hxxps://www[.]justfashionnow[.]com/collections/hot-sale?cartseeHrefTrace=10002&utm_source=CartSee&utm_medium=Email&utm_campaign=Campaign_113253&cid=6KdK6KQF34CaC9h9TvkIEs&uuid=26167db8-4e13-4bdd-9310-ae57631fc69e&cs_type=Email&cs_traces=1yqe2AU53nTSDn2Sz8wVnuSacfdNKlbPQRUcFvuZh5e9thaklzQdlyR2LIKD7Pkgp&coupon=245693

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 13:44

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.justfashionnow.com/collections/hot-sale?cartseeHrefTrace=10002&utm_source=CartSee&utm_medium=Email&utm_campaign=Campaign_113253&cid=6KdK6KQF34CaC9h9TvkIEs&uuid=26167db8-4e13-4bdd-9310-ae57631fc69e&cs_type=Email&cs_traces=1yqe2AU53nTSDn2Sz8wVnuSacfdNKlbPQRUcFvuZh5e9thaklzQdlyR2LIKD7Pkgp&coupon=245693

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{55E16498-D95E-442B-ADEE-032AC54362E0}	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4408	msedge.exe
4408	msedge.exe
5572	identity_helper.exe
5572	identity_helper.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe
3728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 5312	4100	msedge.exe	89
PID 4100 wrote to memory of 5312	4100	msedge.exe	89
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2872	4100	msedge.exe	91
PID 4100 wrote to memory of 2240	4100	msedge.exe	92
PID 4100 wrote to memory of 2240	4100	msedge.exe	92
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93
PID 4100 wrote to memory of 1680	4100	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.justfashionnow.com/collections/hot-sale?cartseeHrefTrace=10002&utm_source=CartSee&utm_medium=Email&utm_campaign=Campaign_113253&cid=6KdK6KQF34CaC9h9TvkIEs&uuid=26167db8-4e13-4bdd-9310-ae57631fc69e&cs_type=Email&cs_traces=1yqe2AU53nTSDn2Sz8wVnuSacfdNKlbPQRUcFvuZh5e9thaklzQdlyR2LIKD7Pkgp&coupon=245693
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x40,0x108,0x7ffe08dc46f8,0x7ffe08dc4708,0x7ffe08dc4718
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
  2⤵
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5096 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:5600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
  2⤵
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7204 /prefetch:1
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6728 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,9077424389813191395,277563467275078795,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3032 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5144

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1764

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3d4 0x300
1⤵
PID:3364

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
407cae8138022df2b0235a9526b751d4

SHA1
86eeac4e8192741e32e503081bf0bade8e579bc4

SHA256
3b98254c13c3371d8afcd6ddfd8fd8421198175ba7dc562d435eb2b0b312e37e

SHA512
3c2f331c34d6e8e3466ae2aa317bcb25899aea4fbfd3d34b4087efb713da290f97407e73416387d69d6e77ce6c17e371facf508d2e87d64422348367f0695b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.justfashionnow.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
8KB

MD5
cf2753693ef232bfe4572c33fdbb446a

SHA1
0f0ad4826cd738ee3791b4a1f2ed18eb4824652b

SHA256
5035c77a4691603ccd8afdf1375c184c68b92f4b9383f8557c8b885954f33e9e

SHA512
b30bed7b508cef1c11e06e9e20fb11b81e16386c4372ad256ee6a857734d20944fd5f012f246494246c85e8b9ac8890459ed6b8514901a04b97e7be6b0db5549

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f3e76b438a38eb48cbcae35c1511ba7d

SHA1
2c2212dcd3cf85bd4eff1b28f4e5fab89bd1a31a

SHA256
bcb706ae428afec4b3bbedc5616ed5a2be64c6d809cbfea0df5073330d4f5607

SHA512
f63be3270e9d8efde8079a8bcb8c3cf6269441c48fe4430adff421f98cae4b660bceaa73720277ae2841745b58f523f6515bfbb5ca8327e75149e22fa536f7be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a896f94aa2dd497a4d54160707c89e56

SHA1
102a6187c069201ebd13bbff40aeaa87918a2d7c

SHA256
998952bc3a85c39e6201e04db770cd2ef30bc03af26a944d62d15769047d50d9

SHA512
0fd6770b898ccefc86f7b0378e46a7a026b7f80077ae8909c131693a6fc148e74e76a57927925f062d85b7c7bbffad27b52e7eb7560e3f3848890e005a0e182a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f329057aff6feec184679c2cf8320ef9

SHA1
13d88b04b0a16bdedb8b1f5fb0b3ef22246f690a

SHA256
7a5886f0f6550a32b558eba5e9855d6eae357d1ac2e8794b533b49e4f2b29ad8

SHA512
64df4d142d1fa6556c9e74ca7f7ca5a2163404f8e3d4728779e0f213d974e23fe8f87f618860f596ad6029ebea0012c20752c67cde370cf933e8a8d3f70b3fe7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6f660f2a3f91e26b44af420f80b4e7a20c8745d9\index.txt

Filesize
97B

MD5
3cf243cca25cff7f88bb89c067ba253c

SHA1
714528423888ed5f9c291b8e809e2e9b8ce0d04c

SHA256
e4a1ff9c14bb356b64640ba519c873e09ef519bf75652522e2ecc8df255c1720

SHA512
7cece4997756c383223620aa4e39ce3a8d9f52bf977fa97804077f1dbfe2895a202cb2abf6846f01c7cc7ca967c92087abf866715c4a181f929eadbcab73e4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\6f660f2a3f91e26b44af420f80b4e7a20c8745d9\index.txt

Filesize
90B

MD5
5dc96c29df510e06c537282aba3f6950

SHA1
ec16a9a2b26fbf5e0b56ea3e63591f20527a8022

SHA256
8e0391ba3db91475fab16dcb54b14c50a048945575599e609dd81125a680b1a9

SHA512
ac3afce3bbeee36c732a6335d06fc6637d91d4e67317ec945a8f21e3f12ba43694ac28480321cc6d96330cef8478176000b806125e2fb6bf0d83865644f90761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
9fa287defd4c9eb1215f491a2c9b063f

SHA1
507674e74eb2acbc5a073cc7ad8d9a26946c634a

SHA256
50724fa8fe16e77154c281305b71d5be330dbd3b4aa0086186e5619a4a3bbf91

SHA512
716cb658a46ef52281d09e21dd655290cc0dbbfbfe7879a8c36042d836b81d17de91bd2fd51bcd00d18134625cbd5c80f98824987f0ec8d326b72ec426ac08ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57aa88.TMP

Filesize
48B

MD5
c257d2aa6fd526d53e5196040e18cf2c

SHA1
c322a65f7b7721b1673fe50217613af79c5a4637

SHA256
5fd38ae928b8a3fe2507be67dccfe2e027d10052293b2dfb58733185c6d8b818

SHA512
afb61c3352c261e3ce047aa209f256829a8a242881581eb17e4a10d50497dcfb21ed0c405eb6df5947ec9d9ed5f8ed31fc7878ff3ae1a9ce260a8d98adee448e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
e1bd275a8ffc38425c11c6599dce21b0

SHA1
27722d9e6b23aee5bf4fbe9de4e3b257e7f14a76

SHA256
20538086b6cc2e0c9a92fd9aa3072f89946dda45b50dc586f9358e002c24caf4

SHA512
a7c8c37a290c836630852792162f9756ebe25d6b18e0af37f0834804419dc2f7d0b872745fc7c7b2b8dfed97394bf6732227eb551acefecf485c3bce7f78532c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
f9aea3d127a8135dc6df89aeb54b5b29

SHA1
3159c023e51ee689d4d772f4f7e305847d1fe0d4

SHA256
8a1c05fb85ddf2247bd881dca489e55b349693635811ca45afcb2a167c66da54

SHA512
5c9378e89b454cee690b388e9bf15ef3eb670fad12b0a21b25e29a6a8d5433c02399ed733c7b443d4ad5287b869e8d8dd32be0a1b887e45e02bae66f01d70abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8b8f7094d5e9a9871131d49198f39cd8

SHA1
e27af89d9da0704c642eac6011ba43591bb64f2c

SHA256
f56f8391b63e11fe00d085fd927d89f5fea16fdcc80d6574ab4757e6ff8d8a73

SHA512
ec1f7f5cb34a69962a01a86f7fb83a3d1f6c05b6827547d222296f72ecae5916af8ee690ef1de38763d859b1eab50d9dbf73a06591db76982bc392fe754ab48d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
3e34136f1956892a0ff077d56a130657

SHA1
49bcffd4f7d26b848e4ae0a91446f590c60bff76

SHA256
6f6c6abf2449b34952fd89d1893ee747961871dff68574447d46bc2462f15f74

SHA512
3404e831839390bf07eb7a0b6edb5a0d5805ae8b646f82773d37f4106650f842e09956c800b9122bdf77fa3bb8afb9842edafdbd386e953740b447cf317ae23c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f51b24ac3e4f922222dff177422343ff

SHA1
81f81d4e837e27e9264fe15922fe3a3e54316f09

SHA256
94137caa9bee4609b73d6ba1be50df2f77eac9d4918b759fca8e9550ea2fad2b

SHA512
44b04520e4dcd6c0d543599088d2e5a86acefe221c802c758e07e74b4c71701f534e8c1d90cdec54368874332ab3274e6cc0eb1ca662a4e1909ada521478f977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578155.TMP

Filesize
3KB

MD5
251dd7c7771ad1371479a97851b8a00f

SHA1
fdff67bf1077b2f1c7f3e7ccd443535d961c1aca

SHA256
ec04bd87fb9a135894fb8366e3a99c8c3765ee0d492df77bdcd37fe1f631e538

SHA512
a6e6158e2e0660a95d0163b5a599a45f6bb1ed0e0cd84aa940fb96dbf3203b82fa5e8bd51596ab00b16553cf10c5a481cd83e66a24c14acdc952f1316ebc1932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ff2678c5a3eb3b072530d72a6c900703

SHA1
d9b5c88f7a258f4d7233e1a634e19df7177721ec

SHA256
0c80f876a884253fbf05391e5528b75336b0991e0ac88cb03d8186116da34038

SHA512
a093415de3af3fb3f143a0dd5df8515312e08691baf1eeb966ef54f6d26366bd5ab344f1c3e70384b3b64c02e7ae0e528d0642a984f61899c0adbde80c4e983b

Download Submit