hxxps://www[.]anime-sharing[.]com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave[.]1392984/

Resubmissions

16/11/2023, 04:29

231116-e3748sfe88 1

16/11/2023, 04:26

231116-e2kmjsgg6z 1

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 04:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.anime-sharing.com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave.1392984/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2056	msedge.exe
2056	msedge.exe
4440	msedge.exe
4440	msedge.exe
980	identity_helper.exe
980	identity_helper.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe
4440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4440 wrote to memory of 4420	4440	msedge.exe	55
PID 4440 wrote to memory of 4420	4440	msedge.exe	55
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 5048	4440	msedge.exe	88
PID 4440 wrote to memory of 2056	4440	msedge.exe	87
PID 4440 wrote to memory of 2056	4440	msedge.exe	87
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89
PID 4440 wrote to memory of 3156	4440	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.anime-sharing.com/threads/%F0%9F%94%A5new%E2%9A%A1-15-nov-2023-nupuryusoft-udonge-in-interspecies-cave.1392984/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc733c46f8,0x7ffc733c4708,0x7ffc733c4718
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5720 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1384 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2944 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:6020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6768 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:4352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6920 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,4279590865495051342,9422058334788346733,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6568 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3076

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
38KB

MD5
588303e7ef20b77b22a544232a5077f4

SHA1
4f5c7044e9501434ac1b45729b2dc0cdb1441c2e

SHA256
e17428348e9add4422ea3e9433a3ef18af5e8565f7ed0cd98ff9dbfd74698d25

SHA512
69c4285f90aec7995883b3967bc4326128b252fe32e1bf439af9cb61896f4a269595ed45d0adbe247a6887897c7e8c22a8c1553ebab31caf5958d8ea4d688cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
23KB

MD5
f28411fb02772482c00e5be2e1b9d8c9

SHA1
07777e135311668485579a54561b3c0634593944

SHA256
b476155a11e03f9018ba3e9350ad5247d01926ebc0b6939e96c477d916b98231

SHA512
7d43a99cf09c743c8d8a724d0413d2d541cc47eaa598a46e76753a1c671289ee641b6a75121b5c94a90140c824d6551db8c8401bf9712dcc75c975d301c6993b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rapidgator.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_rapidgator.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
de3f815d370a2d9f48ea4abff1c2fe01

SHA1
3812d191b78f205c0d24e5904357f36b9e06c849

SHA256
6a20945c8f23c7e0ee3a91c91d3732b088112341273f03651e55e311471a3211

SHA512
54bfd2e1ed8a7da976af79dc586b061e1df1770d3f30ea426eb95f8d59c98dc864697827654e1816dc06cfc7550ec14f68df04f715c3b3431bb896f788d6b3b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
6456f599779bc601953868052dcc85ff

SHA1
09049469ae555186acc7edd59dd7b899882f5da4

SHA256
4093fd8fc82bfe9d938628e8c16c06392f927125ca68bf503a0fa95c8a3cac66

SHA512
7198ae1582346d15290f5ea989ac9ed64a51c73ce50a085024b9448dad415596078291726581c622fa626218f03dc5d3652e87d62ab3735424bfbe864f499a35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1c0bfd6e7b11a1f1040f53668441bef

SHA1
19e4a3695fad0aee126970b1ba34c395d26cb997

SHA256
c0f32edb0e3c6ef718b85a9502897c6f53ccb98d8ba29d248d654f579eb09ef2

SHA512
ff014e10e8eefb4ab58dc09385fc293f64a558e914e30164380eb5e907f6806b7145069e7fa226ae84376d59f6b9eacce7f511397a169e974cdafbe6ae229670

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7597458c64835951b64da07f8d9af62d

SHA1
f3f3eaa0d0b310874129b0110def18df085ba4be

SHA256
d800c326f9242846736967de0fd815b2956040d62d0205be3957bee8e88a205d

SHA512
3cda4dfdfe576769ac7b8d7be3d4dbfcc5bd3c06a2ac3654199d9636190241364657c1218905e42fd4ae02ff7781da26e6edcd8601eb612c666424368287138f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
56442841e776fb1ca65fe8a0729ae426

SHA1
ca1bb98a6bae79a352e7c580ba2dbee9141e5aa9

SHA256
f8296d92db09d69802898485f197194b277e56c96f3aad5562821fa7a6a3de23

SHA512
aa9143a2705f9ff6db42ee8c45e5bf00b8841376b73f4c5eec879dc6a50c7365569f0113f69ed52a9d193850034e3e4cddab3e748fa485ff4a23d8ac56a79d9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f5d1d09bd46bdfaaedc129adca971b48

SHA1
ca94307af43e1e13edb3eabd14a0f4d180b4b161

SHA256
041decc87db8a7a090725eae14a285b38977fc2d78e0a06a61b5c22d17a2ae07

SHA512
49aad2e90641413aad377c4bd18dfcd391cf564358259043aa567b87d7668c2bb012d8abaf8ae7bb0b466ede831906ae33a560a9fb7c2d095f873b98df0d205c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
70edd43970ee5b046679a92f11d029a7

SHA1
40add6181a51f164453a612d54061245bc43d41d

SHA256
0bf4c628c041286990b01db243fc17ac927788a967d86f03dfcc255a4843776f

SHA512
8328abe142b2b809bba45d9b1b06fd969c175847febfb278a50e7e14ffb85d0d8f1e7b385c377065a84c2df69bb7d3a906da5166b62db3ec95bc52b9c29b3eeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aee11fcb1135f7c2f98f9fcfa1770733

SHA1
64b35234e651b3e5c583f10aa07ca6aa5a9c2bcd

SHA256
beb20bd909d1daca6ae242680533c7ccc8aa5a332b3b5085ef3d6996ef4ddc24

SHA512
ead00c06acd76cfcfdb6e188f0acace10071d00e6714e6e5374b9d2fc87209fac98e53dde2e822f14e35a19c57f6aa17932d6c99a62d627cde63c5587112399d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9ab86180856b31c9a38c929e6527cf0d

SHA1
24a37e7747770f41e9644477918cfaefd48594fc

SHA256
65f308e45fbe9b535bc28ba6e1219d50cfc0ce78933c793b2b512e2b1cc2b642

SHA512
0000b29f508899b6655353091cf3dffc220c5e401e7664788a57b07aeb2f8540ab22f30b82f3f10bf50514951177376ba7cb4e68a129ff357986b65d1515f398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
77e45ddc76e101fa56d70a686a62d9c3

SHA1
607586ac508fbe95a4a116cfeb57d78cc4df83e4

SHA256
37e8abc13c89e9a0bd0483ef0bbf42f523f1074ecc99e196187917c9487611d2

SHA512
e09fe82a2aaabe3563bd5a378fab1c60beea74eb802092d8d25b429049b0eba63e6a1af42e3b75447711ad08d8434cdd0b8dc694209581c5e6acf32def7a7df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\3f5b3f46-0631-4091-9e1b-9f07a84d13a7\index-dir\the-real-index

Filesize
72B

MD5
b9a612b46628b9cb5e09e620af7b92d5

SHA1
996323854190cc1718cafe7f7fcaabf97f2de370

SHA256
e5628faeeab7be00161a6b2469d3626b648eb5dfad76ad9938c0e12b1bba2621

SHA512
63b625c32a5ee4f92b56f80928d6fe124b8808859f7b4c34c664e6bea3c717d897f9419f1763bdb161daba30f0dfb26c1844444cb57c332a7b1f844de1c551b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\3f5b3f46-0631-4091-9e1b-9f07a84d13a7\index-dir\the-real-index~RFe57bd74.TMP

Filesize
48B

MD5
f51178c4db8267a83ac2b4cfafed982c

SHA1
2ec2d3a0f3afcc0f23c32724dfdcf91b5ff9e821

SHA256
31ae322fe88778d81e17a7f310a9a23445a2521d532469438d695934250c343a

SHA512
0f1c7a8581246c4442ef1ba64aca1370532a5154580bac9b493bdaf98817cc6f0a5a2534f516cbdda0b581cb784bb278fae5c0997b42a0c5693f5a09dc0a2766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\index.txt

Filesize
97B

MD5
17b4cb77bc2908ed1c858773d701af30

SHA1
388f729d15e8efcaeb84df0902bd4ee18e61b330

SHA256
42deb7c6d7ab4dd0d09563b42cab33b680269717a1b3ac844bf9b1c58f8ac0cf

SHA512
3a8f8768b19f680eb3ed8b18080ce2482f8ff559a0fa5f9a6879ccc5fef5b7c7d1ee820ebaded1178ab9fc911807387572c7b05e97ba542e44d33630e3bd8562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\507b70164d6e6cb60df3592be3e443a7adc28bd7\index.txt

Filesize
91B

MD5
c79dd74986a872640a5b329e92767ca5

SHA1
67d3b00e71f669ae88e5ab03886eb0083661acb9

SHA256
cbe10aacaa9ad4e39d3a82e918ac469cbb582730b37611a99ab5202969aee8e2

SHA512
06eef9b8a8c903a772e0509955c6ca29ee4d348939561bea9fd921755e8ac5b02105c7ea5e878bddd354fbdd3aead758e58e6fffc9d4722fc3df7853d8413a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a23f1e92ecbfc6b7bd1da842f85d89c9

SHA1
850b15d31920f7340c513c066401a0cbfd21a24b

SHA256
198f838a5158d6dfd88c213b0821bfbd980f83e86f232f5afb5a725e36798867

SHA512
c6f99f5f3a94acc619059a53769f4ad933f32a323dabb2ba75757b8bfaec2669374b7e04adf93b87dcb1abab1c673d8065349ae001c3f0e71769f0669e9a53b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57bb61.TMP

Filesize
72B

MD5
8de93723da091aec8dc0547b43c905da

SHA1
a938b911ba2554c9e68c8c4ba0fdef8eeaf5ffd1

SHA256
c60dd7e8c51fb040a017624ca839023027fc53113063ff99cd444f66ec3e2878

SHA512
431fdf5b79f6e9bef54343506902672d2cf4b205f691d0adbaa110e625df1330951ee4589363ad9bfebc330fdad5732c3970c1548af38d7bca17f01ff40b4b91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
0ec06e0467c089f6c848563d3b3f9b78

SHA1
0c992183cbe8b7ec97f125f7e973f1fa4137611b

SHA256
ddfd56a5539b6333592520667a99077f81dae1707654dd61a78389004158547e

SHA512
289ad107e791e6315202dda584a05a476f38aa272c44326b32a55bc43e34ecc9f5ae421e6e7fcbd3b78745b3ca481c310d2f9e2ff9d5f1cdd118348ea6ed6f72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cf432efdaadc6280aaa11bf09a2dc192

SHA1
c7b7b50bde7de469ca7a53f95e2e5f7b91e87f9d

SHA256
98232bbb2f520999cefd1368ec7e28ad857fb665ec5b0620369a9a86e7943652

SHA512
5865289efb57071016cc0f82a3a3929311b4a35e8df0aa6431443c7da0717ee00cedca53c919c3b02fcf05b5cc2df1ea90efbae38b69efe63ead363c0584ecbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
ef0a9d5463ec8c320e150114ca7bb3f0

SHA1
cfa71af50e15a3863f98e7f852702da8eef5fdcc

SHA256
b34cd3655297f3256da728b8e7762692f6133c6354b657c72e776294664f55e8

SHA512
366a8a23a53051253fd432b59ee2398631a30d17de3b7eeeacc994b3ef4ce1f05542c0e491914bb48eea7abd1149b0cfa118bf260ec8bd1404c3a499e0db3413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
870B

MD5
44e9fd6357bcbc4dfa5d78dc70176174

SHA1
a5497bdbe1b9d4355dbaf08d61d2f6e530d69754

SHA256
dcbf522df6c9c5703546964a289486a4b9c99cb9b22f39807b7d2a94198fdeb4

SHA512
b47a9fe8caf2a33ed9b8d29c311bb9569a08c848549383a86fd7953ef54688e26095f082ea1a6c3e2f99672b7a62d88537edd54ac022fab4339ddd4b80baad6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe17.TMP

Filesize
367B

MD5
650a7fb2f41b4cb0cc923cf3f2654bf4

SHA1
2d812a22a3700428f5d42f769b37fe6eeab827b5

SHA256
c10229d88df801d14cafa256cabe79312a3fd87fff181d685c9ba961d7d137fc

SHA512
f14bfa2ce80b80364313cd90b76551ac8b25297afd0c3346d7112317451386439edee44426564d841c47cc9c29251e2183c42160768c89691296c0c9814da45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a992d51478e8d3d34f38725fc01dc2a0

SHA1
406dc7b07b22394d0e6cd8712b2879f5ae53fc57

SHA256
a8b3325b388485375985602ba7c34863fad02e7a8fb17c5661c06aed2d44e39e

SHA512
8c889a750e56c268fbe71fb06bd50f3f31b0b04bff1bd8098fd3c86ad5186c83ec48ad0e6af2df0d8510e9df49a99d4045cdaa98c76eb719c637d85d6e8b2f18

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
f1936980c766e5ce6bc816a6d632d639

SHA1
d31354eca495d7577e5884a5b94498b6f428b8bc

SHA256
cbf9375af84f64b7661ddc86214dff885aa1a562d9bac7871ba67226e5e7a042

SHA512
1f9c97584ea96b594e2931c1b781cb8e1aa3501a742e149f601a2e077c9faf95a1ba1fc7fe3db1d549b282e4ec80c1b1499dd7dfd524824e4364b102aa417b0d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
42fbfbf560ded7b3a4335a1ea8bf4e5b

SHA1
0f7d728f4329e7605e0ed86f982f4d5dd9cb2edc

SHA256
ca538208c82f9599b0ea16f4fc506c779299eabf6e840f3cfec2505e092d6627

SHA512
e4c1c5fec7dac6c3bc7ea50f049e4f914939f08c5a2a9a0ee24675017df67da89427283498d17f21010fd79c0ad27fc8ba729242ff91cc0c5c4c29006d02bbd6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
80ec4d01eace64c82d1bc72313989001

SHA1
2e9dbf1fc93b08ff6ceb242c4760a6f501cfe4ae

SHA256
cccfd6356e8d61622233257437dc4355746be9e9f25a7bc33fa98ce04e822e49

SHA512
86307a24eb63a8ab3eaff0f6f156fcfd50be4d5234a6fe7243d5c0e5a357df56e75f36f9a0dfe5c0ed42536e9bd95eef2c2197d92399729f4abbe8bc68e735f2

Download Submit