hxxps://5noo5khbb[.]cc[.]rs6[.]net/tn[.]jsp?f=001Jb4tr261SY9XMbiL78vhx8uaSupmJnREmvpf1R_jY3mlJRSSKdlX431fHLwdmM39nOhutPvWdmA9X0jJJYMtg10K59ZEwZIp12IP5Nt21PPOYQr1A-Om7bCRzAbmgzXB2R9Nun1WIrQ5XJkP0PzzjT_aLZXEP9tYo3z2OeVkP_n0535A4oS2jcnZEtsvyxntg-oT3anbW8tQk-lLCnrQ9odTC9mXGvlqAjcBUd-OYt36edj3eTDIM4XwIetF1OFVNfZJJwbWWOo7JnRTcMx2rCnuVxjez6USK3wUx5jyan0=&c=AaoCzfHGSP8LElvIzCwI6RYvk5m98X8iIi8O9Pk7RnJCGBOvS_ccdA==&ch=27v1Lz25RpndoNDKVCqhIyD2PJLZvyWmqY4B8M_E4alYe8CHZSdSxw==

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 17:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://5noo5khbb.cc.rs6.net/tn.jsp?f=001Jb4tr261SY9XMbiL78vhx8uaSupmJnREmvpf1R_jY3mlJRSSKdlX431fHLwdmM39nOhutPvWdmA9X0jJJYMtg10K59ZEwZIp12IP5Nt21PPOYQr1A-Om7bCRzAbmgzXB2R9Nun1WIrQ5XJkP0PzzjT_aLZXEP9tYo3z2OeVkP_n0535A4oS2jcnZEtsvyxntg-oT3anbW8tQk-lLCnrQ9odTC9mXGvlqAjcBUd-OYt36edj3eTDIM4XwIetF1OFVNfZJJwbWWOo7JnRTcMx2rCnuVxjez6USK3wUx5jyan0=&c=AaoCzfHGSP8LElvIzCwI6RYvk5m98X8iIi8O9Pk7RnJCGBOvS_ccdA==&ch=27v1Lz25RpndoNDKVCqhIyD2PJLZvyWmqY4B8M_E4alYe8CHZSdSxw==

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-355097885-2402257403-2971294179-1000\{E85484C4-9885-4F46-BB12-4DFA41BB7EFB}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
4516	msedge.exe
4516	msedge.exe
2352	identity_helper.exe
2352	identity_helper.exe
4672	msedge.exe
4672	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe
2872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 3612	4516	msedge.exe	81
PID 4516 wrote to memory of 3612	4516	msedge.exe	81
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 1084	4516	msedge.exe	83
PID 4516 wrote to memory of 3516	4516	msedge.exe	84
PID 4516 wrote to memory of 3516	4516	msedge.exe	84
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85
PID 4516 wrote to memory of 1132	4516	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://5noo5khbb.cc.rs6.net/tn.jsp?f=001Jb4tr261SY9XMbiL78vhx8uaSupmJnREmvpf1R_jY3mlJRSSKdlX431fHLwdmM39nOhutPvWdmA9X0jJJYMtg10K59ZEwZIp12IP5Nt21PPOYQr1A-Om7bCRzAbmgzXB2R9Nun1WIrQ5XJkP0PzzjT_aLZXEP9tYo3z2OeVkP_n0535A4oS2jcnZEtsvyxntg-oT3anbW8tQk-lLCnrQ9odTC9mXGvlqAjcBUd-OYt36edj3eTDIM4XwIetF1OFVNfZJJwbWWOo7JnRTcMx2rCnuVxjez6USK3wUx5jyan0=&c=AaoCzfHGSP8LElvIzCwI6RYvk5m98X8iIi8O9Pk7RnJCGBOvS_ccdA==&ch=27v1Lz25RpndoNDKVCqhIyD2PJLZvyWmqY4B8M_E4alYe8CHZSdSxw==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xd8,0x100,0x104,0xe4,0x108,0x7ff9ada746f8,0x7ff9ada74708,0x7ff9ada74718
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5772 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,16380461180243434683,12077380132477787742,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4968 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e4f80e7950cbd3bb11257d2000cb885e

SHA1
10ac643904d539042d8f7aa4a312b13ec2106035

SHA256
1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

SHA512
2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2dc1a9f2f3f8c3cfe51bb29b078166c5

SHA1
eaf3c3dad3c8dc6f18dc3e055b415da78b704402

SHA256
dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

SHA512
682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1f598013-ae2b-41f6-b70f-e8035adeb1a9.tmp

Filesize
3KB

MD5
69f0c24d7f9ec55f243b1a8816176efb

SHA1
b72dc94e18ac30d89f265a65fdd7b9435fd14255

SHA256
f9b2f42908549e2eddd0571ca58669380d23e94390139195c7861214ff73fd80

SHA512
c12a7eeb952c4c85f50c4526ce7b5539dc666f6cb2e1fa358d9655aebfefb2e077f1b05bf78fa3dd5265a1d28d96b196e63c5c99fc0dc3b118c35eab9edf11b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\597a4d52-01a9-4e80-8159-5814f567de4b.tmp

Filesize
3KB

MD5
bd4b68c99b667ea4c168e5d1293cceae

SHA1
704ffc1700adeefab52be3cc336dee2304f29717

SHA256
47dc0d1216a0c40f2584ee791dd556cce42dd1895df55cacc402d087ea327b55

SHA512
3e8807342635f399c25a2d2d57859c23b469cff445f8f1f27cf9132deaf7e8b1c89c3e88a20f4cde14d4819c8be3ef40cd47122fb8f74288306c3be0cd8e59ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
8b7b783e30070005d8d5ba201d18bb8e

SHA1
3097287a8d95865abc98886b42472156cfcc4ca4

SHA256
bc75b09d7b524e56929d2b8632feb98f63b8e99af6abc46d4a0108ca14384bc4

SHA512
c5411b8ab09b4038a3c42919110b782f882f8ece87e90eb368c136a93ded37418397c8e026204b37e8b34be9d2834480ee5cbc66f4d5560a216c9eb037839c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cc574df36da206188bc7e411f451220b

SHA1
3e8cad4315293226be6fccc9f54624a3aa54b29c

SHA256
e5e6cc63aff260f0df7d0e1b92e127d595943c1d36b34d48fee50a05e3cdabb8

SHA512
0e2001da270bcdd1343a074478a4b2fbcc90085d112f54a9d2e824a55345be26ad2e94cdd03db50bab311819952fed8ce6517b026e0aab290ae5e4c3f3f6104e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
54d8e9fb9d175ea0d441af6ff4ef2f86

SHA1
f0834ad1bc72283c13c84dc3351fff72c27e4148

SHA256
d156d5f556fc72be72aee2733605f2363f74314de99cfbe23d36f8266ebc2595

SHA512
add95c2e595d3fe7ab884438d24ecec5e2fc669903ddf454b543588e4aee47d276ab097a7c336c633735a01b1cc7188e0902897e9566af5fa801284d2a6a9eb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a25964e7c921bb04439708595b904e9c

SHA1
696ad5694fa032025e57e9b13ade8845a363d31f

SHA256
ba315ce4904019704821f24e8133956cda3a0c6c278e9ab769c6a3bff93b214c

SHA512
06c8a9dd9897caaa2e4e5c87f48aba22a106769ac6b07c4144a2e5ca3c754b493f5a0647249da544f8e68dc4d216493b403d19a66fb7574b6cb8c5a6e5c9e72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46375582ecefbbc70098a3178a5e92df

SHA1
d59722d4f755263f04fa3ca0626ce954a987a976

SHA256
3261f7b80c48fceb856d1dc5f902dfd6c5d9af67f21f89228ab3c9c0f25af6a8

SHA512
92150a271c7be3afc7286f9edacd79225b21910ec49c488e791470c8bece7c9e0bcd435a684e85567ebf155c578f1f239fbd7d22ddafc26a72c95da9361ca197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a3eb3e585572c6f4f12b0064ed8eeda4

SHA1
5a6dad3e112bd779e5bc78011d88638d0027e61f

SHA256
6818d8e252b564544c950b25ce4eedcf9f4c901a3230bbaef8b17b35409ba3d0

SHA512
01377737b35b497820951754177b3350eba8f2030e1fb1ee59780e80594f1c39565bc557d407ba3515c2838a38dc92f59119a462cdfbbd93486f1ff0ce7ff05f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
42c2e8373d90e601edefe609f3c8b254

SHA1
0ca742393056cc366e57dbce4d30b68d1329a0c4

SHA256
87e3d059cd35d3356048a3b90beb5f1fde52c5cae64e5185cb825fa4bfc4476e

SHA512
8a59b90b2fc171db09167b8c135a3f132fc05c46a5dfec1d3fd37832986a2ec519e72a71d2d36ea0b405074bf57d4d2caa206b900d11e5ac164b066557be31ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
db726487f92bfb8d4d21d2da12bc3a39

SHA1
bd4c6ecd8e17cae189c4b01dbd8f3a6f27a1b30a

SHA256
4521c9fe30acc2ca2047a86fc78675a7d3a09990bd1b08053ceb873b9892c549

SHA512
ed893829e82be329468f4a2dd0539143472bcb210916900b7d7723fea95c920d79a5d0ea09a7e855462876101e3d1b88eeb725737c03cbc256be5f55914ab728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
77aa131bbe5546f0faf27c803757d350

SHA1
355d1dc05c4848f06075eb786ef5acaca3b6a8ab

SHA256
647f3307acc12fc0f9c6a689ca9298ad8aed5b74d665f472d7232c07b501b4a6

SHA512
3bc4551ed356ee8afc331c447510636f7a6a4bff08b3d54ad805464d364f52647bbb716ca3de541670b24717c11162c6ee7191b33db495abfce2294928af063c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
41cf84e2b017b47ddecaab07b1e2e41c

SHA1
06151ca76187406b5a296a5bdc6f04b261fd0247

SHA256
4022a315fd8c36886b096ef7dacb17680fc657365bf727d55a36d8189d7a2399

SHA512
8beb22e06501a046e2466e82665967ff091252ec4e3de44601976ca79b9f5b258058ea1160a60f1653466d8110e30d2aa4a2200c953f48f749d7d9ef09057565

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a7b63c33a229906aadb810ba346cd9a7

SHA1
6fe258ef679986d0867c575216c714cce28d7c3e

SHA256
304ec92e86fc310864c72adb25bf25495ac476f4385a1d5c777fdeb7838a9029

SHA512
e037574996940d1c99c73f2ed4b375fd7e8df4d459ab875c97d78e3525c7c7d7afb1b1db72a0a61a7e9df380760eaa5221bec4549ba684f7dde0f464f1c51ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1d73a8bbe3d0c94b9288904ff8b5b0ef

SHA1
e29f9c3471f16dbb1f570196e0be6cec1c1075b7

SHA256
5930e1a10c8d16fab6fb4885d206ce3319778ec080ea5c0a62a95b780a846715

SHA512
02cfe78201db4ae10302b0009604b50388b47e9432862fa2e83c044b3e45c4dd155a1f159e1ab5ae2cc5bd16ac472d453784477085974cd0fd54b58117566622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
15500994f9435f0aa1b28e0b2c7cf14d

SHA1
35047b7d693669f54701478c07d53ac88b60639a

SHA256
c9075cd46030f81085c558e0de20c302e77ccc8c1872a45cdfedde75340d7bfb

SHA512
0c7fbd1ca3f43b0b3aaabc6e97171bb4b11d0c0d77de23a5a66b8127eba47541f0a7fb0b8db6c6bb28874a34ea50487ee8833bda2a21c104aecb456822d0aa56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
8919fc4469b94aec90634efc3ba280fa

SHA1
f1224da7ae5233dab40c67488dd262a539b062dd

SHA256
3f1151633c814074201bab9c9bc1dbed5e191ca194a5d297602214de8b9b3738

SHA512
d1e68a954e0fc39f298ca65d818b7e1777670e70ae1e622e2a8a7f3020600e1d74cace493d59750b35e358711b47a7e7ce7daf9f2fff97b1d0476d0077ea41e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d89d.TMP

Filesize
874B

MD5
d37c1c4bd962b1051581496830858f10

SHA1
214ed1d0cb6de48adc46ab781220f2b022c58d9d

SHA256
a03d2683a246c88f2c4058d8dae60c87ce54f6583dc8afc76efdd12bf72db063

SHA512
165f64408133581900ca6c4c9080eff037ae3019f575cd499b315f0effe4bc09a4bf39a6d98160665d095420c418f19de8918afeca0f2ba27f374d86cbcbc4c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b517cc38-4ecd-461d-877b-b98705f501ac.tmp

Filesize
3KB

MD5
2ecd07ad7f56ee83ee0b0767d3f4af41

SHA1
92e8147029d0aac9761fa4b36a6534cb7dc00a8e

SHA256
8c1787c3581ace2f834ff1dfdfd6bd51074de838da2cc8de41818eac67359617

SHA512
1d1a26eb6b1c68e3c9aa6bf150f2b2f3edf0135e95ccb903c2856016c07b128bb687c0d91ee23dd8d86f53dcd66ca9b22846df10b22bcff42e5a9cb7fc9dcb30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e6061885-e088-4ccb-bdda-4eb11b44a89b.tmp

Filesize
3KB

MD5
b8db997f590916dc50b06429cc3f1b0d

SHA1
e2c796b8422a9a65e8e398d2cdbf9ecee9e8cfdb

SHA256
1e2d22e4e6a7abf1f13c21d7312117a91587e900f8e9f3245ffaa42f243d02bd

SHA512
869d92987f0ddaf79bea264df226cde77cf80ea94b1f2a513431bdc83b026cb0308ca6fa3bfe47caebd4af0507b7d4600f0ebfb546b73d9e695a32b08b3acdf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b47afa0906f686ffd10522ee97a44eff

SHA1
2cff86adc245d2e44fe4dae59a735975e357bf18

SHA256
bb689e8d4fc45257710381374e503d0ca7770cbe6beb013feefd79e1e42ca59f

SHA512
6e20d3394feed9aa056389bb20a487b82c157f87aa8763540be514669790862baba7598bb8b637d29f273b44302673724c85ec613efe8dbc6d836dbc297ff576

Download Submit