Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
10-05-2024 13:11
Static task
static1
Behavioral task
behavioral1
Sample
2f45cf27340f16a06065cc18badab8f8_JaffaCakes118.html
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
2f45cf27340f16a06065cc18badab8f8_JaffaCakes118.html
Resource
win10v2004-20240426-en
General
-
Target
2f45cf27340f16a06065cc18badab8f8_JaffaCakes118.html
-
Size
76KB
-
MD5
2f45cf27340f16a06065cc18badab8f8
-
SHA1
af048c92684a86e92787f2c4245e87b10d57f651
-
SHA256
ecd14c4a9c4fa4725de0d8b82e405505f06f8530b9dd3e641bd3958746acf4e4
-
SHA512
d4887ffc0c57dc9c735c74f8eb91f4855c58f5bb2777f00e706859d07af34149c8b3e28aae50bcb63e101cd59e5249d1428e68e3ce6fdfa29aef37aa386e2ef9
-
SSDEEP
1536:0wgr8VSeO3DBslpuShZDmiaS6cgRrwv9FEW:ieO3DBslFDm3av9FEW
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 60 msedge.exe 60 msedge.exe 2856 msedge.exe 2856 msedge.exe 1016 identity_helper.exe 1016 identity_helper.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe 860 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe 2856 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2856 wrote to memory of 2112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 5112 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 60 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 60 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe PID 2856 wrote to memory of 2212 2856 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2f45cf27340f16a06065cc18badab8f8_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe344246f8,0x7ffe34424708,0x7ffe344247182⤵PID:2112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:22⤵PID:5112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2388 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:60 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2564 /prefetch:82⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:12⤵PID:1716
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵PID:868
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:12⤵PID:4816
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:3540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:12⤵PID:1692
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4764
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:82⤵PID:2900
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6720 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵PID:5192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵PID:5200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:12⤵PID:5460
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:12⤵PID:5468
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:12⤵PID:6104
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:12⤵PID:6112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:12⤵PID:6128
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵PID:6140
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2144 /prefetch:12⤵PID:5044
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:12⤵PID:4028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵PID:4556
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:4260
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,11488259455615529507,14961944333116608940,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5296 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:860
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3644
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5537815e7cc5c694912ac0308147852e4
SHA12ccdd9d9dc637db5462fe8119c0df261146c363c
SHA256b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f
SHA51263969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a
-
Filesize
152B
MD58b167567021ccb1a9fdf073fa9112ef0
SHA13baf293fbfaa7c1e7cdacb5f2975737f4ef69898
SHA25626764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513
SHA512726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54
-
Filesize
61KB
MD5468446a7240461af44b59ebb2047c231
SHA147b7c525dc91bece99df0c414960b9490b986ba8
SHA256ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6
SHA512ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
30KB
MD5e99f1712e9ab2361d5bdeb29f499183c
SHA1aa1ad85ed4ca152a807101ebfbf7636c49495236
SHA2569d34a303f8c67d6d63830ae852e3368ec97c8237e82672fa2a144352d1ce9460
SHA512686620842f086366ae8132128c7fd2e7037d2a319d975d5f633ba0160143567d10880e11027df2da4dbecb150991680c14a2773ba810c1560d69742344fa0e8b
-
Filesize
25KB
MD5651759109c0101a3622ce3e8d4c98be5
SHA1aa1838164412bbad08112a0895754c54ffd132d7
SHA25601318a80813fcbf44ef73a52bdd7c85b69bef8edda8d63a247bf6db8e2068a06
SHA5126313df038c265f147a5954d2ed69ea61431795e005cbf25dda05128adbe668a194c73322727c65201ccfda5ba2252fe9f6cee88b96485b85940b83254d0220e4
-
Filesize
20KB
MD5b6c8122025aff891940d1d5e1ab95fce
SHA1a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4
SHA2569954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e
SHA512e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10
-
Filesize
44KB
MD588477d32f888c2b8a3f3d98deb460b3d
SHA11fae9ac6c1082fc0426aebe4e683eea9b4ba898c
SHA2561b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8
SHA512e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3
-
Filesize
46KB
MD55ff37c5e551915a70ae47521d9ded5d5
SHA1e3370e84b4f30e4b74788e34fa40de3fdc10362a
SHA256691445c2ca6c5c6158fbc2fb6ff4f6034a9d7206c5994675385f17c902e2c603
SHA5120af1f6db41185e2c9ba057d57de8b333fc65145e88723cbdfa814311d81df95377c940ecc0d9511a85e3ef4aad8e8a4c0006bec90981b6ccbf26801563083309
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD5e89eba22dc8a7118e9c135cc2e22b207
SHA189fc15f8c13deac9f886e74861863edd381ae343
SHA256d800d825e1f40d7016aa4cfcd458b1539831c08c034d5f745f33934ccf44dbc0
SHA512e0cb28b4d2f0f55d5a900ef50ebf4763d3462c88863b0cb5071e3f6dde59e11d622fe6009722cbbeea0b2cc0f65db1fb4d7b3262f528467fb2b76b984fbd33dc
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize192B
MD597361b552399c4d00ab38898e4bed6de
SHA1b2ea7313e01e52e776a7d760152b32b742d38af0
SHA256fb73554f09a7c6d1bf0b0f2bda4c0e8aa7b9a0ccd5175dcbb920c8e1c67e199b
SHA512ac941e4516e330316135b676c0aaa47e4140e5a5fb0cef76a1ec16787d9df85eef45f9809a1fa0b5548c34d5215c38a1e7f4265bd1c9c6cdeeab0ae80994c7cb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize144B
MD50b58db8308d0a725c9f65c3b8fa22611
SHA123657f779638efb65cdc30af8875f10594da3e04
SHA25689f545c0199f28dab585246d8b7f98c8be3ae868c4ece75929f82010d419bd84
SHA512777a9c536beae8528cf16b1d49bcde67850a98249cfd763b2a53eb5f00baac27b36f2c3b670135ae6c01b241eb0a8e7f97bdb4791bd7869052e891220e1457e1
-
Filesize
1KB
MD5460d853caa8ccda47029c1a82b76b849
SHA1b9bdbec9ac3cfebfc20be062caf09cbd1a7f53cd
SHA2562b8978285394970d9347f821e9b2a439c43c2e50b9ea0dfabb53e044f0ab15e4
SHA5121c38fd4897c6fae6f619fd5411930fcb44b43995a2549bb9de5496a4be567f7bfdfae1b01c184ea8b79555725b07a40badaa7fbf4e4aa74ffc45df76b4833b9e
-
Filesize
6KB
MD5cd666f9812e289682b8e679e447bce8a
SHA1060187c0cc496891e1cde90a75043f9ebae4e1dc
SHA256a1c3e4952be3907164203d0e4b8e7d096beea51253683dce23d2ce397c8a57c3
SHA5123f0bca959546dd28a651a2b68df88d80629c8592b07ce2de7f3785c5e44f64a15881c990fd5dec6b227ba2ecc7aeea5c856762c64b2e9944c31060b33e5ee947
-
Filesize
5KB
MD59cb2ea57901cef0fc3605274e8c76aac
SHA1dbc6bc68f5d5a686b3656cc3528c0a26f45e8519
SHA2566532d6b2b22022eb75176b15ef0bfec53175aa912b8458a671891d9c72c6ce99
SHA512a2b8d676f115e381970d17c08e6b963cac6922c7c7c271e92012ae8a7819a4322eb6eabe5e4870166f649c511fba27857d7bc5db02e3e739219b6ad4df495270
-
Filesize
6KB
MD5cbbf1d5de51c6ea95a5fb47f075b6527
SHA1e2d739c71232cf16ac01095b9d92467e9fa0c76e
SHA2563c518c56907217b1d2de0b270213613a21cff703480f855ba542af4608a6741a
SHA51271e9d02eb12d6b0be3ac05d0d72af85426c6dc4c63a05f22c8b0da5733da0841a4a4c2a20beef22ac78309f59aa97f401bebee21ea8166af853395bda3de2f5c
-
Filesize
6KB
MD5dcdbd347c421c0889fc30268bb5a302b
SHA1cfe32a5338bd314d153969c51117e985fdaf0de4
SHA256bdee4599a7b1d47c8c74aafaf9c015d1d90a16da22dc6f4816081435fe0c840c
SHA5126daacfff44b265049812b9d80c298df68290a79cd3de11c1dd7337f8c656c5a17b7a8ac85bf827d570405d6e3cae9bdd5419d5abba9a6b70514d0f4b3b180426
-
Filesize
6KB
MD5c789dd9e079a63b3e7be12dc5922e8c4
SHA1255bb6a007eeda50d65eb0b12dfc53c0889bfa1e
SHA2568cc3ebd0006885ac96f921efbcdb162b956c97f3e954ff4f42936e0c2bb93c18
SHA512f284e0de07fc456bed843107fe7e7f23ae9c2365098a62116381d54bffd2cd8068c5c0aaff77d2ecc0cec4f6efc270d338c2e4430f4f75f588e91c32c50192ef
-
Filesize
203B
MD52e6e512a6e15e8776b89cba0bf90babf
SHA1e7204a9cd8f194461a373f03d517e34cee8721da
SHA256920b9392a8c2a7bd3da161e2debea5d925757e8774c35582de4cc41da37cfeee
SHA512a403d940b6bec5bb61cb71a8942882c9b7b46113c48604db4bd231b26e07f76a35e61f2a2d6d54b172e0d6d4d00b10a4687b45418e29d5313cbd1870c933a342
-
Filesize
203B
MD5d31397790851b384e894ca38e5404c99
SHA1a717f032b6729b1e83c468110f4ec97ec908b15e
SHA256be9d686d8763790ccd6bfb4778ee38e7bf0df849f84c58500238a2737af63949
SHA51268f6964a881df96fb2f730106b5e479bc150991d33c7773c340d52a4756d755886e52baea1814c14df79185e661242b7a6e3fdb08fab2136cc5d64c575df904f
-
Filesize
203B
MD52cb849cf64f84748898b341821d1fc75
SHA1ea4fa38dafc0f1981e11612d2cac2de40d3c7859
SHA256c3e891f28848edcdcef7d3a51cf63c41cb8b7f8938b4b171d6db7ca6c0ccf61b
SHA51201fb579dea7059b0af8a4dbfcf5c2900ef90928eb4fb9976d2f44b09cb21e31007f3ad3bc6e89567758a70d3ec57071707347c3f6a6349bbedca981580ce13b6
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD532390569e7da6e7e1d30ececc6962b4a
SHA1d1576ac09697c677edf88532882a665e7941f65c
SHA256cd97d36dbf9cde96e180e18b65cfec4525ed1adf52215c8546e15f06e1c27aea
SHA51237a9dbe272ee19a884e9d06bbe171542aba17463770b2c6cb526bc67ac92eadce65536a12df758bf592351d35b177231f6db616728c8b3b52df52a6d4ba3284c
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e