49d49c39750d005b2359ea5a591d7bc274c16e8f003cf492cb140e12952cd30a

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_a0d2b8e11fd0c5a9a2e7ff539eb75d08.html
Size

67KB
MD5

a0d2b8e11fd0c5a9a2e7ff539eb75d08
SHA1

38d07859acf6e1c240b56f4b6b23f0ff20c3a902
SHA256

49d49c39750d005b2359ea5a591d7bc274c16e8f003cf492cb140e12952cd30a
SHA512

5001d91bfee2c421568409ddd6295c4731375827f83e6eeb89bd237d38d1052da083b00bcc02b6eccaf246e037e79e2fbdfd5119d132ee53121d2ee31b9411b0
SSDEEP

1536:1wgr8VkeO3g+GtFn3dUzdnkdUQdn0dUQdnSdUQdnjdUQdn7dUQdncdUQdnnyiIzo:heO3g+GSyiIzTCb3boPg41te

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
4416	msedge.exe
4416	msedge.exe
4844	identity_helper.exe
4844	identity_helper.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe
4416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 4852	4416	msedge.exe	85
PID 4416 wrote to memory of 4852	4416	msedge.exe	85
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 4900	4416	msedge.exe	86
PID 4416 wrote to memory of 2424	4416	msedge.exe	87
PID 4416 wrote to memory of 2424	4416	msedge.exe	87
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88
PID 4416 wrote to memory of 556	4416	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_a0d2b8e11fd0c5a9a2e7ff539eb75d08.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc1efb46f8,0x7ffc1efb4708,0x7ffc1efb4718
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4120 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2736 /prefetch:1
  2⤵
  PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1920 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,18371613620122299047,17715517020109715984,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5280 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\009b672d-1419-4a64-8873-8e4cffe864a3.tmp

Filesize
203B

MD5
6437f961ae54c70acc38b76435a3594f

SHA1
85f0f0abbf7e4440b44e48b6aeda7122cd76f0cb

SHA256
8731872107d180e5de9004545987bcdfb7b8b74e2eac534c6ee5d6cd7f3caa1c

SHA512
f3f2416ac6ce9538fc5139f000046b5890a3327210e88840e51a3f1682ba3a654987bf0c0610f76e342ef4e94924e2adc3f81b233b87f9cabfc64aec814e2eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
7e98564be3c2fbfe5d55ebceef08fb8b

SHA1
4b35415b61c5ed813f615475df2d513f5dc73d5f

SHA256
b9a21d15fe5b99b73ccfd9f8df4213debb40456341e1e71d0848b3602cad2ad8

SHA512
4878d6d53441aab8c306b67a0e4051fe9fa0aa5377d6ff806c6e86fffb042c41a82efd7135754d9af1d6fc571fd23e3da37e680eb4bf983ce08de72421b0259e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
24KB

MD5
6f88e0acf364bcced69551c51e43160c

SHA1
ecf4b895761924cf9484082468542dde7d4ca07d

SHA256
4e2de0f9e32729e186e38e00adf0451bd067ac30cbdeedc7ec9f5f0c1dcff7c7

SHA512
7939c71ae5cd6a3ee127c81f633f4073c875d349476c2254c37bfdd1cfd762bd848df7fe97c6179a9a440fe8dc3ef131315cb8cb98c0fd8edb298c9b3501df45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
17KB

MD5
ea096715efabbd9767964bc6a953e939

SHA1
70550e515be904d3f43fab16dff26cacaad5840a

SHA256
a6d49b300942513deac29e58405d4ef06de3951aa7ac82745ce7ee074341a9c9

SHA512
322b55e8642e0ff0db36d31a0d6ff3b83b090cc38e332264610ffd6bce6fc59721f312d18d4085fed998d4fd1faacadd0fc1d15a853fb253053d964d60f43609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
23KB

MD5
fc8a61d0fdf391190a2a95bfd115b972

SHA1
284543434f80467576aa3978fa60a9295998fef5

SHA256
d605289715a9c176d8a1f5c1d88d6896f30f85b279ffb46ede0ad7c2f49e6f3c

SHA512
646546b74ca1ee53be9a8ebccee692536b4ee702df112fdffb9e3d6ace12f062e85350151d4d064cd0dda93a8d7657ae6be6c906a97f667a65699da28b7008c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
113dab110a0e84b88ec461d5edaa12cf

SHA1
7654e7dd73cd31935c4e1a66a33c58dadf1c1124

SHA256
da0db25c865683f3640d06e0a426d3a22b50cc8fe33325c969e372fd4957726f

SHA512
9b03639a8213429639f67e50094365a5c01b9910d29005832588fc37fe111b360b520eb260f4d0642bd3340c26301e12a450c228eff9f61fb29a012b5c8dcd59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
02ff9de2957ad1d139077813f6c0ea80

SHA1
384fee886f5c514726f40598a0172db9db2d9b47

SHA256
8b080c181b44ccd41fecf7faab82caa32fc096a7753e387b660c3351ba177bf1

SHA512
2ead9df09eef57f6180319272e1e8d4afba33aa8e9501aac2e0b6925d9138a3575714661e890453395e056961235d64ecb271c2bfa680d3ce5204cc26140519b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
44KB

MD5
4a0114459c104344a0919941588d39a4

SHA1
ffc3ab48a5f5135569ec70343320614c88486f94

SHA256
616acea55ed6ce3092596ee89fcce736d61e4716c321b4e136e2bdb8246eda6d

SHA512
c6b1d1359f8fd638e219c8dede0e0e05522853c808cdb666bdd0e5665437b9e1ee7af65305970aef07273f3c425a2bd7ba526e0cc3507741c0f0058dafc1c846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
52KB

MD5
f9ad6fffe23fad04422671cf2fa4a661

SHA1
b8366163961f1689411636988a73dbc16d13ff3c

SHA256
f0ca592df98944df58f4c281890809d30fd2117e471b8021ff138314efef5dab

SHA512
e9d95f4f0eeed04413a1d798161d1c20d876f5ea4440c13e9fa356a562e931f98d84b3f6a907d6541cf6bbbd7e84f0e106b48fe2f5fcce77d66f70e114834aa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
65KB

MD5
e829205382f08ea68c09fd109fc3917f

SHA1
d1ca2e30043a82e37899cbe91ed0ce210c499bb5

SHA256
e9956904982901d6d2b1482a7fc8b2732de78d879ac013454240c5a1c2fcf159

SHA512
271d2f9b1f3e50412b7208b435e8ae13c66633f1ad176e38aa04749575c1794537b82a2b8fce7dc10f167cf16a5aac0232c9b3c463ea3b685b3674a18646760a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
128KB

MD5
20c1a279a5c4b9567a81e12943d8b26e

SHA1
2b35c9990f8ae79c05c39f6f508295365d31a2ad

SHA256
9fb476cde7c9006b6d12155370bd483dad6eb5e4a6bd10b95c45cab16773098a

SHA512
6338ef1fec306d621f562b295bf0c09430e289d2430b68653da6acb8acc031ba1e04d846636b1d3be4c19ad8ce38af35cae7e55eeff4f6602d114ad831320250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
ee49728939f948c728db0894ec218216

SHA1
dfa68833c4ead04cca9b070af9d2ddfc8e522016

SHA256
a324c439051a1807b3a77e56ca32b74a9d67bbf7cf27efa587c49a9ecf1b282b

SHA512
4287a5b20af3f11fd4f83308097c18205a2bdfc0c986178581fc3876abbbf3e19fcd44b75ca29548b30e283f5b941181801db41fabd65e0c84c7e1a99a91a721

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
eb32ec9ac0af01c8dadbe74d57770bec

SHA1
b7e1f0965c45d972cbf388cf44664af305f68d3f

SHA256
233506cc0aba2a1202b934d7ea9ea90ccc4fdf356e1022051ecd6a21f63c7eac

SHA512
2abd4e46b28bda53a49f89c60a7eeb0c93631382cb51c9cf431c23ba27cf0595e3424bb21f51937f5ffa07f4039f3612b59018242c4f683b87edaeccd7e6a937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
3778e222bf1f7453ff9b6bd43154d611

SHA1
3668965e2cf3de81be4570865c2948f7d1ed34e9

SHA256
89a4f46956c103692f3009841253346e04fc8399a079670c90009b8f0ceb1028

SHA512
ac96dea1231cb2263c20b5139207ef07fd9e302d0a000dc8935f8d7ebdc2609e03bcb597f0d4d66bae741eed6f704b1a401ea13a79be87b48da82e303f97f9f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
f91a55cec08fc3d2878f30cc20d10fbf

SHA1
6e2e23aa1d7e02055c975ca6dbd930cb02fa2127

SHA256
7675edb088841615b5e9f6867c6954873af4d1d9276d482e8c4edb39c8f079c2

SHA512
bb3f5cb1f3364565d7c83edfdc05102c339b30d42bd02fd290dc0d89941025da89c4f73a200f6454c1b2012a84d3b6a5b38152dc4f69c4c88b84b2f97885b607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
0a1ce692b77584828a360eb7b5cecd86

SHA1
2f6a0f85fc23be6f7004954698b01695f5b8d032

SHA256
a44151599cb4fd867599601102dd0c764bc89d7d43e01de0d96ca67d84c4563b

SHA512
67e8c7fc0b908bbc11e5f73e2f6c2cd7b5577afc369b2f4dfa5491ba34daa58636628d098ae9a7862bd6df2121f2fd45a330625592e72e746a4a4d74d423fa9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
74153001c18b1c7d2dce9a541e4c4a20

SHA1
f5c8c1c8f7624d8b0a94885f225cf284b59b58e6

SHA256
b867d7fff63a96dbcff5d722ccfd87fb0f9be8b53f1a6b6698d740b0d12c61eb

SHA512
f66983ba504d301fc547f34169fda312a547b0c3b32f577fa50b4ba9b9f2b2963f390cb28239607cdb22b1f092aaca931ae3f82d81c6b48db63c2e7939da4713

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
36bad41c3725f7f4b4aa5d429851aed3

SHA1
7d5bc2662a66cbbad529d5f0546add46a4df46c5

SHA256
09551ff80f5a535b5db623eb86e4acd8cf41f8b846a4230e44243589cc7cde2a

SHA512
fb78be3239bcfb4ec8b8335e69bea96cb722180f71a81de44612ffaf156a341fa583491925fa92391aa5ec3cdc63702b4e9012ee735ac5c9af706cc2d5f5b1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4c470501df747651393984784d9b04a3

SHA1
ca962915dc50a064e95ab998ba1ce64c9fc00e2d

SHA256
b69993b5a9dcea596b819f254e108bbe138b104deeb1e03663be12a3e79ebf55

SHA512
01ef1d47e2a65bfdea7dd96f9c398d6ee7aa0d7ab935bbfebb2cd9667ae30f2728913d6698e21182db2d873a99f2fe0d0f43bc506e54faf44050989fb638fcd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e676fc13573a6d39128981e406575a43

SHA1
28097e11c43e75f4f1f7234603208a811fb7aaf1

SHA256
82850e6094d0c27a06741da67f9e7e01d5c4636c80d2070ce52f20ecd4caa95a

SHA512
4c5badf3ac0a397934c269dba8e63963b73ee806fb7257de6f8b6a7dd334fd6bef2fa33cc9c5a2f240d2521144fe56bc34853c8ab3726192c783e1ba2792e4d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6be7625d9b2072d04e1368b40f1bb8ac

SHA1
3d7ae83cefa94dd1702adcbd5c16ec08946ec394

SHA256
341ab90d98595ef3654174580cef1632d3d775e309f89f4ff64acfeb32672e88

SHA512
7d0c5e7249eaaba0c7dfbb4b216e2c4326d50cd841b797d71dd5a6059c41c21477ccf7b6f97356e71d8ffae317ef476eec84d034816e4c9cc77accbc3017759a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
456b878d02a0d45e1f9bc8ad9968f38a

SHA1
910cc2532a401caa9e1418ea75fc922a85b185dd

SHA256
c0e378d9427fd6348ac19a0f5bf78b70bc39a2dc25ded822d3711f4518e25aa0

SHA512
178707e244950ce7c36d4aa98d431a47cde4755c9101db478c02bc57e821ffc4309a40fb471581bd487760de2f5bae019393ff5c1185d1a4e35407df80b58d7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
d4cb7a633210765dc7996760e51c4427

SHA1
be86c8dda1f83e49ceff6299d585ef06df0e103b

SHA256
c24700a0655ed65b9c2a224f83675f91810906c9330034f689ccb5aac074ec65

SHA512
2b88561aec8f7b470584297e547fcdba60f30d6b795343e73425fe1cc296605263ebad62ecae8303f02fb2cebee4ce442bd97ae2c726e0f4d21748fb495f7ffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
203B

MD5
4b1d38bd7dea8684a27b5410ef9477d9

SHA1
a76d394bea5f2117012fd50c5e652da08fe3ff2a

SHA256
88ff514d797cf6b2314b35adfc451a1e20509bf59f5cbfe781058cb6a4184205

SHA512
2edb41e74679035f1db8e0c425c3ba74befbf913893553d12afc9b890b024b6eead2a049f6d4a92966589665cc4f87f9f744e9c47d106da0e561766a5c164ae9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583776.TMP

Filesize
203B

MD5
5c880e828756698e7c0dc8a972802d25

SHA1
550f9b5bf08badea435af611117e495184d2de32

SHA256
f5f8dc104d411119cbf3ea2fa4c34b751ed8297b1d740ac6ff5690c1362dc059

SHA512
7d82781176e07fa88a463f3c931dc45afa7e4a976d6fd6773690ad790b573d9e7794f4cb77ce51c0acde0f6eeaee97da1f1daa6f2af9a9f48ca890f705cd74a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2ab0689baeff1f63481180491cfe1715

SHA1
6e3d237f9d202be88eb71c2efa6233d5d576355b

SHA256
7f82e94d6545bae9bb0dea14088769d8df3a5d6cfae06753e9c7cc3d08e9a8dc

SHA512
5054563486d417b61b27e3550d67ad0703e2d06fa6bec38dcaaf677a2addaca919fa030356d3c270121d5495702d5f83b296a7333b25e073d17b7b24b3848592

Download Submit