Overview
overview
6Static
static
1.url
windows7-x64
6.url
windows10-2004-x64
3api.js
windows7-x64
1api.js
windows10-2004-x64
1api/uc.js
windows7-x64
1api/uc.js
windows10-2004-x64
1api/uc_api_db.js
windows7-x64
1api/uc_api_db.js
windows10-2004-x64
1api/新云软件.url
windows7-x64
1api/新云软件.url
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/sec...ex.htm
windows7-x64
1images/sec...ex.htm
windows10-2004-x64
1images/upl...min.js
windows7-x64
1images/upl...min.js
windows10-2004-x64
1imjiqiren.js
windows7-x64
1imjiqiren.js
windows10-2004-x64
1include/db....db.js
windows7-x64
1include/db....db.js
windows10-2004-x64
1include/db....db.js
windows7-x64
1include/db....db.js
windows10-2004-x64
1Analysis
-
max time kernel
145s -
max time network
132s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2024 01:07
Static task
static1
Behavioral task
behavioral1
Sample
.url
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
api.js
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
api.js
Resource
win10v2004-20240319-en
Behavioral task
behavioral5
Sample
api/uc.js
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
api/uc.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
api/uc_api_db.js
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
api/uc_api_db.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
api/新云软件.url
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
api/新云软件.url
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
images/seccode/background/index.htm
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
images/seccode/background/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
images/seccode/font/ch/index.htm
Resource
win7-20231129-en
Behavioral task
behavioral14
Sample
images/seccode/font/ch/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
images/seccode/font/en/index.htm
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
images/seccode/font/en/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
images/seccode/font/index.htm
Resource
win7-20240319-en
Behavioral task
behavioral18
Sample
images/seccode/font/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
images/seccode/gif/OCR_A_Extended/index.htm
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
images/seccode/gif/OCR_A_Extended/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral21
Sample
images/seccode/gif/Small_Fonts/index.htm
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
images/seccode/gif/Small_Fonts/index.htm
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
images/seccode/index.htm
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
images/seccode/index.htm
Resource
win10v2004-20240226-en
Behavioral task
behavioral25
Sample
images/uploadify/jquery.uploadify.v2.1.4.min.js
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
images/uploadify/jquery.uploadify.v2.1.4.min.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
imjiqiren.js
Resource
win7-20240221-en
Behavioral task
behavioral28
Sample
imjiqiren.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
include/db/database.db.js
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
include/db/database.db.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
include/db/mysql.db.js
Resource
win7-20240319-en
Behavioral task
behavioral32
Sample
include/db/mysql.db.js
Resource
win10v2004-20240226-en
General
-
Target
.url
-
Size
196B
-
MD5
13e7411a23a7fc127bdd4b7ff9da88a2
-
SHA1
3fef75d8a1525c9321390da0ecf5368b6ae12ffd
-
SHA256
2987f1659569d8128a01022780b6d55778e93e90d41e64cfee7949f1b630a559
-
SHA512
5a5485306c083d91a249a3e3b6d2b2f5745180fc40ca5d86a9e6dfb9f997ecc59ed1c59c0e15efb0cd3cc331a8f0c9074f370af6d8269891d00982bbeda3abce
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 4780 msedge.exe 4780 msedge.exe 3616 msedge.exe 3616 msedge.exe 4256 identity_helper.exe 4256 identity_helper.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe 2224 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
Processes:
msedge.exepid process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
rundll32.exemsedge.exedescription pid process target process PID 1964 wrote to memory of 3616 1964 rundll32.exe msedge.exe PID 1964 wrote to memory of 3616 1964 rundll32.exe msedge.exe PID 3616 wrote to memory of 4620 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 4620 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3784 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 4780 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 4780 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe PID 3616 wrote to memory of 3216 3616 msedge.exe msedge.exe
Processes
-
C:\Windows\System32\rundll32.exe"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\.url1⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://cenwor.com/go.php?w=tg.jsg.install2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff918fc46f8,0x7ff918fc4708,0x7ff918fc47183⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2012 /prefetch:23⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2520 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2876 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:83⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:13⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,8714484415114013795,10765686735730714742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5f35bb0615bb9816f562b83304e456294
SHA11049e2bd3e1bbb4cea572467d7c4a96648659cb4
SHA25605e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71
SHA512db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51eb86108cb8f5a956fdf48efbd5d06fe
SHA17b2b299f753798e4891df2d9cbf30f94b39ef924
SHA2561b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40
SHA512e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD51124e8f3fd9428f697cef7038d6502be
SHA17e7000305381729109506f533a9ab7cc87e7c3ba
SHA256c987e7c438fa9a74a6b48731f2388aaf3664929365864d4a91305cc3382861fd
SHA512bc82cd92a9d911c237ed09a50a77940e4c3c7d3bf83171ed678ff9831ebaaad4abf7a084976aa190a41ac86122a8c3ccda2ce1cc245424272e16ff3f1aea6e1a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55dc2b2310050a33ea561272b430535d5
SHA1673f1d5465b40c248ec4b7a5f98ab82f6369e6f6
SHA2569fb56c4465f661af7b1e8a2f965f1c5b0c9b9039dbe810094173bd08c08c49e8
SHA51269c66a80c7062fe69318ee6f1fcabebb66b45fefa92ee52bb57183d8a5f90ed5a0e7528e73188ded7116b59aa50c21fb0b64c2b9a0468c5d7aca74e84a8af5ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD58ad074c3e61537ac0e6f276cec9e9c53
SHA189e4d290024d9b895958472734f9e7aeecca8c54
SHA2564a8e93b350f03e9385b4eac137fe82ade8604f5de45e782ddf175675ba4b9db2
SHA51238ff48b13dd0560ef8ffc614b964a8ac2229b8e73481991a015a6e0d0c70fec3d830cd52619cba03312560d6780b19bb20b28d9d71d666247e4f876595e988b5
-
\??\pipe\LOCAL\crashpad_3616_UJAYGTAWWCLEBLTKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e