e9b466ed6223dcef40362312a19c5b2e70a30bb2b83f92e0255a27983998d9bf

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2025, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_75d3045044edebca736af885c1c3f332.html
Size

129KB
MD5

75d3045044edebca736af885c1c3f332
SHA1

325457ea9b35092dbcf94c9eb4917d5cdaa98027
SHA256

e9b466ed6223dcef40362312a19c5b2e70a30bb2b83f92e0255a27983998d9bf
SHA512

8b54b108fda8c5f6f45151048614263d295c847a7eacd1767426214a42e5f472cdc313eec74601e1d584e6fa4ceb04ee9deef3f85d4a5c7d64d3c2d3dc00b504
SSDEEP

768:2fk1ATx+Bw24Tp7VN6X5iXhWcVI0Hoy57EUJ3uCmWDrODQPydd7rxq0pa7XE6cVi:2hHN6X1cVvo1UJdcFpa7XHcDOpthaq

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_26757352\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1651324118\data.txt	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1651324118\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_26757352\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\edge_autofill_global_block_list.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\v1FieldTypes.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_26757352\LICENSE	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_26757352\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\safety_tips.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_26757352\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\autofill_bypass_cache_forms.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\regex_patterns.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\typosquatting_list.pb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1651324118\manifest.json	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133865019472299429"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-814918696-1585701690-3140955116-1000\{5115845F-85C0-4F8F-8C82-8A71E2B718A4}	msedge.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4540	msedge.exe
4540	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe
5324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5324 wrote to memory of 5276	5324	msedge.exe	85
PID 5324 wrote to memory of 5276	5324	msedge.exe	85
PID 5324 wrote to memory of 3896	5324	msedge.exe	87
PID 5324 wrote to memory of 3896	5324	msedge.exe	87
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 5628	5324	msedge.exe	88
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89
PID 5324 wrote to memory of 4416	5324	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_75d3045044edebca736af885c1c3f332.html
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7fff1490f208,0x7fff1490f214,0x7fff1490f220
  2⤵
  PID:5276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2240,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=2236 /prefetch:2
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3496,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=5212,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=5176,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5516,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5724,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5776 /prefetch:8
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5740,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:5560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5820,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5840,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6536,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6464,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6492 /prefetch:8
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6588 /prefetch:8
  2⤵
  PID:5580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3816,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6168,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6444 /prefetch:8
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=760,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1888,i,725688518417858277,17594671088841877281,262144 --variations-seed-version --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  PID:3544

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1651324118\manifest.json

Filesize
52B

MD5
8c32b9f390fcc4f061885661dbe797bd

SHA1
c681595df03f9f74ec600e70069c879daf2ca923

SHA256
1431c36e66b4fc53ca74e9b10ea0213245631ad7543fef183a8dd2720a5b4ab4

SHA512
e8bbde18d5de7fe2a8162951d3fe75460efbee71afffb4c0c22f2088dee146fb6bfcccae18d4955608e60a7df716eeb47c0687f45344b45130b368eeaf316418

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1668100277\manifest.json

Filesize
72B

MD5
a30b19bb414d78fff00fc7855d6ed5fd

SHA1
2a6408f2829e964c578751bf29ec4f702412c11e

SHA256
9811cd3e1fbf80feb6a52ad2141fc1096165a100c2d5846dd48f9ed612c6fc9f

SHA512
66b6db60e9e6f3059d1a47db14f05d35587aa2019bc06e6cf352dfbb237d9dfe6dce7cb21c9127320a7fdca5b9d3eb21e799abe6a926ae51b5f62cf646c30490

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\autofill_bypass_cache_forms.json

Filesize
175B

MD5
8060c129d08468ed3f3f3d09f13540ce

SHA1
f979419a76d5abfc89007d91f35412420aeae611

SHA256
b32bfdb89e35959aaf3e61ae58d0be1da94a12b6667e281c9567295efdd92f92

SHA512
99d0d9c816a680d7c0a28845aab7e8f33084688b1f3be4845f9cca596384b7a0811b9586c86ba9152de54cafcdea5871a6febbee1d5b3df6c778cdcb66f42cfa

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping5324_1853194044\manifest.json

Filesize
119B

MD5
f3eb631411fea6b5f0f0d369e1236cb3

SHA1
8366d7cddf1c1ab8ba541e884475697e7028b4e0

SHA256
ebbc79d0fccf58eeaeee58e3acbd3b327c06b5b62fc83ef0128804b00a7025d0

SHA512
4830e03d643b0474726ef93ad379814f4b54471e882c1aec5be17a0147f04cfbe031f8d74960a80be6b6491d3427eca3f06bc88cc06740c2ad4eb08e4d3e4338

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\edge_autofill_global_block_list.json

Filesize
4KB

MD5
afb6f8315b244d03b262d28e1c5f6fae

SHA1
a92aaff896f4c07bdea5c5d0ab6fdb035e9ec71e

SHA256
a3bcb682dd63c048cd9ca88c49100333651b4f50de43b60ec681de5f8208d742

SHA512
d80e232da16f94a93cfe95339f0db4ff4f385e0aa2ba9cbd454e43666a915f8e730b615085b45cc7c029aa45803e5aca61b86e63dac0cf5f1128beed431f9df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Autofill\4.0.1.14\v1FieldTypes.json

Filesize
509KB

MD5
630f694f05bdfb788a9731d59b7a5bfe

SHA1
689c0e95aaefcbaca002f4e60c51c3610d100b67

SHA256
ad6fdee06aa37e3af6034af935f74b58c1933752478026ceeccf47dc506c8779

SHA512
6ee64baab1af4551851dcef549b49ec1442aa0b67d2149ac9338dc1fe0082ee24f4611fcc76d6b8abeb828ad957a9fa847cbc9c98cdf42dd410d046686b3769b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
60d40d2b37759323c10800b75df359b8

SHA1
f5890e7d8fc1976fe036fea293832d2e9968c05c

SHA256
c3a2f26d5aef8b5ed1d23b59ed6fce952b48194bed69e108a48f78aec72126e0

SHA512
0c339563594cc9f930a64903281589886308d4412ee267e976520a58d86b2c339d7b2320e1b3fd6fbf81f092ff1735f0710c669af2986ea5b63d2c1e0a6df902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
4ea27d45a9d8cde4fb7eebac09013850

SHA1
310fadbe8a30623816ddab16afd39582f06a3ef7

SHA256
f23e8391b431df99f8312d81a09dab6c47a13c98441730c01db1fe1a5ac12c6f

SHA512
8a85a00e1859d775960ec1f3cdc13e9c6e6445c73ef71202375eb20d8cd235d2144fd7a94a4224ab9e84e08c53c56952285812cab3151f1c73e2871af1164be9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57f04b.TMP

Filesize
3KB

MD5
f410823224ef5086bd03639c478fb44f

SHA1
8d1790ad0262deb4fd69ebafd7a2df8cf0b1b8cf

SHA256
78fb2084dd6e51609558c8a0fd13cd3fde9ebf6b8fac888b7708bcb620e94d22

SHA512
217d6aa48319c0b2dce6568ca042c37d42896d2de76a532f0aa7f2ce0ff25741f6c45706af515b4f71914a5210462c12488b45534d735a174aceb6c7180c7844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
9a38093d74728b1d06643b7bdff7c396

SHA1
d5739ceeadc8a76f43e33dcceffd3b09ebbd41c2

SHA256
7890565a005686bad2ce130f8e314b525e5575c84a4555250490f965712865fa

SHA512
cd55eacac272024917def6e50dd0744dfc6a378b74b3fa384f0b3e3da9adde0a6d32bb588abbafeb77d65daa2b907ae8fecbadd98ea43f67cef4f848862e5098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
bae4770740f5a8edb73c8fde8bdc9375

SHA1
ba336518a2d70da812c066db79b09fbf45a02595

SHA256
4e17a4ad3191f6374df78c3faf296c03a973c36ebc19fd583a75cf6177ed0daf

SHA512
052965a6abc1ccd086434910c38b0d3b9e4fb96356b59da77ed1a0e3295696248f62cb5a6ca9c13fd812f232a0cd45c6ce5712b91036ced4fc01f3d628592599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
3059dc08aa55073ad4f5631ac40c3903

SHA1
a726e3a1aab398cd974e82d38b7fe881b11148f7

SHA256
7b8fc3b918f2f970b950282c5728f1c6f1950b9985c6a08dd772a3366fa85d58

SHA512
1556e6f4033be63e8c26a2a30db4162baee1460bd58bf8a1b6ed5c0e7e004a0c08a8605b011aea8e50628968da9571a2d3530290f67d4bad03e56b29f8476e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
4eda5571353a982c19b40e01c23d020f

SHA1
8470b5d132f1c1339fdb03c589169299c53d9351

SHA256
c28fb6fb5ff0c6fe65f0e42ddf6efda75cfe2e861235c86b04680e4cbb673fb7

SHA512
4587fe00569c7b8cfb00019592227bb921c1a385c9d3ae61a9a6e506908a377a74bc5a62836dca252051efba76053d640492cf20c41c3574e111b0f5f4ab3826

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
15e70221af85a7e197c8fb5720b3c935

SHA1
29747f283d2be3851e56740193eda438f1e3a55f

SHA256
34534211baa33a18efc81a208a122cb506a8f9088e4f9279c3912bb308c4cea1

SHA512
f29866eb1f01d84e85e678094fe67f1d64e91ad86816edd95cd888a9ba1b81402d225f10543442ce626d7d6ba9d2082916ad46fb7d2a23cc2b8497973894308c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
28dc17617a231a941c9751b276fa5cb8

SHA1
bd3b0dea70f69c340d535de82bf0d51d6c6ffa26

SHA256
dd7958ba74c906e4e93dce94c8f15bc20917fd7f37837e77f6c2b15a068302a6

SHA512
a748d170cda358063cb59a57fd2222433de6427570901a9fe215daa72e6f62ef7fa565474253f3007d284666aaf5999530c5f107cf27b40285fa386ff051c1ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
65B

MD5
f012cdf7eed009b6531e662c6b34787d

SHA1
b0cf0127db406b6184aa1230ceaef87f6d0f7c01

SHA256
26e78cb8e189406e12ca36d7fe0eee3d0757dcb21dd8c84917e09c50bff3b708

SHA512
89ab98a58175d02e277f293cd9cd021d3dffd012d12bd15f4163b6a90216d6bc3fabeaf18fbefb17b9d007eb734624065a9ce52fa418ee5216d4250c588573f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe57a112.TMP

Filesize
129B

MD5
37ea379a6a04f791ed10fdffa895f751

SHA1
f1a6ab0202000ad366622acf49defe83c45d9932

SHA256
2879ddbcfa6eb2d7b6cce6396f6c69a65ad4baceb8f221a4cf17925c7c531257

SHA512
920a2249d07d7535d339fd95c714ac2da5793df444e3b8e4e0b6da014faa80c4b4970fee0ed86815947f6fba3037cd4a8be700cb4ff40086840e742e254c1e77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.9\data.txt

Filesize
112KB

MD5
fd8717bad7cd0f60163e7c2b05210aaa

SHA1
1dd620b2a4b49d16a63d3b73495bbb0388cbdbc9

SHA256
d5facea6ed705ea08962d52a30ebf38f6d42aea50a7af21b103d0388b7dae34a

SHA512
7b3d3867977b04efce86c5cce45ae0125d25344fa85347a83977faaa9ecd205774a976be63d6af48b953b4ca355405aa090d6db482073f77d71607c948acb5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
460B

MD5
244cde88180871bc47b39598a1683e7d

SHA1
0369061136d1212b85af1d97bf7d2e8bac59de5d

SHA256
3313b7323e0b1f51dfc86f67053361ad29d2d0b07c8b34e19080e6fa400d5997

SHA512
f32a3cbae57285556de9a073355ba452fe1a4eeaa4fce0bbc3a138319e29b1e406109ad60782bc5bcc4c1416f3111788ef0fb82e4f196567b2454a93b4c131bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
1380d6e91e7a39209181dfe1c0217335

SHA1
0c10679fdad67417b54c6cac99df150d006a83e1

SHA256
c365c098068f6d5db98fcfbfbe75c84fe0673ce03dfa59a559ef8657c368c84f

SHA512
95a78af33471992a010dc48f8f4bd9f2aa515027da23ef08ea105d5d0f4931261000ff382678379ea3a12d3b7c438b8f2517308a83d68253c699c6cffaf621ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
a545cdb41834348a344d28835a81aa7e

SHA1
ea64ac173188521abb1d430f3ccf9ed2a6d0832e

SHA256
57f41cd55f6ddfbd6c1c83e30b624beeb5859822dc5d5ed57f219ad9ee0dd18b

SHA512
68ba221af0cc5d06df3e05965bc46dc676abd6cfb7fe8f795089d2d23ce527d81a47dcfff6a0c48e543f08de424e7995beb56b1f99a9bd05df8b2d521b24fbb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
4b794a3985b6c894d1a1a2f2e1a2f5a8

SHA1
93d722095c77efe88eae667ae201b7539dc66e8f

SHA256
72539980c65e438ea418b98dba09b4b18613164b90d2d44941306e7878761246

SHA512
1df06aa5a2c6b4856b2d22b67c6bbb8d3b902dddb6b58236ba767160730eae7a10856c67bec5bff7fe4a858460182ae3c81949b87353adea1cea4cec169ecd3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\safety_tips.pb

Filesize
163KB

MD5
bd6846ffa7f4cf897b5323e4a5dcd551

SHA1
a6596cdc8de199492791faa39ce6096cf39295cd

SHA256
854b7eb22303ec3c920966732bc29f58140a82e1101dffe2702252af0f185666

SHA512
aa19b278f7211ffaf16b14b59d509ce6b80708e2bb5af87d98848747de4cba13b6626135dd3ec7aabd51b4c2cfb46ed96800a520d2dae8af8105054b6cd40e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SafetyTips\3057\typosquatting_list.pb

Filesize
3KB

MD5
17c10dbe88d84b9309e6d151923ce116

SHA1
9ad2553c061ddcc07e6f66ce4f9e30290c056bdf

SHA256
3ad368c74c9bb5da4d4750866f16d361b0675a6b6dc4e06e2edd72488663450e

SHA512
ad8ed3797941c9cad21ae2af03b77ce06a23931d9c059fe880935e2b07c08f85fc628e39873fb352c07714b4e44328799b264f4adb3513975add4e6b67e4a63c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
dc760a251b35e4bdff50c14d11a891a1

SHA1
215d010135e4e39eb7781117dfb69b815073640b

SHA256
4244987ccb2bbef281b25806b2ca23a526b6b92b1385a0ebed6a389b23834d04

SHA512
7a536ae5e9f0566bc6acc1d56250aeee2c633dffb23b65e9ec9c79001c4a85d1987403aa6231aa2b4a3f3381277f802509c5e8aafb2b2d79f6f96a9de163c233

Download Submit