71d23a3819daec4a1ae392df35e6c7dac4701f1b2f128ceefb69529444d21ae7

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2025 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html
Size

218KB
MD5

53c8dc12b8f1eda02a50c1aaa8ec04e9
SHA1

a3cb00dd5311ace182a3afca493f551eaa5849c5
SHA256

71d23a3819daec4a1ae392df35e6c7dac4701f1b2f128ceefb69529444d21ae7
SHA512

ce9a3390d437052a1e544838a66366aef64779b174d85da525d5ca8efbbfded2dddc64752baea52a676762e7532abd6e70d57b2f158d3a66edfc7a6f643f035d
SSDEEP

6144:j/LACnhE8GoVkVPJuSWaPnUExszEz+RLmAxrfP35xTGYpXYm9XfVzwNPqj6XVYVv:jLACnhtVUJuSWaPnUExszEz+RLmAxrfl

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
29	sites.google.com
38	sites.google.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4012	msedge.exe
4012	msedge.exe
3044	msedge.exe
3044	msedge.exe
6140	identity_helper.exe
6140	identity_helper.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe
5220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe
3044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 4720	3044	msedge.exe	82
PID 3044 wrote to memory of 4720	3044	msedge.exe	82
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 816	3044	msedge.exe	83
PID 3044 wrote to memory of 4012	3044	msedge.exe	84
PID 3044 wrote to memory of 4012	3044	msedge.exe	84
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85
PID 3044 wrote to memory of 3496	3044	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_53c8dc12b8f1eda02a50c1aaa8ec04e9.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff7fd646f8,0x7fff7fd64708,0x7fff7fd64718
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2352 /prefetch:2
  2⤵
  PID:816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4204 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:4320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7268 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8904 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,4426737285610726957,3822234982371122591,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6884 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
57KB

MD5
2b5b5e31c8cae7a87bd2212d04dfb2c4

SHA1
6753096c4c808970acb4a59eace93e4f777b6792

SHA256
7fb5e0939c5fce8e0d8d1440c7f8487331ec6958675ce2562f2f68a61656b96f

SHA512
d6c739df4d749beb16d9e9ef42f3e331922ca910a9176b5709ebc2f8da929b4c9dc9996956250e79470e6073edb2a40a8e609ebb618f3e93abee0b156acd6495

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
50KB

MD5
e6ad753a82fdc788050af77fca673b05

SHA1
6aefa50b2c26efc0f2882259a61fa821787f67c5

SHA256
497818d0b5caa89097f3373acfd01110705688091301770a58bc8963514bb167

SHA512
88dc9e4ed92bdf0f9083fe1650cb5fe1592c57393af0e010081c09362da6112f6a28ca73ce31de3f33573f22a8e413b16b013c9a825b62034e0ffbf906d25172

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
23KB

MD5
314d29b70141e3b8bb7b72d563930aae

SHA1
5743d5e7ad11bb92834e04263b015f62753f0a79

SHA256
98a88c23d36b5bb9c76ca611187354dbd2f5e4b99973cc18080883ee0a39031e

SHA512
36cf65b3da1c4abe64767475409b69358ba6a4352a2fb0c71c32b07d4a59f733b2127bbd7772f39b5915e1cec6ce8fedc71cb09afedcd96a57e03c0de189b263

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
744B

MD5
77997c45f622ab1071fd754b564440c9

SHA1
8ef42afcf59f22fa29ba9668143a9d010cf40027

SHA256
f09658cdc0adca6894da7b7c412b0e177aeb2ad9a2e54f08de5e871c9339a563

SHA512
2504f4d0bf1b1b451071f399ea21bd4fce95bcddb4717e77e185563ec58520a3d896262531c8975fd78bce7ba73802df00b924d57c8eb2e5bbb6be0d97918693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
e52e1f82b8a54b84aaa8864ce4d157fe

SHA1
fb0736b6292506cadc875152b16305480abea971

SHA256
7cbeccf54c6b26ec306a021967ab4730ab697a91630f5ddf4c2317df131716fc

SHA512
9fbd55e3f273fe762424e1799500363e65450b8df3aa57173ee362659d1619a2ef20c553f3317bc8e89a9a68cb673d5d13215e05502b7612fee2ddb33aee38a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
df5e877cbaf6040e93359c0f4bf3c2d3

SHA1
7b991f2d89495cb42c4f44cc929192c9627b1bb3

SHA256
d6bdcf78d017afc5cdee1f9fac74555629315206d29be352ef10b5478e8986ab

SHA512
a7610ce139d12b53d7ee9ccb2789d135b71726acd3a7c990ff56f20430d6961e17687c86329f5b774432f8af825897f11e18973f436555c21ce654754e96ec51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9ac6710323df8dae85ddb39943ea1797

SHA1
b1db3a33de8a060fba7cae383e2b0ee8a71ac89e

SHA256
67e6115630dadbbea92fe3717b3030fbffb5635f099fca88a1a5be4ad301d0ed

SHA512
21cbee2edbaf5e3d1a9a238f75f15f31dae46b19676976b71cd61026319e221e270ad05916117426e08fe6bb568e7e5eaad050282617628de64b0c4357a04b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
009aa20808f0dfdd9b024abf4ead8f97

SHA1
076aee9b480bb72e298cff215b217aa083868a5c

SHA256
df097c9053aba1b3ede68abb499389ea313848a832ef02a2d0d636d7bc11deb1

SHA512
423d7a86183bd8dafdb990a90a4a0d36a4ad82f70773b47abade123d3982fb2ff7415429b0338befbc14689278b940858bb887385b815f0f4758214b168f9169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0ef6e76c1705b7790ef4dcdd99f2fdc

SHA1
571a2b796a71b966376620e2de3681e436df0b42

SHA256
042c42d1c604267e59d4965a59c29f80c7436227d649c936f34ffb211e8bd8dd

SHA512
c838ca1e6c1d08b82a29b3681a8f51ca1565c4ed4e9307637755a5e59b90db3696703bbbd3a6a10923a473f642abdb6f8a9c0987b26d72f11a595b600795967b

Download Submit