Overview

overview

6

Static

static

1

URLScan

urlscan

1

https://www.bing.com...

windows7-x64

1

https://www.bing.com...

windows10-2004-x64

6

https://www.bing.com...

android-9-x86

6

https://www.bing.com...

android-10-x64

6

https://www.bing.com...

android-11-x64

1

https://www.bing.com...

macos-10.15-amd64

4

https://www.bing.com...

ubuntu-18.04-amd64

https://www.bing.com...

debian-9-armhf

https://www.bing.com...

debian-9-mips

https://www.bing.com...

debian-9-mipsel

Analysis

  • max time kernel
    145s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2024 06:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://www.bing.com/ck/a?!&&p=664ef6fc6228a6b1JmltdHM9MTcwNjkxODQwMCZpZ3VpZD0wYTBmYWI0ZC1iZTFiLTZhYmMtMzZjMS1iZjU2YmZlYTZiODAmaW5zaWQ9NTE4Mg&ptn=3&ver=2&hsh=3&fclid=0a0fab4d-be1b-6abc-36c1-bf56bfea6b80&psq=ip+logger&u=a1aHR0cHM6Ly9pcGxvZ2dlci5vcmcv&ntb=1

Score
6/10

Malware Config

Signatures

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.bing.com/ck/a?!&&p=664ef6fc6228a6b1JmltdHM9MTcwNjkxODQwMCZpZ3VpZD0wYTBmYWI0ZC1iZTFiLTZhYmMtMzZjMS1iZjU2YmZlYTZiODAmaW5zaWQ9NTE4Mg&ptn=3&ver=2&hsh=3&fclid=0a0fab4d-be1b-6abc-36c1-bf56bfea6b80&psq=ip+logger&u=a1aHR0cHM6Ly9pcGxvZ2dlci5vcmcv&ntb=1
    1⤵
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:820
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbda246f8,0x7ffbbda24708,0x7ffbbda24718
      2⤵
        PID:1960
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:3696
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
        2⤵
          PID:4376
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
          2⤵
            PID:3988
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
            2⤵
              PID:4416
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:1224
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
                2⤵
                  PID:1328
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
                  2⤵
                    PID:2352
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
                    2⤵
                      PID:4684
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6068 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2728
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
                      2⤵
                        PID:3004
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
                        2⤵
                          PID:2512
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
                          2⤵
                            PID:2792
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
                            2⤵
                              PID:1456
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
                              2⤵
                                PID:2708
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
                                2⤵
                                  PID:1152
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
                                  2⤵
                                    PID:5300
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6512 /prefetch:1
                                    2⤵
                                      PID:5292
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
                                      2⤵
                                        PID:5284
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
                                        2⤵
                                          PID:5276
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
                                          2⤵
                                            PID:5580
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
                                            2⤵
                                              PID:5588
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
                                              2⤵
                                                PID:5596
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
                                                2⤵
                                                  PID:5740
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7648 /prefetch:1
                                                  2⤵
                                                    PID:5812
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7848 /prefetch:1
                                                    2⤵
                                                      PID:5884
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7964 /prefetch:1
                                                      2⤵
                                                        PID:5892
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8180 /prefetch:1
                                                        2⤵
                                                          PID:6028
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8404 /prefetch:1
                                                          2⤵
                                                            PID:4948
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8200 /prefetch:1
                                                            2⤵
                                                              PID:6128
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
                                                              2⤵
                                                                PID:5208
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8876 /prefetch:1
                                                                2⤵
                                                                  PID:6228
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8092 /prefetch:1
                                                                  2⤵
                                                                    PID:6300
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8660 /prefetch:1
                                                                    2⤵
                                                                      PID:6828
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,12625439597366540382,2849350443823901175,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7876 /prefetch:2
                                                                      2⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:6636
                                                                  • C:\Windows\System32\CompPkgSrv.exe
                                                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                    1⤵
                                                                      PID:1100
                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                      1⤵
                                                                        PID:4932

                                                                      Network

                                                                      MITRE ATT&CK Enterprise v15

                                                                      Replay Monitor

                                                                      Loading Replay Monitor...

                                                                      Downloads

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                        Filesize

                                                                        152B

                                                                        MD5

                                                                        3e71d66ce903fcba6050e4b99b624fa7

                                                                        SHA1

                                                                        139d274762405b422eab698da8cc85f405922de5

                                                                        SHA256

                                                                        53b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3

                                                                        SHA512

                                                                        17e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                        Filesize

                                                                        672B

                                                                        MD5

                                                                        e8cfc31a2a928d4880657e351e581859

                                                                        SHA1

                                                                        e78fd5dc64a3cb8ed962de37bb73b1cba3364d52

                                                                        SHA256

                                                                        77bc09cb95c616e0e842b0ed1fa53dee9a8d4b131dbe8acc0930d8fce9a3125f

                                                                        SHA512

                                                                        49c8133a08694decd6eccd67a2c46bfe0e465fcfc2b2c3c112f8792412148e83b66ba61615f213f327e1a5a7af5362004344143b295d4beeb10c52d9bb896804

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                        Filesize

                                                                        8KB

                                                                        MD5

                                                                        2388b42f3d53e7aa42f954854e2b03bc

                                                                        SHA1

                                                                        fe206547e92ad7f5a550b46ee1d412e395512b16

                                                                        SHA256

                                                                        6f67262b09de091acb1e895426a01965511a7037351b342ee1a1db6b7ebcf320

                                                                        SHA512

                                                                        cf3b0f4e3ba92fbfd3297769610424676faa42101dd5f9ee497597d77f9fee7eacc4eae7eb1afbec051b886d3244262884283327976aa702125af820ce7bfad8

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        5KB

                                                                        MD5

                                                                        25a8aa217ee053595c2d963f0dcc97fa

                                                                        SHA1

                                                                        24620b315928a8e02b2bb41d50ec8e97987f076f

                                                                        SHA256

                                                                        ff5fa81b4de0669a760b7fc1080d6d23960d9a32a92f16e6cf5085c183ba623f

                                                                        SHA512

                                                                        3d44721d2c42c4f2b27a396c1927bbc45837ed22c78581b27acf9248281cabb53d8a742e84fe5cce48e2c9de26eb9333876fbd91ed165dda1784407505a85811

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        7KB

                                                                        MD5

                                                                        71b68966612126c8740e4d03c2511f15

                                                                        SHA1

                                                                        3d437eca848c86cbf20e2fc87adc94b5b76c6dd9

                                                                        SHA256

                                                                        a20e7a2082c2c51db752742ed6b219eb242fc9defa005ed2631206c7c423aca1

                                                                        SHA512

                                                                        5e02228c89dd1988fadc99976a5bc7abd1bc993554a20d51ce5713aa7c4dbe4647e8e07fee4ea1d6ea3958de39fd66a65b7404b47cb1cb88243d4bdf85b715f2

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                        Filesize

                                                                        14KB

                                                                        MD5

                                                                        708d8dabad5189523e3e45ea17b4ec1d

                                                                        SHA1

                                                                        11da33e9753b8bbc8bfd907d1c021468cd9cb426

                                                                        SHA256

                                                                        5fab98f95ce29db448ce5d255e66cfbeb1c6de4b9ffa58caca9b9b51e89690c3

                                                                        SHA512

                                                                        28675deab73ff11eebdd2543724699ba776c99a2a27159a514fe4890c64b0023b43192f8c71d797b5069bbea6f154f81c9e07e7ba610cf04bff0ad2813536a0e

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                                                                        Filesize

                                                                        24KB

                                                                        MD5

                                                                        1b1b142e24215f033793d1311e24f6e6

                                                                        SHA1

                                                                        74e23cffbf03f3f0c430e6f4481e740c55a48587

                                                                        SHA256

                                                                        3dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1

                                                                        SHA512

                                                                        a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        2cf7c7a85aec10bdcddc0d9484f64475

                                                                        SHA1

                                                                        4c9e6dbc02427a2bd04522454221f174dce71e0e

                                                                        SHA256

                                                                        e05f9feceb60f63d9a1f9212f957c4979212f889b76c0c7e9d09793c86e46a31

                                                                        SHA512

                                                                        52fb9508b49a79e0dac20c0c8958d3a66908b366e0469257843b609eb0093ed77cddcb46c83fe5a8fb8513012f68784574a865f0adf6a4dedf8154d13b61880b

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                        Filesize

                                                                        3KB

                                                                        MD5

                                                                        8ad9566a820e123be9488dbe607f8015

                                                                        SHA1

                                                                        2ea63f307d6edb2abd6570044d2f829536b375d5

                                                                        SHA256

                                                                        529de6b93a5eb39b55b8245d7566c292420e5b0ba3a906052370ec3206006fc1

                                                                        SHA512

                                                                        0399d4ded6a6cb9827eb6535ce78b4fc7ec4ac59980231b4af39fac156f61d5463fe9d2a5b1f8fd1cf2a8e315a88c40dbf6f80497db77134a9ebc28ad4a12450

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579ec0.TMP
                                                                        Filesize

                                                                        1KB

                                                                        MD5

                                                                        d68086a5420e3b73c3b742d7a0a534ed

                                                                        SHA1

                                                                        ff8a89a5a8521fd4ffceadf26fd9eae53dc9e28b

                                                                        SHA256

                                                                        ba48a87cde0486ceffe79a376d51a7c2bcc26f25fb7efbbc8fa56b46b88ea655

                                                                        SHA512

                                                                        ebfde92cfdd99f00eb6f4e09b8d727aea9f52160e6660a25aa86a577186e95a6813f9396051a28e37721a5f5d1a8bb97888b5fde2a930a8ff8c194d8e1d95901

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                        Filesize

                                                                        16B

                                                                        MD5

                                                                        6752a1d65b201c13b62ea44016eb221f

                                                                        SHA1

                                                                        58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                        SHA256

                                                                        0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                        SHA512

                                                                        9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        0f0df03a44396aacf881144e7b74492f

                                                                        SHA1

                                                                        d68555282f9b3a281c37318d0bd123e4e000f205

                                                                        SHA256

                                                                        0460be8992e81c70e431cbf7980360731fefbbfbcf50a7ad67b51b48db49f8ef

                                                                        SHA512

                                                                        90f147a2fc77a171b052a3b2f4729f02c89bb4d3d11762f6fa968d5513ea32370b975468b7ae622128d5b2e91edcdf56ab2034c25fb4ddda803cf4b9cf8f1cfc

                                                                        Download Submit

                                                                      • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                        Filesize

                                                                        10KB

                                                                        MD5

                                                                        b61e65bfeb5511a451a22a4c5bc5cc28

                                                                        SHA1

                                                                        d4f7f1dc9dde49e6614e29e983da91baac3fad1c

                                                                        SHA256

                                                                        3a48a77c6277e927d2534090a80c2b5e4d50b4a16b6d9eb2873f91cdea9b815e

                                                                        SHA512

                                                                        32e84b65d77b624cec6adb558ed4b33cf1b6938ce4d9bd369ebaf7bdc72689dd49d6690491386be89b1f27865dc231dd155e3f26caf66a7ea54465fbcdc6b80d

                                                                        Download Submit