a777c2ee5d674998b0b994c4107c1581101d98269c4be374acea9fd009ed69b8

Analysis

max time kernel
146s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html
Size

113KB
MD5

faca62ac5b58a446001fc21aecac4d8b
SHA1

cac0ef0a688bdcb17928c69de724da63ea62582e
SHA256

a777c2ee5d674998b0b994c4107c1581101d98269c4be374acea9fd009ed69b8
SHA512

dda835ef4daea0516c229c1567d42181624c94e215357d4fcce3530346dc92218af9d3b02c9613ffd7958766bedbafeaa32d29af73dc2334c74f2852bc2ca176
SSDEEP

3072:wKo8Njz2S81Ep2svbRd21D6VleByTPBXJ27/P7UHeaA2l51l0:+8R01AkLf

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3416	msedge.exe
3416	msedge.exe
744	msedge.exe
744	msedge.exe
2600	identity_helper.exe
2600	identity_helper.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe
3168	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe
744	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 1956	744	msedge.exe	83
PID 744 wrote to memory of 1956	744	msedge.exe	83
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 4980	744	msedge.exe	84
PID 744 wrote to memory of 3416	744	msedge.exe	85
PID 744 wrote to memory of 3416	744	msedge.exe	85
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86
PID 744 wrote to memory of 2268	744	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\faca62ac5b58a446001fc21aecac4d8b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb566e46f8,0x7ffb566e4708,0x7ffb566e4718
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2508 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:3432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2104 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6516 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6456 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,15699608124360440551,370653658680523747,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:1592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x510
1⤵
PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1baf6f8e-62b2-4f38-9fa3-84936d19a6ae.tmp

Filesize
8KB

MD5
6d833d767f2610e45717340db850dd71

SHA1
1314982e2c6849309ac71c6c3849b56186ff4fc6

SHA256
e6f3fd02aa8e6b9026e1fbcde973ca7ae96aca968d0bd625aee3145e3dc53fea

SHA512
3ea4ebc690f6d5041c7c953c772cdd4e2d4f41669a6fee1e97a524e84766a7d6ea241d4ba8bd68bbe0dc1cab8d9abb8783d1db7d2cfdbe61bcbdd7dbbdb00bcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
57KB

MD5
2b5b5e31c8cae7a87bd2212d04dfb2c4

SHA1
6753096c4c808970acb4a59eace93e4f777b6792

SHA256
7fb5e0939c5fce8e0d8d1440c7f8487331ec6958675ce2562f2f68a61656b96f

SHA512
d6c739df4d749beb16d9e9ef42f3e331922ca910a9176b5709ebc2f8da929b4c9dc9996956250e79470e6073edb2a40a8e609ebb618f3e93abee0b156acd6495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
23KB

MD5
facee74c789253ce2d2a63c6d49aeb94

SHA1
79b895ffb82ba8363f8a67f8380cd6f32a5fb907

SHA256
804c9c6d6384db9e246de900d22b3f4d79a7265bf42ba72513d3a060302b3f10

SHA512
4a1078ed20af2a83f3a3f1893f4f1e6c5f94f8608ad85c50ae232aff6b8eb931167c082ce80dc51da4f116e4cff970571b2d51234f9777ead0d5b9a5de4fa8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5a3cc4218bac7571947b9d97f45e0470

SHA1
31a65ab6dba362c45e01941cc71c9b57ec4be92d

SHA256
143e4f4238c87d92b29e86c2dc863dbed044308f9b12831873fed2b360ef0100

SHA512
4da6bd6c37cfebbdf105eaf8052006376a5dc0cff3b15a9ff2653177b47fba003e72d2dfab552b2463522c177fb8526b7662548e66b0ae6a6bc61252830820ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
2bdcee45fb64e4efa2b60c950725f899

SHA1
4027fa76274146be497ef48c431513750edf0fb9

SHA256
59e91c8cdefc290cff0a9df09bded3c6562a4dd32fd7f78236b45d8f662152a5

SHA512
fec841de4ec5d417dce48d36bf8a746f5f7bed5e0253cf9dcd1ea3252dd9314a4a7ed63f48621617c990aa0013c0178833e6398fd11c6655521e433998d3e38a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
e7ada7d5d93e6da466ea0ff94c2e9d7a

SHA1
b1d27f2516d55f2e9443f1e917090f421f03b55c

SHA256
d170206e7ad19969155259ff6d41c321bc3d829f67d2d63873e209e932ad1732

SHA512
5c16f2693a4deed9bddafb92b69bb64ef9a696dcf23c1232f691f8d7b2c3f94b8752ce5725557a1013045d4e525908224b8b59f0f128eb2408feaeeab32733bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
e6ef810c9304ebf23094b45d8b78147f

SHA1
e0e3476a3de7e41bf30385c7e0d1ed785f1fdc3d

SHA256
769f418d16de9abeeb729aac67a1d1984bb273f608a8886a39b3aaa60c6b97ca

SHA512
a2e189be62ea1306671c9c60f2a205c365b654fafc0a84ca00b7a0f70e4e84fae03bebb46c109a152164c3310842aa46654cb012638c70220c76410e1bfcf539

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e2a99af7dac059ea7e42df3e178f9ca8

SHA1
a56ce3e9efdd77eb12bca74eb9392b6e84ce21f3

SHA256
bb439863bfe080711adae381e9906d11b19ebf9e9e0605445748a97d13bec0dc

SHA512
4c951638c999a016788f1b38a360483cab4c2d1dafd2d0ce57ad8f37a12a572136134e461768e8e2563968d80bbb18d1fc65ef2fb4202e9afd75531c18af262e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6c95524a7294d7fcf8c3f39c6973bee

SHA1
c343976671d8711aa0abb0f260175ab406399ba8

SHA256
24797e6d906ebfeb327902fc265f91934fcc9b310f79f99f5b795254d3401c32

SHA512
7b44758fa85a1f3ec566da68b6f14380354f06b75113bac21de4cdff6dab13e72cc816c1b02239979091c9d050c0d3f68896974e59bf6107cbdafb603d3099a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e282ae9efc05677ef78e08aed646e82

SHA1
08df0f837086af574c3a600f4f574af5924f22f5

SHA256
c8fdab6810d31b898455a1c6fdaba89ffa5f072d28a3ebd0f3b7047d4ae477e9

SHA512
83e083b4632dcef42dadadc00b3eec5ebb0fc99d30dcb19fc2806479d790057bbb024f9a57954302786d4ed858db27da5e9b4d7dec394e6d44debf656da9208d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5552821a1066819ebdb321ff374de86b

SHA1
bf519816594d3086b522473a112eaf5fd919ed5a

SHA256
8bda22440c2b9d711ce02efe4df7abd4a2f6919509344dd28f581e1d5ca65c3e

SHA512
00d497d0f345c68f544244692cf38698393e514e92f17a1d1c4deb53be532146b78a933887efb262805abc653ab7e394b5cae481aa231208ca0b4f6782d45165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bc3d9bb0f1ade45098c296c26e058f51

SHA1
113086e9432d035555f2471fe71b1433b73f9644

SHA256
5768638ea8ca9a02ac70ba307eab95e1be061cddfc77e6afc4c1b1d3bd1a77d0

SHA512
b2b42a6381ddaae46b50c57d30770018446435479b5a9e059327450d9ad03d0fe1f2aa3b6106a9bcccd46de45439c7ee1c3e6df503c2403238bf73da9c6a5309

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58848d.TMP

Filesize
871B

MD5
e971f52ff5c9b632e6512d3e9e7336c9

SHA1
365e7f0bc557149e945d18deec47bf73cedf5a39

SHA256
8a53fd118ed0a8761bc4a2879910b9431475000f28f281a800822ba964bdbf12

SHA512
d69b3ae50f1975520c90a578514497bd654bf00f9659e59708d30df31bc8151a2abbb1b6eb3ab44fab460a95d9bda3e6d808540e29d98b8f807d689629b8a42b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8e52b81f2eef534e83106ae30fb65fd0

SHA1
5318e401428c61f7830b1dcbbda395e4d8792a56

SHA256
2a1cf713e86ee575912dd258d8a6bc7359f2049f3a8b6b76f625c1d239e30576

SHA512
8f7a93a585400be82a67fb08032bc3bbf359fbf20b711d13d0abda095a92aa0e1117315f9f73d661d20877dbdd5e9b555317c71d41746e87a1a230177fe053a4

Download Submit