hxxps://linkvertise[.]com/166156/kiddions-menu-v098?o=sharing

Resubmissions

28/04/2024, 15:26

240428-svnyaaba8s 6

Analysis

max time kernel
387s
max time network
380s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
28/04/2024, 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://linkvertise.com/166156/kiddions-menu-v098?o=sharing

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
42	api.ipify.org
32	api.ipify.org

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 13 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
2488	msedge.exe
2488	msedge.exe
3780	identity_helper.exe
3780	identity_helper.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe
2060	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe
484	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 484 wrote to memory of 3912	484	msedge.exe	80
PID 484 wrote to memory of 3912	484	msedge.exe	80
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 4992	484	msedge.exe	81
PID 484 wrote to memory of 2012	484	msedge.exe	82
PID 484 wrote to memory of 2012	484	msedge.exe	82
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83
PID 484 wrote to memory of 1492	484	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://linkvertise.com/166156/kiddions-menu-v098?o=sharing
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc5bb43cb8,0x7ffc5bb43cc8,0x7ffc5bb43cd8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5360 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6136 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:1796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2540 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6724 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1916,11185026834071344581,5510196785063099273,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:2372

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:404

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9faad3e004614b187287bed750e56acc

SHA1
eeea3627a208df5a8cf627b0d39561167d272ac5

SHA256
64a60300c46447926ce44b48ce179d01eff3dba906b83b17e48db0c738ca38a9

SHA512
a7470fe359229c2932aa39417e1cd0dc47f351963cbb39f4026f3a2954e05e3238f3605e13c870c9fe24ae56a0d07e1a6943df0e891bdcd46fd9ae4b7a48ab90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7915c5c12c884cc2fa03af40f3d2e49d

SHA1
d48085f85761cde9c287b0b70a918c7ce8008629

SHA256
e79d4b86d8cabd981d719da7f55e0540831df7fa0f8df5b19c0671137406c3da

SHA512
4c71eb6836546d4cfdb39cd84b6c44687b2c2dee31e2e658d12f809225cbd495f20ce69030bff1d80468605a3523d23b6dea166975cedae25b02a75479c3f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
624KB

MD5
47f9fb7bf4b6a7c92d3ecfbe2c818588

SHA1
8c5016630400ac7b4c15b84973e26542dc32fd98

SHA256
9ad8e815ec5b3d1f94b1a495aab726c77a0825b45ed6051ab7feaff4d2b6bf4d

SHA512
32f7f4b34dc3088bdd378cd699ad824aa740d5749a602aa3213d7e93db876971e50b72b49760bd30c50ab49626b7d0afe7847db0b5b24e83292a9006d32a9060

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
50KB

MD5
33f543d3a133af67b0b935b42948424c

SHA1
fd0c8ca4ca40d771d399f492765e79d148754295

SHA256
01568c491bdb4e0b90cecd0feb1469848a823080fd0961b61df49f4a9075b921

SHA512
c23323e0404795af8c610d7e6f6e1d131f2a76368fc60414a4d0d4c2efe7dd78d297c92f0bcff873982ec899416d05acda808785ca26bc0deb06fd18dc275f22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
68KB

MD5
0c95ea36de4edefe81d74f0dd6b0a2fe

SHA1
10ef21c74035f2079a76f8f051908b374d9330b7

SHA256
e3c91afe8734bc458ec47e43f607d8763f5789d4c2aa9b62837cad7d848554ef

SHA512
5fbddc1f3aedad81c4009eecfb367209a14d6796aa19732a597072d10cfc8400c5e3c7a94d133865e846a52d02b348c708234acb79e2766a17aac7c63508463c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
37KB

MD5
4ff43db634c8b371f107431fd1e9529d

SHA1
3bf80df2d2986916270f59ce61c8a7aea584ea39

SHA256
5e051704e2e2a31e1675eab6e25b67b3ff37a7cd5a3c2bb7565dacda2fe29be1

SHA512
e1d1708dd1aaafb1a01e988afb81de9ea3db96f2df94a12d0d25acd04b9385b383bd6bd7f7549299fff5bcebf3308756899867c51823b810817997909d6ef1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
94KB

MD5
923437a4dc208504573e46809d05674d

SHA1
ad9ae7cb73e62e89117cd6570c0ab2d46b3f4cee

SHA256
bbe2541d9d1bea25e53b36d7929a03faceabec0153a1d6cdcc3498f7873d5937

SHA512
514a681327f982ccd89e47a5c58cf0549795522047f840f4c6af5077c27b97b6421e290dd6034ca2e1ed0e61ad1989f2ec0092d14bc4016e353d6e05e372939b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
68KB

MD5
fed7f6dff83912204f44cf86757b0b86

SHA1
c42ea471fc4994150a3692e37b31b58b2a1ae501

SHA256
5b756485061813b7ea1ba8d7b61dc732fae571a5c27f283d62da8578f56260a0

SHA512
c75cf7024fc5dc2a724aeccaabf24227abf5a19243257b149d575cfa15c37f60211edb2111db7913d8ab5bd537f5e4ffdfc9aa7f0cddc7a322b397f78a8c5d79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
25KB

MD5
1b7ac631e480d5308443e58ad1392c3d

SHA1
95f148383063ad9a5dff765373a78ce219d94cd7

SHA256
7fb66071ac6c7cfff583072c47bc255706222c2a4672c75400893f4993c31738

SHA512
15134314dfd36247db86f9b3d4dcb637e162f8fd87c0ce73492ffdb73a87492fc80330655617f165dd969812ed2ebcc42503f632d757bb89ba9116137882119d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
106KB

MD5
c32068cc5af65c3041ba5d1169c21877

SHA1
4916b1ecb06fc8dae881723edce23c15f992c425

SHA256
d2236b94ac1e28588be6609b6320fd429146a70e97f37e2a4d70410cb15990ff

SHA512
f6ee1f788ea0ab74538c9661df557b9f1f81465f098a9021d73703a7fb5fa81e849b89ce6a4af8377972b3a39179860483eed32cf7277c414aa96b48344ce3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
28KB

MD5
46c4e6bb94c36bafc1e916ee98c741cf

SHA1
8979ac4cf53fce5a8e6920332c1525fc57ddbff8

SHA256
13f2c9fda5ffe47eedd30d2570fdb9c6f4dc37197d1e64aefcf7d3c6eabff9d8

SHA512
bf541964539c7a473e7dabd32e6ac951cd5000f3c4f9c482a837ce470b3e1f44d60d0fbdacde942229c87538ca25097df1c74b38f3c724dac8a61036309b53ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
03d7fccd15ee042fab9fc2bf0c7f16e8

SHA1
8a0e732d23944fd57155d163349e6a29d2686249

SHA256
0f7f3215eac90e2ee808864dc272f89601a5c05464c613bac58db665cc2b8fe5

SHA512
1aa24cae3bf85374920db8a29464a5464f1a02325c2e0cb666fd821c8ee95ca31ad100ef48863a3141370b30816cd20a53387efedb2aedcad4d213856b7a43c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
936B

MD5
200ca213d3bb0012ea720b41fc7a0545

SHA1
f25c4152173c1eb89bf2ad0d88d61f7085feca70

SHA256
da18627cf675e264edcf93c3dbd029f9637730dbf548912ad84b3efa0a2af5ab

SHA512
ccf3ea3b6ede13dc767aed13a7bffd541fcbb856516cb71700f3533bbecef11f373aef3eb28f221542b79e7834813a428c6231a83c5680bc9137f483efc3123f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f39dd8eb7ee7c1df4eeab6b3637f9b80

SHA1
8725f57dbb45c90dbbde2a2e7ca75a61fe9682c7

SHA256
2a247a8de70ff616f8d31dcec3f1d50626f0d17a5c6510e75bba5a7b484ef95d

SHA512
851029f6c33fd9ab52c73452a03a4dc71603ddd9b3c03d99bb7aed2a5345c4eea6cc8476d52de0698f2b7dd49ec1b977b69524f00f07b62ca5b6f32e6dc522a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
39189741e39f298bf8cf5b5e7804a065

SHA1
1bc0be86d13d77a0970c849d8df9d46a07673086

SHA256
8d961f60d88d8623c33b47e47c269fa92bb9bd101e7f4ad7bd21cb28935bd14f

SHA512
482f7858f936e0b7514d5fe20e6ef1dad90738da4ffed112f2e0900c1da3ae820036bea6e4b33663ac36534b9a079f2fc0ac42604f253d4d7d838530517aeb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8f2a4c89a66f6a03767977d1f8b77eb5

SHA1
997ce6eb1f165a407dff2c4875803fbdaa90151f

SHA256
4a6f338d43325e1c1cc00222587146340af1d8107044a09cb22f157058e928fa

SHA512
d0053723ded522004fc8bac5647be74b9b92c99e98186e6403ea6c65149c7a7201d41b4d982f16d1a9b1c0d979cb56e4c0bb0f8cdf270e76c98d9fd6da951233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7f1481825485e0fb59fe4900529601a9

SHA1
b63fd4766dd13d9339accae4297ea056d3a158de

SHA256
0c2121a8a8f9d821bee088370884af44a3c5ccb13e04f6b6a5ed046e31c68f70

SHA512
42abb5bd54e95655db2b14607eb361499e8c28e751d9c982da3991c1903d8c0cfa51f4f79e4f1f8b6fd3a20b3b65fc476722ef4d18db695811867679ae0b4869

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c002f5d8fa5291de61ce6ad4535c2816

SHA1
7ed1e323172127e3a81ae9398f6bd180a29e1f77

SHA256
818daa8e1c545dbfde7186e49ce5ae0b3c88134d5b19abcaf87913681346ed3b

SHA512
3cc8a4c323e738d89a436a2f58b0927fba806d1d1ef31f62f043cacbbded35defdd4fc368bbdb6599c31846dd79fae488b0a116a30ab202832de9e9926282d8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5abd1288fb78fe770b1d29b9a3636c2f

SHA1
643de346b949306a40e0f822c4999f764268ffd9

SHA256
aeab3fd8a1183ffca3dad2462c1fadbc72a2d3485db793892f84e0e63c79e0bf

SHA512
49cd63091e91deaf1fe3fb477f970a783b50ab95797deebd0f3e5e1081073ddc36a9a0a5b7e42e17418070c6b995d244f6c2e01c6e3f2a505a3fce8029aa8426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4ec89daee6c9cd789acd3cd337d9af8f

SHA1
fc2ac817f0aa37f50fb11facce029ff2df47d6d4

SHA256
63a1d4d9a8e0826d2d6813ea099835aa8bfa07738a2943e7feb3263f92ee6b80

SHA512
3823c1778cbe021f242c0ba4514326a29ef6e6d8c02f0af2d7b180240b5e3bfbeb27f9ac8db6dffd54137320d4416d9dbbad0beab06e641cdd574a67399dd275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
689c46f46f8e649bc7d955e578892b79

SHA1
323b10931b719a24b5f5a4280c973dac12f32642

SHA256
b14ed155d01713d69b57fe3a2e5ec503cb6b2bf4c113147286c4ed6ab16d922c

SHA512
07bf5595667ffe0d60b07f3ef14f8872d255373b47668e4690af7b52d9de44b349edddd6aa04c51d44b9dccfdd6944a2db8a5d0c5f8bfdadc1f91b4dc35a1bd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c46c1c160c137d5dfe63a17db103a5d

SHA1
d7b778f93f2d0270e952e74db630b9ca622e3fc3

SHA256
2f4cba8e76121b327797e1d67c297dbb7e35729057b90d9770d816dccdce34c0

SHA512
57c3085b3a89c740f8900fa9c7738ea5b5d4da3fb72e3ac1e13df10087f0a704dbd479b1091308e6d286e1817e1328c6d89da5880ad8cc05fdbc4ab55d868fd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4a9bdf25f8183bec40e1aacbd860e27

SHA1
96ffb3f1d7f21f25d4256237910e8f31f4a73763

SHA256
3d4433425f12bebe0df1e50cdcff67057f7a68a98546848108d3272c0315f5c4

SHA512
f91a128f6738a0338db903ebe17f53a0b94156692af4c13d0ff740cc7faaa336f57fe0e18447714be15d1bfac03f362a94695b6ef70854a44020e2c04394017c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e5e8c338b20928529ae8cd064b504f0e

SHA1
56faa0c89f0ada157602b8512bb65be8c70bde69

SHA256
5d158b3b45bffb816cc6df42c13c8e02ab7ef5ef3528e4c20a7af93ac81778b9

SHA512
d6664b10e4b3555cabb7e04566efb4b17ec399219243b9a09c30dfe226448080bfa3af83b23beab7d1545250c9ba4eb07ca12b4713de37a6fe7a9a6e9f53b787

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
aac4242a3460f44187ceff29c1cb0669

SHA1
6ffd2db7eba27c7d75dde02089b94928a35ebefb

SHA256
d830221b77946164200a73222c420bc5c5b5d1a9476592e7ecf31504e1ed6193

SHA512
3ccd6c3bcc026a078c1bc5b8daa77e7bcd1dd89723ede41651d174316f0b281d303409f1db80e4f712402293acd337f60121265a420009d0a7251086f5d4c16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e908.TMP

Filesize
1KB

MD5
147f8f789c71b926a46d8cd7c1b9ec76

SHA1
bf55d34ee13f3846b5ebabf753a399322a3fca9b

SHA256
4e7633b3d238ccbaf5eda39cf011d930129da4013d2a14bd2870abe09104ab9e

SHA512
b983bfceecaeb72d4df1826e0f5753ab32f0dfb35c6d412b6102ea1ef5e0b5a5ca07bee1bce572e41c595c06fa304c50328c4106931db137ee8e5fddeabeb365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cec5333da4bc63affb60ab751e1b8b6c

SHA1
85c91a9ea85fb7b80da0d3000b648d372989e49f

SHA256
71283fa994e69579c35d92fd2043eff9ca557c2fc9d23195f8d7966ee6d55a93

SHA512
a3bd3092cb986d9d260e69aa92d92d7014bb5ed416e5dd04e9d367ed7392e70f56fce5cf33f9cca119fd287667aa6123b7d406e903347fe393f7e855897348a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b447816d683eb40b2bbb1252e0a8f3a2

SHA1
94f93da8dd0bfc7aba90a6a7a70eb075b4e66e41

SHA256
c949ed8e02d0ac46084064fc7705eead82116596a8eda45be6367cc66e402f45

SHA512
f73166fd3aa8e4601fe22fb0c22a65e363e4acebab313f901e3d2fd998afe2033b34003a12ce0f43b7a4ea38997a49d3529b24a306081372a4dc8ba0ef216e96

Download Submit