20e30c5a7fcda7ddc02

SHA1
9695f88a9970de32cb425cc46403c77545c54196

SHA256
c851a28700d69e627f46f6c0ff6d0bc3f591065dedc2111d6317f7a52c25a91a

SHA512
38e97a5c34c37de8996e28e22bd2d3b9b4fec16e0c4c474ea4aa1a9ed622f113865bf1a7a314c13435c4023d98b735a481766460d65aa76e1e084a176ca5953a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3a830cf36b7b37fb690bded3079b189b

SHA1
5088c3595e83c3cae08490e6a31627e32a61b60a

SHA256
f9de9a9e6b36df44540ff2e4b94d8b892da005a5df722d367d57826c6d6a891d

SHA512
119386aa4015c186bd72ec43162a3cdb3cf1e43f9b1b071c24b1cf895a08dfef816c568643bd8bd9f57cdb7d7786ba40dd8cda6578add6a1517ee064d658c874

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1ad7a3d163978e95ca59283eaa33a9fa

SHA1
12ba265eb4700bf3ff4cb89d02b88a78991d768b

SHA256
ed7d07217a22ef2f063318170f1dbf94b32bcd1d6d460a53e0b4c17827b368eb

SHA512
0acbd6704835ea8194c149e0fbc39b3cedf7a17e210594a4fd3364901634216787ae10afe96385e9b54555c74e039a2fed2ce04619ad62c3c98dd9f1bc3b065e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d07270cf40079bf4ecc335656da0445

SHA1
57c8f60ca6500dd0a2eed0236fc9aca9f3259e08

SHA256
8fb98cdc0e5262eab2decea65966e0be28c93568fe8f5422ccfd9f5a2c45ae9b

SHA512
13e9372d1cb55e3842416a27b434aca754a9b11e8edcb434f45876cd2e1352ea198e59c103bfaaafffb906780e24c6ead1190e45dd2ab3585579570a8bf9ed30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19198a586f9e441a0b31c12f9a418fc7

SHA1
7c6123a8e513788bc9defaaa66a4b1712a4b0a32

SHA256
74a580ff452e913bf71243ad1ae1b48412eaf97c11e97f7f8b3489798aea9b83

SHA512
12fca15e67b17f2a5e4c3ce2a6aaa17a4ef353ab832a058483fd73521f81c46e57811b5e70116b71ca52d14a6250670f3a1c02ec8aec0c6fc73f8815076e1c2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
efbef2bf80b0188eef108ab3a2cbc286

SHA1
048a4ba37e43c074452dbf5c9d181fd3cc7b452a

SHA256
c931b93dc345117a9ad3a012a87ffc097592534743ed75101446f1739837eb4b

SHA512
3668c5de5614d9c292c2c96e0c076a09e8908b181266796771671eaeb6fd63414eae24909fac0425cc34ae1314c7908a9ed8f8223e010aaa5c820774ee867275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ee8c9ab49e8553a65c9216b121ca4165

SHA1
b90867474fdbe19e976edb85d9d40bc48a12eaa6

SHA256
20dab8347c3357a571cee3ce9683b2d21eb549dfbcc50863db30ad5234544f7e

SHA512
d392a5f05ac429491600956c2aa2134bb99834a7b872931b153d6037bf71f968e95b34cc9505855bd65ad5568dc074674ff177e88fac7a0a407b0744b2a548ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
32e014caf0775258461abdf6b03bd179

SHA1
37516813ed8eaefa9a3ebe610394c50a207d93bf

SHA256
e0dafd0509571ca2b80d908079c9acf4860a889624c5128ab95777ab3241c485

SHA512
7b98ccef858aff39b439e2651842853f652d305e368e7d5efd4f19da8a90602c35b661055f7f79fee1290afcf2fe363d5ade4619b26485e19ca1d1e6d7d72a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
c659e8fc8442fcc960fa17f2705fd91b

SHA1
1f5b4e17bf200715f255fb340d95ea8046279470

SHA256
554bbc1a2bf4c0c14c58fb01fd714eed47fe7f272dbca64b3b25fc7616d9dfa9

SHA512
c09d6a478222b4651da9eb34bb5b7e613fcb9661b75f73ceeaced74b42ba820ea477856bd7ed57fdf8e9de664857c790a6f70ef49c4a26def97e47d02c934084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
eb5bf04f04d314c3154af9f441327c6b

SHA1
e2b08d501f87cd4ee60604928f071cb7fe11bf12

SHA256
bd1eb438a67d546e074385af437d648f98d8c9294b88f09f206049832aa6d9f6

SHA512
37ebfc5d4c44a76d11aef9b60adfcca2ccadc45ec4ce32ae19f0e6fffc204e13d944a23011a9411b982c5e18bb4b09555897e138ad3a583f60e2e25b475eab02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
0faabd3be4456e2ce0ea739b9b173daa

SHA1
017041582a8e075916ae7f0329b3b51e7f9f277e

SHA256
fa49e86c02d28fcde4a6b078b744d980583ce5bbd0f42379276b7d8a4c77dd5c

SHA512
7834ea90ac79f45a372c5253a7e26796bce8859aabf365cb4be448d1132df3297f9eaf671fa88264322035cd6871e463b0468657e144f3d434ea8ba9e7ea9b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58772f.TMP

Filesize
203B

MD5
2730271387997cb800f8f6f34aa83a89

SHA1
87d527734069c020221852bdbdb132ef32927eee

SHA256
0a9aa840546636f774f55418a065aa9906887c4443d3ebe0eb8c7401eaad09f8

SHA512
7f900f986085f638f95f2f25f6f8b35075f07cef062864b1fcfb8185b6919550d6aaabd56bb9bdf42cedaa9055fef43b8fd62cc13d37e186b70165fb4281f930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d91ff6b8-3f9b-4b39-9ec3-dd2c15604d7b.tmp

Filesize
6KB

MD5
f96c66702d12ded032b26f96aada3cac

SHA1
a1b93ad4588812c32ca8d9e4f51c7db07bc3a6eb

SHA256
f502f81e5cb2175ca2e5263a7f0b489067f7f0a94458c27511810c3bace527ef

SHA512
a9889d6e78a60a31c713f9f7660d6ca4a2635dcb48726736cbd1c50e5ba9c6c2efe220d2012679541f40c1ba1d042c3553c32d800c81e1987b645a9325727b48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d19a1524771571494c659b3e793f1586

SHA1
710799fae29ce6343b3c72779f1b010cecbae0fb

SHA256
a40fd87d74b66f175e9167f069c175cebf6383ea56fca54a3e7afbf3b3228c1b

SHA512
773d4c04a2fd305387da489d75b2c7988df3227baa77303195511781a102c6cb8701206320a3882fe9a3c4adaa1be2c033c0aa23b3e369d81b95f88c983337bb

Download Submit