680fa279256f1e3f49b207b1e0149af762c634b42ea07a4023d745a617d57ea3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2024 18:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce6859da61f7501181419d6242af89a2_JaffaCakes118.html
Size

77KB
MD5

ce6859da61f7501181419d6242af89a2
SHA1

b6d83de86e63a210a16bd8744e1b8fa5c6526f32
SHA256

680fa279256f1e3f49b207b1e0149af762c634b42ea07a4023d745a617d57ea3
SHA512

235b7908beece5576a26ec51da23c38664b76ce9bf8106bc1982f99e31564bbdd286036c6f491b8b9a111ac4c36175e3243be6887d3900b6483f91af6f6b0ce0
SSDEEP

1536:owgr8VSeO3xnZuBJXplaS6cgRrsKPtgiH:+eO3xne9pImKPtgiH

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
912	msedge.exe
912	msedge.exe
4712	msedge.exe
4712	msedge.exe
4760	identity_helper.exe
4760	identity_helper.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe
4080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 1940	4712	msedge.exe	83
PID 4712 wrote to memory of 1940	4712	msedge.exe	83
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 1680	4712	msedge.exe	84
PID 4712 wrote to memory of 912	4712	msedge.exe	85
PID 4712 wrote to memory of 912	4712	msedge.exe	85
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86
PID 4712 wrote to memory of 2316	4712	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\ce6859da61f7501181419d6242af89a2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6d9d46f8,0x7ffb6d9d4708,0x7ffb6d9d4718
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4840 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4168 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
  2⤵
  PID:5784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7040 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
  2⤵
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,16575816134708773762,1640585137337731899,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
  2⤵
  PID:4128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fab8d8d865e33fe195732aa7dcb91c30

SHA1
2637e832f38acc70af3e511f5eba80fbd7461f2c

SHA256
1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea

SHA512
39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
36988ca14952e1848e81a959880ea217

SHA1
a0482ef725657760502c2d1a5abe0bb37aebaadb

SHA256
d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6

SHA512
d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
1ff53dae34c4555156d935d6455b5e8e

SHA1
7b0d480ae156810635d33de2750d7de405c41c62

SHA256
b60890e621ee1f1885e164572c092e6dfcaca3d7c7e2b6cbf65b5acbfeb6a998

SHA512
103de10e245e4eeddd8611d30f62a74b16b364b5aa90c866c1d239649363e42cce013d83520b7e3fe2c17ca709421168f78736477e124dfa841dc021f512bd1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
aeeedfb5c652fe157e093e3bf5bbdd10

SHA1
549e91287fd28e50fc3a13c4d32188609404e173

SHA256
efdcf4b39ba18c96804ff82a6ee1533cb789958de5a533a261d2d078bee4a1a8

SHA512
a277464695732e7ae94df557c9eefa1544df9ec233786ba83386f52021995848d24f255ff49920e50e403d9e3400fba28e69be6f4d8b631473a99647162a8693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
30KB

MD5
e99f1712e9ab2361d5bdeb29f499183c

SHA1
aa1ad85ed4ca152a807101ebfbf7636c49495236

SHA256
9d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460

SHA512
686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
25KB

MD5
651759109c0101a3622ce3e8d4c98be5

SHA1
aa1838164412bbad08112a0895754c54ffd132d7

SHA256
01318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06

SHA512
6313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
41KB

MD5
9631c594f55c395f07b12046cb8fbf9d

SHA1
cd6532d1689166c19477923c73083eaaf8cd21e3

SHA256
a56a5d0f5f612bd39fb02fa1ff7a721a33fcb841f40c48757381b3b7c4a25726

SHA512
5d3bada46dbc583755c279b5ff3c155e15f16d51b6522752ab289bdb62b71abe1d91def5733ef7e77fc01d127508d07e2c67e731bde26a478c4780c8918ba105

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
76KB

MD5
536ab4ceed3cd2594f44aba01823ec70

SHA1
e48055dada02c8f6bd119a1e189349b9def5b629

SHA256
618e1a37b597333ee8cfa97d7766a478b7f1cf8378f313a0348667a191a80d48

SHA512
22bf4f599bb22838768e7a69eb8ad1adb2100fa19699a3c9b5f77896b358539c66a4f2f1a3aa5999339866e01c2ebb7e111bcea31ddfe3599a21310323f343f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
117KB

MD5
f428928ccb522f3ffaaf8fb955876628

SHA1
0b90d7d203387623011d857b03758ff4dc659e5a

SHA256
88bf2303d5b3cde410df0d3f8e450e99c37b9094b2c8528a2adf31c76f85e54d

SHA512
5d88e84fb127d24803b4f8d780eaef9d8dbedadc48dd0de7d465fb802014866a27beac3078efda47d53ce27de7144ef4893ffebbf4b32d115f2030140be43273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
45KB

MD5
79c55102491a45acc28486b6d606492b

SHA1
1689f1a5f433e46529a9dfe0ad9c80d20c46cb70

SHA256
0752ba605369b9e24001686643a991114199d0b477e661bd0faef72f63cb9521

SHA512
5bf8666aa20df93e69affeb9edafb988cf57e9f738c9ff94db227564c2ec1e68d963a336e8dc27e54ae60dcfc1fafdca46f326fa80b3e3faf76e305ae781d73c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
0866ddf4e47e87b30aa0f6dd1d6b0157

SHA1
dfb3f5ec4a0bd5d544d83bb7eb8316d27618e4fa

SHA256
aca5fe35d6f061cf97ffb823c711d343f7d9a0ff6a4e21397a88e9c34e4acf43

SHA512
764a38e165d591e042bee532a09d5567a000c86e9f0728abd5adc2280b35c36196d444f9370ab5debee90cd1923510d37327990cc6f06541d5da776c613f4403

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
eed73d3c57e318cd76425da5868ca3c7

SHA1
00321e4fbbadccc5c9f167696b03d7191ffb3665

SHA256
22b8017f0898675fa885de468bf7aad6a83adf7022bacf114dea8acb6504e340

SHA512
39d95fdbbdb82cc0587f4b921f1137f2c43e035a92f22f6663624dfe00d6da2de99b7788f058fffea6f7ff7d28027f709340f84982c252d2e951f88e1c1cefa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
3076cbe467e89c9a065a3a8eb20d2645

SHA1
1bac80ba21b872b799098857355126af2f3ae366

SHA256
e977363a022f1f9b3022eb5bcb012707ffb1fdd87ed1ed567f16f56a3e52faa7

SHA512
675a8614deee484d5fd27ad1edda67a09151452811ed9b46fec972441961f5a7007c69c3687e75f20ccfa735483f375b016302a3bdf7131a50dfbdd0fc3f7040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
ae1f161367dbdeb6bf9ebf1f15143d34

SHA1
571a67157501fbd49f7234f5c5109bf42219f8c0

SHA256
ab8e8b8505f897ff48da4ada9f9ca66c562a52d59315757e012f8cacff0b8509

SHA512
604764de2245ce56c40edcafe182752bc373077bbf3c61fe9310d94f387aa0df21caf5ed4a5690e72bf655bae0c04ec8209fc64e35fea9cd2d36f5bb4d0409ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
45c3372074b870f249b2a37a17526797

SHA1
d6c4fa4bae08b6508a1615409b73473967842119

SHA256
8a294ad8f6dd683b4a7890d52f74e027c9b046b0399d92d8be5f96627a68f9c7

SHA512
0ea2ee696532873334641f872bf085515aa28819e4d808b5a8ba7eec3a007314222f82829b96c3e609b60ba9329465a4c9da180cf6dd07dbd1ebce2f388877b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22895ee71efe48a93179f4ac11f5555a

SHA1
385ef346c846c1ab0a6b34c8e55bc4066b487bf4

SHA256
625c2e4d390be720ead772c8c3853fc798adc14e855acae66d64cdb8bbdb4e1c

SHA512
23f8014b84a53767bb0468f67ab459996a015cff8106fde74f800b564c200257dba90ed168280dd7a9de9a685d944b2a6fbf94232aadf8797a90a7976c5a2d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d652f8ed3bacac2c485b091d59be375

SHA1
1e485281ef54bdc4848bbdef05affaa0e861fa10

SHA256
e0cd1531d8596d7c5138e7eda08da2cdca9d8a0825dad106b4c36415920b19c4

SHA512
8c4caf95e2d6d017e38a245fe116bd8df040b27f3a4688b5026fdb759792f52a5e4fc06df0d413ce59a9723a5680924ffe5545b834a50e6d57945178a7e5343c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5eea50eab7966c89c3d88ee8c823b54c

SHA1
94a1b324d1e21b2d4bb2688cab4b0c2e11391b0f

SHA256
1461f23047a6d044e05fa24c1080904ff919478b1d02a060e86c2971d1d872f9

SHA512
d66852392d405c413c5d8822f42a3a4450a6a5ef87518ccc08c0ae1b021d1fb063a9ee3dc1f2a82ef55c946bb8cb84e85051fead5078b136a79a475d2bff518b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c3dd6ddcc0896c93691ccbd2f2d74fa6

SHA1
21d687364b33159be27a38fe54a2f7848ccd03f8

SHA256
01bed624d1ab4ba8643fd7d9d5b4d19bc7b4681623ff04d9343eb0985e5d2296

SHA512
d2f8b435688d74412fbaffef832f4fb14c3ee6b438c7171eccf138bc1ba0ad7ff46cae49265450d40a1c5fc88b6d3bfec9f2d17f5848e29f557f6c92752de088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
64a1f4d81c2bc742a457e1e2f11c5823

SHA1
8ebdb8ac2b50165b7ec203b42c903cd8995c34a6

SHA256
5f9418664faba4a822586ee5e1a7a6fbd742bfd119372357cb118ccd0e82c539

SHA512
ae71aaaf66c7641291cfabefc5137728115430f28ce74932784dd60d195497c0fe99804abcdfcc7b1d90da3804df52ad9854636008c2d76848897a23c121785c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea6bfdf03d67dee8a3725db34f585a6b

SHA1
277aed4f75900f061532e57e064b3c0c069389a3

SHA256
fcfb122cfc09df90f9a7b03cb7e215783d77a3ec024bab09e64027b766395787

SHA512
7706373ffb74c67d10e00816f9482b0f4a36ff3cd036327fa9cfd9012b14c7cd1497b1bbea247920c35641799f03a219a7e952cf3558e516d2c8d5295c120514

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
fd74fbcaa4587bc58c6af25f419d4184

SHA1
2fe3bf5824b2e591f9334f328434a071450fdf03

SHA256
e64337e2bfa1cc24024417c937865b8a5b545c87566bcfa536b0fe3c973f5e8f

SHA512
a506723eaeecabbd7246f38d68860e12984defcf477e7b92b96d38c3834b00c32d0f20b5f1536091d56928a3cce89195c9f176a61fbbd2e3cf500c9438327d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
b3fc5c024e0f1bd30eeb97d8a330a394

SHA1
96b275415aca58f8514af424734b21896777ed22

SHA256
0a3763c532ea7e2ec1957f29f855d8244f3cf76588dc76f0f2774192d8bbdeef

SHA512
7f0c78a3bf01c10a888b0ba128f2d0bf775b5de793766043f482474d06cd7830fd6e13b875f1021051ecb82f5e5788908fe702bd6a2d9dfe1c432b38d27aa32a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
86a93b34114f9cf98af63402adce4a1a

SHA1
ac96d670aaf1518384f22362e0af867313550bed

SHA256
ff2ab726e9214923b19e245920f146e0737f6e34e1023827018ef07151796074

SHA512
d3a2ab71a5d5de772b0e2426016667c639ec0b55194f83c7e3181e0d5a50a045b65ad7319d63f4fd0fbb7f76a1f38308fb608f795036e2378b5265bf5125ac03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588131.TMP

Filesize
203B

MD5
71af14d932067c6c9aa2f48ef769679d

SHA1
22fdfb52109bf7dd96116c38464ccec3be77e12d

SHA256
2f8e8e96a1e0e09e48ec36b95957ff470b3d5245b0fe72caff43c4fd63a5a9bd

SHA512
00989fc37839fe9ae36b377a7b0b46e83dd6be21301189e3e9d6a4db46e231e4da73da6c3c039379741a52388d3df68ca2504930ffa83875aa7935bb66bcf4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
fff029eda3eaccea0fc6eba58acfef49

SHA1
d603c472c3fa7a36a87e2e89ca9b7527394eaf9b

SHA256
170e36913eccff57c7e0ffdebb741e586c9fdd2682a177fafac2ac326e7bb659

SHA512
d6a3a8c20ed9405c6c2c3cb704daa0d196a77422027c97e8a04b467f97cafa85203e19e4673677143b203517cd5e82f54bcf0bf0b0eba60ddfddbe48b701d227

Download Submit