31f81f616e422425c76b1d45360901a162d619d61cf6e2828c7d7767faf9461c

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
Size

716KB
MD5

fbf2edf34178226895115d926e7a7c67
SHA1

22ed7e2f8d8e45fda6ff5c2c0a702a27bb1a50c3
SHA256

31f81f616e422425c76b1d45360901a162d619d61cf6e2828c7d7767faf9461c
SHA512

2587b9e034835aeb83316e963443378b89a50fe91a9e1e7eaaa528543506d61dcb6f6e7508cf46225594e5b6cab1cc234368a6d7aef6eb7eedc5ef7c2783e49d
SSDEEP

12288:SEHlhuGsHl5KGuyGFRu3dcxH0qlPiJiC7ZVhS:zHqhl0GuyGFygPiJz7E

Score

5^/10

microsoft phishing

Malware Config

Signatures

Detected potential entity reuse from brand microsoft.
phishing microsoft

Suspicious use of SetThreadContext 1 IoCs

Processes:

fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe

description	pid	process	target process
PID 4268 set thread context of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
4500	msedge.exe
4500	msedge.exe
4752	msedge.exe
4752	msedge.exe
4828	identity_helper.exe
4828	identity_helper.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe
4136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe
4752 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe
4752	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe

pid process

4268 fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe

pid	process
4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exefbf2edf34178226895115d926e7a7c67_JaffaCakes118.exemsedge.exe

description	pid	process	target process
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 4268 wrote to memory of 1036	4268	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
PID 1036 wrote to memory of 4752	1036	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	msedge.exe
PID 1036 wrote to memory of 4752	1036	fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe	msedge.exe
PID 4752 wrote to memory of 3448	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 3448	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 2348	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 4500	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 4500	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe
PID 4752 wrote to memory of 1756	4752	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4268

C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
C:\Users\Admin\AppData\Local\Temp\fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe
2⤵
- Suspicious use of WriteProcessMemory
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
3⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4752

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d1246f8,0x7ff84d124708,0x7ff84d124718
4⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
4⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
4⤵
PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
4⤵
PID:4008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
4⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
4⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
4⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
4⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
4⤵
PID:1920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
4⤵
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
4⤵
PID:4864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3704 /prefetch:1
4⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
4⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11156762923968039833,16100116350122197178,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4220 /prefetch:2
4⤵
- Suspicious behavior: EnumeratesProcesses
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=fbf2edf34178226895115d926e7a7c67_JaffaCakes118.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
3⤵
PID:5364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d1246f8,0x7ff84d124708,0x7ff84d124718
4⤵
PID:5380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3212

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
64836d9ed0fa36504e81806dfddba79d

SHA1
ce09ebf37aebaf90664fcf7f20d9361c7473a372

SHA256
ca4ff89e62d8fa19b959aee20a3eb90a032317329e392dc4e455dc7720651cb3

SHA512
99debdc52571e358b1da6c4086d085f818d5a27b8cddecf68aeff0aa4600d9952277d4578c5d411d4cc4024c54704f5f4583d2b8d2146aef00c031b1ebad412e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f89eacc173016441580a1298f148d46e

SHA1
7e27c79728f54be41984235f7bfdd8a0bdcd3a54

SHA256
68bc2993e25bb9f44bdd514acb1ad122806ffba33f21730a201ccc347f496625

SHA512
8c966c08f3decb560b58816dcc8115f927eb58b96e3acfc2b7cc512654479fda45a3de77f9d4639713c8bbce65f202696613bdc66bb33444e9b5451f6cd7481b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
90a7e2dc6ac13e34f17ae57983d3682d

SHA1
fc2edb891b77c408b29af9ccceec0bd3cefb171b

SHA256
fe58d2141bf5bb3ded002f9fc331f1e3ee8b34083512503144360691df051afa

SHA512
fdd80f93eb671ae6284e74bbea95ac8793dc35173e39999305c13ea39e8e35f4588eb7ef4bced3f72456da2c97ad64fce4c206af88461170499580f820fdf9df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
437B

MD5
05592d6b429a6209d372dba7629ce97c

SHA1
b4d45e956e3ec9651d4e1e045b887c7ccbdde326

SHA256
3aacb982b8861c38a392829ee3156d05dfdd46b0ecb46154f0ea9374557bc0fd

SHA512
caa85bdccabea9250e8a5291f987b8d54362a7b3eec861c56f79cebb06277aa35d411e657ec632079f46affd4d6730e82115e7b317fbda55dacc16378528abaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
98ed9064da8ff932f59955b546a953a0

SHA1
b83e77c72f601d01b408dd7c5864b6042af2b5ae

SHA256
7d0128dc9a89d79dbee82cf755d67f5c406ad60a48970a4bb3b2f312b3508a1b

SHA512
15297ef1a1d1130fda07b1a24989a733ad2b35004ab65bd48d89a54fb2b47110f15b36537959bd6316ee22de2f40f4a29c48a15d1fddc77fcce4418f9548c39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
39450ab3da95e2988d02c7603bcb27cd

SHA1
11d4fd2ad468bfaad1c95a8f04b1eb28fa28d8e8

SHA256
5902e29c048b91615a651825790d932255ab9b9376060df8c67eaa64c448fc35

SHA512
7800c9b0bd39bb329f20554d5a6241b1cb54f0e1ddae3853e8e00299ba6adf4189cd5acb074e4d0c760200f3fa3174efc91f42df8a5eb6630d0bc786cff98847

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
03e7185d3ab97038a7400fbae0df8e0a

SHA1
0a76326d493cfa98474e3da0db42888253e3555c

SHA256
5c55fa8f4cf9e791d6dab0f1f3b10feb39a7bf1561f315b8705ffa753d990b9c

SHA512
f2d65d806ddd5e57304cf0aec491a0134ea61a1144c993ef1d455c8bf6c3297a7ad59f941f2727470faf9013f2d18f5e4e55c9ec36e38fa9b9600a47b3887693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5e5f9bd32aae6854212a031b6e300523

SHA1
cc8669258e1434751286afd57da411a05c9998db

SHA256
25750dcc8a27581ee9b900318146ab470cc1b7c57fb483eba9133cf44de6414d

SHA512
c32061bf863417242b480540c28fcda97cca5cc0d16d72d2d1523a35a087a7479d74ef9f871ae0e328c378af07e58eb1a6d17aa3cd1c41d426a61bb6a02b27a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
371B

MD5
302993d64c03e3208dc6fae5c4f20f24

SHA1
e158fcbfa3605ba632be6f48ed5e0d437d5c5683

SHA256
b691c19b49bdd6466a75d60bfc92d34b35d0e1b7db903a11806127122c58f947

SHA512
4cd781e60b9df51bf511f9f648e519c42a5ae106d165c3f84836894afaa6b7c4b42831144419a4fe5436926d14c02d98da08ede035b33cc93c1bb5ac33966ef6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58409e.TMP
Filesize
371B

MD5
077a19d312e1bffabeb7c2c7af47ac3a

SHA1
8ba7e00f79f69d6b30bf7a044a497bf6111fa2d8

SHA256
a24581138759adc52b87953666aba95617289ac9369defea247006a58b175be0

SHA512
04d87bfa182f7f1fd7174e3b909d8c6bef1e841bfec1c76fbe726d80be2205ffc791af33728fc505ea5984617333c4980726b137a59eed51eba36e2186806d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
efad01b91053bbc7d2448393f5520dfe

SHA1
99af8bab33d0d80d0b4ff5a038762e29dd4c1455

SHA256
dd19aa967e5c4a2aa07d7591a3a06ee7d96c67d52ca72be669cfb35b2f22413f

SHA512
688e40912548cabd35f85b67bfd3050d65f607ac2535fd891bd80046c923547935d7923189b9f1c482668562d6493042986b57629fd75d86fa41280fc582ffe8

Download Submit
\??\pipe\LOCAL\crashpad_4752_ALFQONBKYLFBHPLZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1036-2-0x0000000000400000-0x000000000040C000-memory.dmp

Filesize
48KB

Download