Analysis
-
max time kernel
209s -
max time network
223s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
-
submitted
16-06-2024 17:30
Errors
General
-
Target
rpZJJ8Eb.html
-
Size
19KB
-
MD5
3c41b9eb842d25a55c0c896ea6126f70
-
SHA1
00fbd7772b12c91ea970b3b02399278e818507b7
-
SHA256
7751eff004a2e39e4114762476fd1593128256bb9d953bed78d6bb049b8e5d77
-
SHA512
768dfff2fc78e2e8eabcdeace2e980c727fb539a9709ee1734da0f86c6fc77a7f824dd6619467c183be20b5bead98a30e6f776a6270dbc796f7b35cd32632403
-
SSDEEP
384:ZbFVFR+7V8+7kbBkEPg9VqL+fGZzsg2RrgoAOnC0JqsTSpF6:ZR3R8VB7kbB949U+UsTSpF6
Malware Config
Extracted
discordrat
-
discord_token
MTI1MTg4MzU2MTkxNzg3NDI1Nw.GkWNk2.51TyK928OzXAWuMfCBw__cHbmMY6GwTTy3tGIg
-
server_id
1251222279690518670
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 2 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 3 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 13 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 33 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\rpZJJ8Eb.html1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb319846f8,0x7ffb31984708,0x7ffb319847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1268 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3548 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6800 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7092 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8128 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8248 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8504 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8628 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8808 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8648 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7220 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3576 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\samojamess.exe"C:\Users\Admin\Downloads\samojamess.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Samocar.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Samocar.exe"3⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echomicbooster.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echomicbooster.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,5357519515074364838,17052665768987271014,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8240 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5db9081c34e133c32d02f593df88f047a
SHA1a0da007c14fd0591091924edc44bee90456700c6
SHA256c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e
SHA51212f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53a09f853479af373691d131247040276
SHA11b6f098e04da87e9cf2d3284943ec2144f36ac04
SHA256a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f
SHA512341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017Filesize
62KB
MD542d9fcc7172456834d9e05605cfb999f
SHA1d1df0982a953011482b7cc5e97803a5fae290ba7
SHA2565029f1471e648ecdf5518199b5d7a6fdcf2dab7b9ba8367331b0836de3064575
SHA5125fc471dfd6cf0516739b40db211b4f1e0d3e27e7b53eb1e0c8d34f7ddf5d09ff520bd4c3b7baca993857fd462f184621391fed363a548bc7b50eee3b7ef6ade8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018Filesize
19KB
MD5e78f9f9e3c27e7c593b4355a84d7f65a
SHA1562ce4ba516712d05ed293f34385d18f7138c904
SHA25675488ac5677083f252c43009f026c2ec023ac4da3e65c5d7a084742e32abce3d
SHA51205f9fbbd59c286024b3ad49961c4e0eaa1abcf36ed29a1d07ea73d2b057075d46fbfdda56f135145f942bd0c3d48246c73be1771c21861eec4ddf8bbc365a286
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019Filesize
31KB
MD560140bc834da90837a9a4d1530484677
SHA1d99868b0693b332681b4db7927f3f11b3ed37607
SHA25629c0ba2fb11f5bbedff938e0d0a97da59f725cd153bc0c04f052419e779f134e
SHA512448ddc49ab5128dfc0dc91ebe388d447e748848cd2f7dc15fe1fd0380a5436cc9872c32606d9d161d3648b20bff5eda0e48e8fb77c9293f3c0924ae89589eb37
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c41f6f52e8c571d_0Filesize
332KB
MD55c3b12608b677bb703c0871079fd88ff
SHA11b36b6492a7037f50ed9159363551e55082065c9
SHA256c77349619bf188f354fec1b80eabdc4979fc0f09858359433d4ce8e4388191ab
SHA5120acf9bd1345e6edc048ceee19242d84aa3a5b433e66dfd4f4fc98a075aa089cd8baf86b4f8f2638efa933f5830b9f6f0554448bcc8a714e53eceee2c41d4f5bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3c949d719cd125b5_0Filesize
276B
MD5e9f046edc3fd7b63260867eaf08ac580
SHA104f3e09d896bc6a8a4a3817b526cb8f0a8bea0e0
SHA256efbde3b2deaca98a5d1fcfdad54860637fc45ebbe26978e4dc09083eee301b53
SHA5122ecdf853d03a446bd9398eaf84efe864036426f0a2235a2f2b47092f67086aadf4db49e3489887fb0c379e40dc271f24226b5289815e4fba4fd1f3452b3738d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\57c4d0ce0b6cea04_0Filesize
286B
MD58a381a92e13dee00b42f19c4a54374d1
SHA1c010740eff69f75e80bb97711de7b9bc57af1c69
SHA256a69fa8996c3b34a1b787b39b439e6d7ec54abea2b43139f60dd7b1a905c98d09
SHA512727633e78d6e469d0e3d0400e5cb0f67d767cdefa67751362382c97aff309a287cd0d05ecfdd36ad5297e876078502a1963954d39d5527ceb0f1027c4a98df3a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\816bd7ca7ec1f685_0Filesize
141KB
MD51d1eed6f1ef959ae8520afb949f3cbe1
SHA130976cad5d2904c95cd05323d6d5fd3bbedc5f41
SHA256cd82b8a8ed27b34c05a53aaa10e7604db4ee3fb3f68b10c05e9cc008b4008f37
SHA5122c83d21f8b8e713ea7be0ca02743407572f11d839a5efbe128c3faba476e9b9c321f1aa65a5c1daabb8729bbe4813cc9f0171a9c875c6911602c5bbd855d6928
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9d0814bfdb4bf5f3_0Filesize
21KB
MD5576b5f38a1d58662f287dec555b72d5f
SHA19e29eb9df4f87a12aba638e75f8710e02b6e748b
SHA2565b464b311de446ce8ea5f3d60a7418722e03e84b5a2e9b6583edfae747102422
SHA51290dfd947787ee96f37a7036267b4f0fd8ced4c2dd772390e3eba350b43adc6892ef1ca6b12721989e1d9c15cf569aef5daca796591cab2e57fef62933a4062de
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c5cd11cec9ffdf22_0Filesize
54KB
MD5e57531c330786536df814de52829c9b4
SHA1759cf6f38e452ca038445b2b818354735c813f52
SHA256d0e054036296b9e9c84df7ccc1877788122cf419ae4e8e6ccba2b37c2ee1c31b
SHA512f6983f952bf447a6e0f2791e7eecf8b3d0285d6aaf819e525c5a5a942db8ed3585bb94468bfc120a52d005958ff92b4aa0de6cae054d94f7bad78ef181b94159
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\cc9fe50e720ad078_0Filesize
11KB
MD5d9296c674cf159b117643fc90106d941
SHA1c29ac779bd625628a1af68dc3f095d46c483fdd1
SHA2565e2471089e7849fd1ef166574a6c6c93195d24e979752c62ea3b5aa5296a7a7c
SHA5129842e73b6c037d35cdd6e65993b545c16fba3514d8d19d1a572f185090a1e25fe1cb4051a4bb52b73be1af3f5e27d6f2533438e3d65f293329273813ea44419c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-indexFilesize
1KB
MD53ff119be44db34efe1ecc609a083ea1c
SHA1a113ac20fce5738958e85867c3c5cf73ee9c0f0f
SHA2568d76082879076f39780b9e304978a56de5d39cd91ed23ba6213f2d7d11c49fba
SHA512699cb4ae1d7202de121aeba963011c8b891b6ce319d846ad9bc5acfa6266ba292053e363a969789ee87c25f8916981057cc0aaf3c6f5864a209696e9f08dc89f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD570803f054d53001d9baaa9a56a12adf1
SHA124946d7226442442076d7eb4207c1ed13a942fa5
SHA256a70986b1b9766ea016b0fcea4beab490a167b727cf791ea6ed1fe85e576a9769
SHA5126e9fa7a2ba5d82e9991d0e604851315b9760e6689fa1c6bf2c505a1621c98ff85f7202c42792a893d46f5a8ce1781b06e7ef8a1651154339644cc37353c80893
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
1KB
MD55870b62045da8543c5361ed31f99a147
SHA1f13baa1831e17b4763db19b2b9a4f48e9f33cb5a
SHA256eed047be1fc05153a312c4ae88dee124d2e1edcec6321c95adbfbfdb1d078f09
SHA51251dac0478c1eb687b08dd53320c5f563ff87791de2590b35f9efea8f45ce46b3e95a29c9298262be44c2034e70859c8948d303fa7bd0aa8b09e9d629e1765750
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.ldbFilesize
44KB
MD54ba3595786ecc758642d632d424fb845
SHA1fc9c5edd832e907a046b5dc4970931de5872efb3
SHA256db39aeba54b63f046e7d5e941cfa8e84b1d92c0e29901d0988e3b62a491a1e00
SHA5123b7765fc2da26eb9db3c1d6d588ea3cb0d13b2419106bb51660288b29dc7cd9a2bb6d1bb593aa8ef9affc26afa0da4695ac68d851ff3d26cdc3345871b77df9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
7KB
MD5e0d06460b3e7ab208c7fa8218820d91b
SHA11bc9aa2cdbda5045721f98ee922c899a15a15fc8
SHA256cf63a5a23cc89c8a78728829a21a9c056382ac17dbd1b8d75a3622a0e48587c9
SHA5122b02b57211ab18e9adc9d9254c30e1e096903415de46b24e75fc9f5f6874cedd8076de0e0979f2800e33161f1b36c49bc395656ed0df2c2f4790f83da5340986
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
383B
MD53003cf761bfb245d8235d159c36a5a50
SHA174e5e28bbfb6f618e755ed1724c779bf4d6bffc6
SHA2561ef8381f0ffa85c9bcb863109990adc372b022beab8f27b95182ab28ba96a711
SHA5128e3894c110c5c8fad3fb2a61a2535e8c623a122a273e1f2e3e518c1782c517d8eb247bde48c6396e3f125614d25fbb3549f44e9516c5e61a3ecbdc4cb01e0a47
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
7KB
MD55c2519b76deea96e8ab8bc236e3314f2
SHA1bef196867925f7b8e8c34f2d04358b3ca90c9ead
SHA256991a0ed3ffce8d140a7f259211690ea81e5746fcda17cde1e42c655403e6e76b
SHA512f562d47b46474576c597553248d61fd1a4d6e3cd4ae4374c7b38012a9a19f6ecfdc8fd35eb6b18cf2ce6c52a03acc5ae74f49ff553a80e669abc2b955f956791
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD562083d876b4e787719772e2787f18edb
SHA1405d70d1143cfc0356d7a1ca7de7b65aa81e1ec3
SHA2569c504fa88e6de3ee21a149d609308a1f305cb1eca28d36b4bf1d2d69d3888134
SHA512274b79bb538160096b760377d7289a2b6fc40b814e15f4f0cd018c12ed09d994b44dc1ee7f16bdbdb3bf52aa7af5bdca98dcd9e12f55735e570895ca7fe5e67a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD501b921986e25aee999405e04e815f305
SHA118efc14bd1532a8a3132875a9ebae8b649024f4f
SHA256693de0cf528de42a6d2cc54486c9847ea4b8d226f1fb8ef097c55df3542875e7
SHA5122aa755c60366e448a0d79ed7eed1b950abbb0d3935ffff22f4fbb26feb70b357457a5fe6f35ff6c267d224b66075ea67880c081fa676eb41c61d06bf5f784086
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD58134577f4030c8fa72ce0c55f4579160
SHA1b0cf704d6fa16616c72f11d4108588bbffeca975
SHA25657971ea8ced768c0c079b67ca14139d40687c23f5bad21fbb90888f2f7a74376
SHA5128298349bde95ea6caff9a91905919834419ebcfdaa31cd3787908ae1b870ec6efc740791754508cf99d27b194caf1de6e9cd5524127ad68edf68d7dd421e17e6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
13KB
MD50ae5417ca6b81b1ba21d752d86c082be
SHA1a58551ae4c2fbc0438be90956d8fad46d354488d
SHA2567f4a24908fb4de2791943df63389a861dee7b31f0d76cd5ec5122a3bc0de0191
SHA512beb913e080c9cc460a9a507b2742b334e0ecaf966e1bc7e7e22a52d42e8d6b0ffca1d49f9d722108b8e8a115bab63fa98066785af4ab30be861d4c5308f3e059
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5dbd00c1d34d347e9163b300b54928461
SHA193d02013fa7caf1155a58e42212b2d95663e2720
SHA256ff9f427050d0f3714d2880b3908d30793889b1d043a7e23c1bbe1bdf1d9e6b58
SHA51236d2bca0ded43f8a0f440cefa28fdffd5b07b0a694c774786278e1b0d49479320789b05ad21eaf26d39da6f5428507177ae19b303dfa2d1ea99ed703b66df886
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD505d1e6b541e7e3d52f4e61af199ae37d
SHA1cef817a87ca9994c2bc75f1b9cff49f502db32d8
SHA25687d25919278182c77fc575bc43205e560664095184ad50db82332b3a3a185249
SHA512fc5bb3d1b1fc7d1bbe97735a317ed43c71cea04b99dd753cf1af85b91cb6d59482904b0e6fb8e03a1c68ef386675e93efce594af7fed8879608b285689c56649
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD54a530b40ff6a3630d35970dbf3602ad8
SHA14d4879a097328c08ea75f10a8dfe8cb76dadf36a
SHA25600abe44031a185be586c538ef742517a56e704a67aa29fda40499cd2c8ce423b
SHA512c62465e9b38a2ad79eb1ad9f6a862deb6f6a34be8ee3fcf23190bb31e98a9e8cf312395df8b2f312c0a85817f658ae577ad7d2706f08464005a2f6e0817af846
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5cba41ed77cf6b1dcaf2d9d3aef8cdaed
SHA1d0a79bbced53f8a99aea86b8b2e6b9e6b2382001
SHA25622d11256657d7691c3b3e2ffe9b2f6163cd4dddff80f4421fceab87de483b85d
SHA512317096c017a56edb4e89b614a79bae8fe6afe71c42252df42707bb1c0df7542b7eec87de066559a7bb660ff21469ae4b34674ea26da4d31f6d739c2ca173a093
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
2KB
MD5b31f4a951713cbcb9ed00c16840db8a5
SHA1f3b54b29aec1762fa9ee2b36dc124e6bc210d556
SHA256803c284a26f2f4f78eefab4c243b7ac4db53d111561603ac1fb4d7eb841caa3f
SHA512c10ebfe61e141ff21fb07b83c83dbc9577731e5fc00220a81295df3c4fbd827b80db600da6b1d06732aa177daa8a53546be4d23efe7b3dee1fc64e1560ffde55
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589287.TMPFilesize
203B
MD5fdc6847a81421424ed3a84b0c58d18ff
SHA1bdb91db10c265cb5fa0ab68acd3d10ee6b931ea4
SHA2563bae2123cafed035c97429e8d45e755008347397042b248882fb5e3cceb03293
SHA51215ea11448e45a783c33809adafe8c783f33e5fc16756ed9903bf02f5ed7b5d2452df325072c21f32bd3df623c64510325650cd559535589513e249909b7fd145
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a2cbc1eb-8312-4b39-bd11-5ae06a11e305.tmpFilesize
13KB
MD5b497a60587b94f838b6320348f25ddc5
SHA15a9a249305155360ee1d8c42496c2fac91c2d4f1
SHA256afc3334ad1432412fa2a0b3a364d243616946eeb0221fa17dc6646425395f6cd
SHA5127239e71bbfb239e1644cd2b3b4ac6244b0555da66edb3362b46602b6badb2d59eb614356a5c981c12c7375a300ea6953b9a889ede51c0f6a9e44c42ba56e489b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
11KB
MD5090adaf4d9dfbbbf83606ac4175c5069
SHA190762dc4d5ec301cbd781fcdaa9c843c69c74ec4
SHA256d009c1ff033770f07d592640c659e5881f937c0d1a74542cb59a2c57c3b5a6fb
SHA512476794d343cf6a7ae00a692003969db149a935e4e49f0cb49dada33e2a5c7e8c9a6df1e53a82c5eaf26f359693664af301b86e40b0b7c3597ba6658f8e5ef84c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD51a6840a675ed0f34af3e9f3a393fa0ed
SHA1552d6746af2a2bcef2d8309bb468a44d1431005a
SHA2566953a10d47d2b713ebf7612280fe1fd828b2120d48b895eec16d1732cfbb049a
SHA51273011cbbcef506a3a77c13acc90e741cd725909716a0a7f3e5fa6c4d182539383eaa407a6e69b9a7a27a694201e6d540950fbd684753b76fc5de37908cb4057b
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Echomicbooster.exeFilesize
78KB
MD555e51896036730dbc2d177cdc2e161c4
SHA1be2a7de4335ee07b838878f8f595029ea0c6f4d0
SHA2565cf5cff44116e13f59cf703bf82655fb9292e54e225deedcfb8c5bbe68f0cc23
SHA5120f98199c661540309b45e9b0593a5d8a64371b3f60bff3f68c05e0f6e47aefa538193405688846bd4e3d0ff798d3476b0a09b14a4e9cb7cecc8e446cb44562da
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Samocar.exeFilesize
533KB
MD5d226a6ec1e03842338b5132ee5543dc6
SHA1d3014069af07ffe84a90a899c24988f26072c9e9
SHA256cbd454dcea30a22c49253df5a8cc419a5849eaf46047f405759a1e1beababda3
SHA5124433829570118abf2a398371bfb7f9d8b56379717632c907d6d91f9d58d308cde927021ac724fbc55ff17535fb7d4d0a57647f601216964f134c560db7a55f4d
-
C:\Users\Admin\Downloads\Unconfirmed 118804.crdownloadFilesize
844KB
MD5c24e6942163415303be4f1400586c642
SHA1a6b05d335fa74e76a1f6c2b58d281a0b3e460f94
SHA2568c603818591ccbfce8c5b7c64e565012286b12878b8b5e604e1b9fe61877f4c7
SHA512961ec3f9848be02e4109b2c7937e9b831ef07b030c3179a2462766100bffa2d3fe265e95424b12d4376361d133acab2c969de2103947c23a6943e4356ee56dfc
-
\??\pipe\LOCAL\crashpad_3044_YWPPBSLJGKBKGLBWMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/2800-432-0x000002D47EDC0000-0x000002D47F2E8000-memory.dmpFilesize
5.2MB
-
memory/2800-430-0x000002D47B200000-0x000002D47B218000-memory.dmpFilesize
96KB
-
memory/2800-501-0x000002D47EA10000-0x000002D47ECDA000-memory.dmpFilesize
2.8MB
-
memory/2800-431-0x000002D47DA40000-0x000002D47DC02000-memory.dmpFilesize
1.8MB