b98420e64dcaddff50c6b6a743bfe5a2ffc6cb7c23be486759ae900eafb91cc4

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 06:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c66d4e415174b45316e52eb83e11060e_JaffaCakes118.html
Size

122KB
MD5

c66d4e415174b45316e52eb83e11060e
SHA1

165c6b5cc9e707031f5dab0c46287238d224ff6c
SHA256

b98420e64dcaddff50c6b6a743bfe5a2ffc6cb7c23be486759ae900eafb91cc4
SHA512

eee40afaca14bb0aa8c6ee5eaec3d91fa8031224e0d25ed8f8e448aae6b10a84acc1577fc81ff4e7e7f55489fc098af293888564455a36e3a76358d3e7ec5c56
SSDEEP

3072:wjo8Njz2S81Ep2svbEfd21D6VleByTPBXJ27/P7UHeaA2eD1nh:v8RH1AkLN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1632	msedge.exe
1632	msedge.exe
556	msedge.exe
556	msedge.exe
2660	identity_helper.exe
2660	identity_helper.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe
4276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3840	556	msedge.exe	82
PID 556 wrote to memory of 3840	556	msedge.exe	82
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 2264	556	msedge.exe	83
PID 556 wrote to memory of 1632	556	msedge.exe	84
PID 556 wrote to memory of 1632	556	msedge.exe	84
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85
PID 556 wrote to memory of 4292	556	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\c66d4e415174b45316e52eb83e11060e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffbbcb46f8,0x7fffbbcb4708,0x7fffbbcb4718
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2616 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4848 /prefetch:8
  2⤵
  PID:2568
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6904 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3768 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,15637319702403509955,11889515947478501818,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2412

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x3f0
1⤵
PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
4b3121a05808b99aa6e0cc12924f77db

SHA1
ee5805bb76c384d1e1667aea2976bd2f4f94c7cc

SHA256
e4fea32bac89d9ad34b13a25b0b4da1321920b2c6be2cabb75ff91bf6109152c

SHA512
9b83d55691b41d2a45a542d163c1b6a47208969720ec1fd15233f29ddcef2243e79895cfcb008767f91b3d1cf3a6288248e8b1ec50027eb96db04cde56cb2605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
1ed76811af8c6ed01b3d356f3bad9a3c

SHA1
8eb6ec720c89345a37f37c519a7e60453ff256d9

SHA256
52775526647d60d401b7d0ac7ad728e621edc59c4b9f6bda497ba5fef48239b4

SHA512
24cb443881a4a4fca319827e28b6aaaa5f0402867c49adeeb2c81dfa469dc448c2397e1e488d23ad2af0ffe0cbb63b8d866efdc2a8ed5dca6b4cbc4f9084499a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
480B

MD5
00fc3c9c646e3bf8c82b319b12e9c811

SHA1
c45542dcaf01c91fca35a912f2e38dbe83cd911f

SHA256
3e1baceaa82ad182acbb0a9e89e4e174328b3505e8b11a11f0bccd971a7a890e

SHA512
cdf2ae1874d32f28d4a541e9d22f70308b1bd07668c21bafd6b4fcd6c110c6963e45a65f9dc71d144c0739b2f7af320f1e30fbaf81cbcddbca82e6c1d4c3047c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1565774618e63b64d7eca5527d39e8e2

SHA1
ea869b4ae23bb966b27c66735d9b59e7f2f0b76f

SHA256
5cd10207d3d77bea0cf6f7d19561bd824969b2049e1cc9b4114b1755195189a8

SHA512
e81a7ab7eba200c85926d9ac3f6afa60ed1e598667c5bc17145b357b95c2c00417d4e816ed66cfbefa0f2cc00ac136cf6c40b44daaba53b38061bb5025b03c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
456B

MD5
a963dc41ad2f7fb59756872468ad8ae6

SHA1
fbbccb1c2039dbde653e422a5cdc9b394730cb67

SHA256
aefae74f0415c14cdcf43f7a7737019a75db2a4d30893f963e394191e087f3cc

SHA512
6c647818777e4e412dedce7d4bd146d7006e25b590cfaae5f0a72a3d07086051ace196ed21b7268ec1c3cda17213bb76033f96f6ba16ba29e50da0a93f154b26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d7d160a1f904fbee923b3486a69e4653

SHA1
e22cc66fc1288c38f94643996b1d7d4de8b8bd63

SHA256
aa0dca2d1d14e4b6bca5d7c087ca25b06fc933baf0c33770d92656a2a7e5b4e9

SHA512
1c1593b4eccafdf4676631e76d5d17ca0cdae76852da25cdcd8a01d1b1d2c7921c55176290185eb0cafdf60f8e393bea8e9aebc026f6bae88f323f851854eff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
c5f12bde71cd9586e1a6467dbc0c4326

SHA1
47ef1f4515bc6993e163ca7017340ef586935020

SHA256
d5ffeca0a91de1b5b6fa3a342bb2ac8ac1dfa9950b51fe64c8dc1a3b7bdca65d

SHA512
ba5b71624492713d134e607d42ef57968a6735b040ad5b9a7de1569dc8089617929bff129cded4fdb49daea16523dd78cea23b7ab14a6b051ec6715d3e2df5d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
153cfffe647eb679ef931e5979a89120

SHA1
12b8a55f5d4824b3008d3189a88f8919fb1e82e0

SHA256
77ba6b879eb317b3ab8de95e8231774445c4f7784573958872a4329b6600e962

SHA512
b0925dff18d0676395bb34a2200c77adde020388e082488965c55e9f17c7e99a4089e15a6a4cdba91147511e90cf351f4ada7a2db6980573712bf90daa017fcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
332b56daf5952a4b788b9ff7ccdd2dae

SHA1
cbf4f122cbe39ac6300b202b6f784581bd4502a6

SHA256
7e276c45da05968bf9cebe29c00541db06b3df1b92bf4b4b7923c10eaf10477d

SHA512
d5add926aedc9f294dccb5b7b026423585fa8e69043b189b62cac31c21d86d1c75ad011e4934493e516100bea9281d3bcfa8cc2fbd701a0e36a2445437126fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a737568052756a4cce1ad9ea0e2092b8

SHA1
1da48d4225ce7b7f0412be45c3ea0410b942a017

SHA256
144a5ec8c67dfb2543ed4a06992e2d0cf8f2a36f0973ce33a853a1411e73fa1f

SHA512
d5a6195b05473eccc0e5dbec5bbcaf17b571c82dab3556cd9d193bcc1c9b13aeb34e4f4da12740eaedee0a4f90bccd605ef5e79b29eec69d7f86903da1fadf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
38885cfcc4862277fd3a309dc04dd2cd

SHA1
0ea8142f725a1322a04b5acc36be9fe94cf32074

SHA256
cb2179769e5c3d4a325c3e2c7e77bae3653022baaeb736e5a7c11979c16eb2d1

SHA512
4dbcf59d48a4e72cd8ef5ffebadbe07afcfdbcacb45d526e109f2f08830f0b9c0bf86cdf48190b24effe14c519aba10c8b8e696117c6f5df798210ae983accd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b0a262732ca018c11dc0fa72b876e179

SHA1
7fe1a333d9e3f020fbfa0522d3e03804bfbcc00a

SHA256
770abc02645f3c86617ae334d7219afa7b764e376746be5bebee3b426a203c77

SHA512
a81f0f007fd82e47c54a9b245c0af85781cbedc43a7fd6bc365b4bf3c4fe5f72f061037bcf67f00119117d8dfe95e1780c29fdce76b5d44862a0e4a63bc6ea6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
adf13277f794158e8c95d443533b35f3

SHA1
2c78147d15111f631b6d93f9e5898700670d388b

SHA256
cfc8a7955efd6ea85e06e62259ea7431bfd2ba0ee4bd30e9c303d93b00c94537

SHA512
6c1a47d317d60496634e78fb5eb04abd790d2c6d11aaead0fa12e7ce2a8fa776e9b1503bd01d4eb7058a9fcc2683c8e40acf487415d3fde37b16df002d060554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58486e.TMP

Filesize
203B

MD5
6101e4a6792540ad6a212973114ca2e1

SHA1
79818c1f19ce95d271bf22c57b14c50780d5e8ee

SHA256
c8b4b34742a6c3e98ecfeff644e75215c16a7f14066c6e6af043522b56a6889f

SHA512
31da353827c63e6b4886cbc9c937cccaa73cd359a0eecca352026dd9f7dc53bbc67fa1bdecc02c391b5249d54d96f612a415304eccaa48bc906e100d8dbd582c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6859acc16ea5c304e90b128de514bdca

SHA1
3b1de565cf4e3a273d80371672d83822b45e09d4

SHA256
e1b97e3d552cf2b5ac88d338e3a609631ae54a39607927c3e72239989e8c9ce7

SHA512
68fa51d789ab0ae4d77cc212a96498e83a668000c7e647f5641e65e7c93d073e929df6e9719ff248ca9babc39b72bfeba29f25307f014190dbefe848a1c42b62

Download Submit