hxxps://flight[.]beehiiv[.]net/v2/clicks/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9[.]eyJ1cmwiOiJodHRwczovL3Nob3dlcmdsYXNzaGF3YWlpLmNvbS9hZG1pbi8yZjNmP3V0bV9zb3VyY2U9dmFtcHMtbmV3c2xldHRlci04YmU0MjUuYmVlaGlpdi5jb20mdXRtX21lZGl1bT1yZWZlcnJhbCZ1dG1fY2FtcGFpZ249bmV3LXBvc3QiLCJwb3N0X2lkIjoiMWIzZWIxMTktZmNkMC00MDc1LWE2MzEtMzgyYTdkMDQyOTZmIiwicHVibGljYXRpb25faWQiOiJiZWI1NGU2NS00Y2I0LTQ5MzEtYjM0MS1lMzBjYzdjMGFmNGEiLCJ2aXNpdF90b2tlbiI6IjI5YTNiZjA2LWI4MTEtNDYyZS05MzY3LTFkOTdkMWVlZjY3OSIsImlhdCI6MTcwOTY3ODczMiwiaXNzIjoib3JjaGlkIn0[.]a_L9bhgdTFm9-XWX_bX6EmQI59sZ5ochihB_MjTAbrA#YW5kZXJzLmEuZXJpa3Nzb25Adm9sdm8uY29t

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://flight.beehiiv.net/v2/clicks/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Nob3dlcmdsYXNzaGF3YWlpLmNvbS9hZG1pbi8yZjNmP3V0bV9zb3VyY2U9dmFtcHMtbmV3c2xldHRlci04YmU0MjUuYmVlaGlpdi5jb20mdXRtX21lZGl1bT1yZWZlcnJhbCZ1dG1fY2FtcGFpZ249bmV3LXBvc3QiLCJwb3N0X2lkIjoiMWIzZWIxMTktZmNkMC00MDc1LWE2MzEtMzgyYTdkMDQyOTZmIiwicHVibGljYXRpb25faWQiOiJiZWI1NGU2NS00Y2I0LTQ5MzEtYjM0MS1lMzBjYzdjMGFmNGEiLCJ2aXNpdF90b2tlbiI6IjI5YTNiZjA2LWI4MTEtNDYyZS05MzY3LTFkOTdkMWVlZjY3OSIsImlhdCI6MTcwOTY3ODczMiwiaXNzIjoib3JjaGlkIn0.a_L9bhgdTFm9-XWX_bX6EmQI59sZ5ochihB_MjTAbrA#YW5kZXJzLmEuZXJpa3Nzb25Adm9sdm8uY29t

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2036	msedge.exe
2036	msedge.exe
2992	msedge.exe
2992	msedge.exe
1440	identity_helper.exe
1440	identity_helper.exe
5920	msedge.exe
5920	msedge.exe
5920	msedge.exe
5920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe
2992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2992 wrote to memory of 932	2992	msedge.exe	87
PID 2992 wrote to memory of 932	2992	msedge.exe	87
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 4396	2992	msedge.exe	88
PID 2992 wrote to memory of 2036	2992	msedge.exe	89
PID 2992 wrote to memory of 2036	2992	msedge.exe	89
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90
PID 2992 wrote to memory of 376	2992	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://flight.beehiiv.net/v2/clicks/eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1cmwiOiJodHRwczovL3Nob3dlcmdsYXNzaGF3YWlpLmNvbS9hZG1pbi8yZjNmP3V0bV9zb3VyY2U9dmFtcHMtbmV3c2xldHRlci04YmU0MjUuYmVlaGlpdi5jb20mdXRtX21lZGl1bT1yZWZlcnJhbCZ1dG1fY2FtcGFpZ249bmV3LXBvc3QiLCJwb3N0X2lkIjoiMWIzZWIxMTktZmNkMC00MDc1LWE2MzEtMzgyYTdkMDQyOTZmIiwicHVibGljYXRpb25faWQiOiJiZWI1NGU2NS00Y2I0LTQ5MzEtYjM0MS1lMzBjYzdjMGFmNGEiLCJ2aXNpdF90b2tlbiI6IjI5YTNiZjA2LWI4MTEtNDYyZS05MzY3LTFkOTdkMWVlZjY3OSIsImlhdCI6MTcwOTY3ODczMiwiaXNzIjoib3JjaGlkIn0.a_L9bhgdTFm9-XWX_bX6EmQI59sZ5ochihB_MjTAbrA#YW5kZXJzLmEuZXJpa3Nzb25Adm9sdm8uY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcaee246f8,0x7ffcaee24708,0x7ffcaee24718
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4773889405485486341,17930842005504402827,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e494d16e4b331d7fc483b3ae3b2e0973

SHA1
d13ca61b6404902b716f7b02f0070dec7f36edbf

SHA256
a43f82254638f7e05d1fea29e83545642f163a7a852f567fb2e94f0634347165

SHA512
016b0ed886b33d010c84ca080d74fa343da110db696655c94b71a4cb8eb8284748dd83e06d0891a6e1e859832b0f1d07748b11d4d1a4576bbe1bee359e218737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0764f5481d3c05f5d391a36463484b49

SHA1
2c96194f04e768ac9d7134bc242808e4d8aeb149

SHA256
cc773d1928f4a87e10944d153c23a7b20222b6795c9a0a09b81a94c1bd026ac3

SHA512
a39e4cb7064fdd7393ffe7bb3a5e672b1bdc14d878cac1c5c9ceb97787454c5a4e7f9ae0020c6d524920caf7eadc9d49e10bee8799d73ee4e8febe7e51e22224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
0845b32e8ceed02d8356da582156b749

SHA1
a9ad2b38c33b5fd738ee5d718a3813214d199b5d

SHA256
7649dd83301ddd5944a148cfdd88991df3f8a572ad646b84571709028bb42889

SHA512
4004cef190d750b8153d426af10d7fb9b893a86d074361f258f2f6ad7181e1a2881b4fcf7567196ed959543308a74d39895e18b22c257caa1093357ff84a9e84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
58c1b0a1e2770580298b2e4db0882ffe

SHA1
2a4d8f9cb3bcb5abb03756dcf60f50377db606b7

SHA256
30b869003d56056ea41ef6d6a4395f9c8d9bae65224d5e3a33d8bd98bfec9eaf

SHA512
2cba525b3d7da4c84e262cf0057cf61fe015e6520744b517b08cf349867aa9ef3beb4fcc99c962cfce6a2a49a3f14b532e012bd51d7a0086cae0893fe9960ad4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f652903655b376e441c57eed60d31ed2

SHA1
b47206ae5170124ee46dd8b8d1601d1747e2cc85

SHA256
218e8532748e42c7227c72110481f8e5b3b86cfe8444e06639f306321789b52b

SHA512
99e0f714dab272faff788b3e4869366862706d9aa2aa4a0d40080001f981d88852d03c09d02d56ab421de9fa5aa7f70d8de8968b438b8a0c2021512982bb8a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
213846ff8c4a644a6083e059c0dafabe

SHA1
eabd1f2b551fdb6a2bf00d2b214a6d32e9fc503f

SHA256
c360bcad0785507abbf0e8ecc21faccdd72d4557b6c419c1c2ae5f4233ae2d5d

SHA512
fd7d1903c88ccd076aedec01db10b89800d1f08e6aa927e4819fe9137bfa7d232c4c289480fdaaa8b78c1be6bf916015989394b08f1be0cc9b5425d4d6eee92e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e67ed62b7df1b5debba8bea3fcafe4ee

SHA1
10b6e0618181a5e39de6b668158f04dd9e0e8ec4

SHA256
b8f2791c5898d56001803f5a02c5758ca7142c0b1703bc51ae073df5177e3c8b

SHA512
2f53208667f388180836f59c315fe7eece6be97e396bc26fc5bb6e2ec201aaf77f0613c03a9499b6d21d1a0a5b6486a0f32380d399a01176824d47c06354d15e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f64519e31766d3d385c9d247aa06c534

SHA1
e89727be49ba95e4db6d00d2580c1586dc05ca41

SHA256
18d31a58616f16ce676ab8f05d0e94a586fdbe1938b7c75fa1db42f72119130e

SHA512
e90ab17bd33ddae1230aaa26b87e6b83fc86272dd398d2a92113a188b6016b4b374638c31cc0baac151bf3d7dd18f5ec3d8752c880eb183a7b5283cb3aafec62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fbbc89d98e05e63ef30f428aad7474d7

SHA1
ed3502eca03ef1bd572bce717079601b5e9df0e1

SHA256
5495c3b2980058a3bffd8e14a11630349d67cbcb2e337c8bfef09e45ca78919e

SHA512
d66451012850145f1705a13bcb84109855ac3380021d8a3385707bb4c39019f646e28a897f799f88a04448e5cf051100f27825e22530449e6ea516b7543e5faf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
699B

MD5
c74f860f66ed83a368a18a9caf0ff8c3

SHA1
7ae59fd0b4c8feeed4b86cf24d6352c00f3113e9

SHA256
74b2a17f760853a32cf0f4492383f4343389176da75cba8214dac4617e136ec0

SHA512
c1bd4dbbfade8a2460f734a083a47e0cfd89c74d4324b743b3a47aac6267a215c24df3da5bab15ca4826e946ea8e9a8949348d86f9c004c5bdb34eebfa9156fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
703B

MD5
d4b28d429d457638233054b21ca24d7d

SHA1
123967e55864c6867a983b86c053112a6145364a

SHA256
1ea7224c88aacc0e77b85df54f73d79c131892fcbeb90c51ed242d7863f91f62

SHA512
dfa13e7366dfe23c81d701ff173ce9d199e59469b5847a97b889627162e02608c4e29a5e73b48af5f4b3737e7937baee5d2ebf5e6c534d06e7b8fe67458c0adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580838.TMP

Filesize
369B

MD5
7ef5f958af9590d8392b5283e1597c30

SHA1
a18ad509a99f4ca687f948e04ca232312a9bad60

SHA256
09f619aff2d57a95f2a7b1202c231d3357be0b6f785923a99978b4b45a576dc7

SHA512
a44d51e9db2321b3966222bdec36024304fd8e0dbbff807a58f0dca35ca09eae96aecf4b7cdf9c65361d86612b30e514185ef94b67ceec1a9f28147ab3680101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df9b441a806aeb209f82b228f8eebcc4

SHA1
6d4932014402fe9c2044e3aee149f5a30ed4c062

SHA256
e8247e554fe3dea9b87d39113fdfe99cd3371838e0a21c55bc338f60c6eeda25

SHA512
ffc37f25a47142530a92b8d11c0151631ef163b41774629bb1257e2c78a90527fa9a16cce282ce3da54e96d0ff96c3c389f9b492316e2c6c6f714e4579d3bb72

Download Submit