hxxps://www[.]wurstclient[.]net/download/

Analysis

max time kernel
64s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 21:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://www.wurstclient.net/download/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{23DB3F3F-6646-4A34-8991-65A0D9D11ACC}	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 234354.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 991401.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2088	msedge.exe
2088	msedge.exe
1544	msedge.exe
1544	msedge.exe
4920	identity_helper.exe
4920	identity_helper.exe
5484	msedge.exe
5484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of FindShellTrayWindow 39 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe
1544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 3500	1544	msedge.exe	84
PID 1544 wrote to memory of 3500	1544	msedge.exe	84
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2888	1544	msedge.exe	85
PID 1544 wrote to memory of 2088	1544	msedge.exe	86
PID 1544 wrote to memory of 2088	1544	msedge.exe	86
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87
PID 1544 wrote to memory of 1504	1544	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.wurstclient.net/download/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9931e46f8,0x7ff9931e4708,0x7ff9931e4718
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2324 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:5476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:5204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2028,15599631204051225882,9323657354686993762,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6012 /prefetch:8
  2⤵
  PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
118KB

MD5
f6b3b1914107e3457974388f3bbd119e

SHA1
91b30317f3b20b50a5840885c5463dd4101043c1

SHA256
2e09087c9c75184e8fca26c35e6dad7590a3eacb669926eba40672870492e693

SHA512
841cb748132c5597c0e6140a733a08659cf4c5b6f86aa28bf75958de173980d6a1509604ec24235c729d601b9ab46ae6c741c7d3db9433ba011e24bf394f9c61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
39KB

MD5
8228aa52b28f211318e0d6b8d779b1de

SHA1
3adf436b4a0534d83570fac0908029ac71e247e4

SHA256
5504e67afa20b635ee0ef40d13ac940b8d3a6d8b6e64cb5f2d23915900c5a0bb

SHA512
087df9c05571ed5115effebf9eb10c468e2b46ce9fcb733fbdb3715aa812df35c5678c7a718916e943c1bbe086580e37a07d39cd37ef30472c6b395531cc6115

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
51KB

MD5
5c57c6e22977bf4639716569b3a86696

SHA1
fdf53cd2b6e25eb2a810f17faa22c39b39c63a03

SHA256
8e2edaab32df0eeab50da3d81607b906a61377b60c3340d0466de6ede79d77e7

SHA512
24bf6ca6c8febbde38e7dde6a290328c4b1f9095b0878c34b703f16be95b02a6405f42ba313c61ae6fd1f508a644bf832e2f79116cd15f2c6a1d600d084fdcc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
142KB

MD5
eb865c3cefc84ddc4ce2f46378830e58

SHA1
a539cf1cefddba749ab6b08b98c93ebafd8a559c

SHA256
58ab651bbeb1edc9f47f96ab629d8d9fc32b2de26b99e37026805f427aa233d1

SHA512
4e068e24ff3dc8901d322c474d189ea1968f87cc6c769a6638b7c0c6e3c851a55a3754f76729f1af5fd191667f32333858f082f1f724207dfff0128e570f3929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
43KB

MD5
db682f5c8e7c43056833b280c3c7c32b

SHA1
9f06353df8112827eab2e1e9da67ab56894d2614

SHA256
645588fc93a8c533acc341a4a7e0bbc5d58f50015c86e97befe28df88fb3844b

SHA512
1693a10f7fd981b57e20aded7bd3b302946eb3777b7e3e26c9b9158a45094ed0729fff90c69a694a7979f7bfeab2ea68b5d5c09a69da088ffd569054b0e74801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
20KB

MD5
631c4ff7d6e4024e5bdf8eb9fc2a2bcb

SHA1
c59d67b2bb027b438d05bd7c3ad9214393ef51c6

SHA256
27ccc7fad443790d6f9dc6fbb217fc2bc6e12f6a88e010e76d58cc33e1e99c82

SHA512
12517b3522fcc96cfafc031903de605609f91232a965d92473be5c1e7fc9ad4b1a46fa38c554e0613f0b1cfb02fd0a14122eaf77a0bbf3a06bd5868d31d0160e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
57KB

MD5
a1be93bd66eb6e5e1a931b68b0715bd7

SHA1
906cef6fdbbd9e706f188051dc7ec6ff8d4a75b8

SHA256
b178c75dac54ae51a4edbd6db562dfd3d175ddd0b1dccd8eec1fcf464c15384a

SHA512
8fe3ff6ac21bcdaf64cdc9564f5729c41024840c912e9e9d4ec2fb972b965f559dec6986563ccb33de89446c7c9dc5ff6b81ef3cfcfbf925bd9e1452eedfc6fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
20KB

MD5
8c34c7b82f4668c975defa63ea3c9911

SHA1
01aee6e4857efb1898934c58dfbaab60a9bafb75

SHA256
6fddf44c880fa4ab45d21e764fb4371c8820b7b1c49502ece0fb5e1eab95ab3e

SHA512
7b8db2103dedf6b36759771c5b0451d6e2feb8ba889a07f1dbb869c229739e4343636ab5fe0bae8ff7ae5798d533caf3e408e34b71be72d0bfdd076da5a6104f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\07b8e8f5e5ff414c_0

Filesize
54KB

MD5
972188f9dd950bb3f2531f8b0f53b4b8

SHA1
e1f471d005335de9f36e43417b3a1ab5bebd852a

SHA256
f162b76c3e8d8917066bf04f35771f1006bb7bf1e6b84d105e069e4ecae70942

SHA512
12d5abe2e2e4d864471e29c60fe97420ddb3210a09f6339a964c8bb889af72841987d32f2ab7f4268db0d37ae67eb5257cc233adb7b9f5d651bd864e2ee99af1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\afae69b7335bcc0b_0

Filesize
31KB

MD5
6baadb863a490f929e5d911b552d71e8

SHA1
8ea488a0133f5561fb1400d57a7b186108339830

SHA256
8ab1932c1abb5799237e48c8f38d29912745cd95e5e6a2fb7ee7868d90e9c51c

SHA512
7f151542ff4d28ba0477f22054a68e61e9d116cf2b1a0941ef31ecca72bc2fad06d2ab218cfd1f2585327ac218eedfcc81e5f426108e4d1aeda737ce09c91695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fe12922cacba8d29_0

Filesize
3KB

MD5
67ea3dbd451341ddf4b3106c278a75fc

SHA1
1da1603b1b7119abc9db7579d017cd69819dd47d

SHA256
890d4dee4bb382cbb71ef85c1cd99402ee248cbce8bbb7cdb9684ec6a338341a

SHA512
d62a3ebacff8b55ce6c42cd463ad9d11e21283c3e6bdb901081cd2074718165b8539bc246009adc4e09c0ee88cfc1a88778ac917f73b25e17e822b035ef00193

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9d61584c51961f3293f1f53b9a2347a6

SHA1
acca2774df0e01ed83625ff985447c1b1ef3fe1a

SHA256
345a4035d6b01bff946aed894b0ebae057fec797cc56b4dd8a0c499d17ea51aa

SHA512
d0eeb3a1cd51ac02624a084cc2856274f1a35833921b4ba3d57bd94e404216f0f381b64ade9d48594033477bff20b6003920f5d05b48f5d3eb0ac468ecfefecb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
55a110e42d521f52202d1b0684995678

SHA1
b148928636492041e63be0bec80833a6f2ed14e3

SHA256
b9c46813c98b59880542c10e7e8deb557368c2aedc7d4ab3f3548d4022183595

SHA512
d35986f275d3c79bedee8951143fd9c61f958132f33dcd393d9de491dfb2f2fb902b0fac97f8a5d627375d20f16e10ba26da05b35b8915017f0c31c494002683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4e7b10e780e951e275f71b9f8c411bf6

SHA1
941db5eaf9c786c5f30f9a5fc2b1ee5063a73684

SHA256
dc9accfb8463399a8fa15ffea72609e69139ac491ce055db5011be56811605a6

SHA512
6bc24765d261845faeab97571125c1315a0e6ab11c695ae6ee6e2735148b0c07687b433edb4b0d51da030ef41c1c2c5e996c74d96498a69a8617c7d4f6f9fa91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
05f81bb843427934abf896e42e4719fa

SHA1
297e7f21a5636e182507e38f0127210633595e46

SHA256
0d5dceb19929202ba5c6d7b42da001509321f935cb07befb955c18fcddcbe83a

SHA512
ff0e5b51272fd5e6d6508f63f0ef6a008829563a3c9cf2d8b07bd76ba342f646ca34ffc650369f01761a4c67e8f11bbb4082779c4672df6a5a4aa698fc49a1ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e0066443472e8774b3842b4c2c9e9104

SHA1
7b95a951eea326aa79226dd3aaebd7ee8773ceb6

SHA256
b1ad822dc86ccda43e72a2ff1b23c2c278fb9d5db08a49d588c3a668271b095d

SHA512
1875b9c5d01fa3b3ab07f8cfbf17939b4f1bab2bf83cb705de5e1aba92b5c704209db7d42e41a86e43cb9b68b08368378ad52bf84f74b882ce6b781377b0f349

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
dbad7bc969b9ad469db4aab30c1919a0

SHA1
184c47c6ca220beb676dc16a5ea06d97d54c7064

SHA256
9f71141904a14f74debe59a5d6722ba38dd7340c25198c6cb2f2f008173736e6

SHA512
35377620747f83777b11b79972106f93f3406d2e8f6a522eff6d719d5ceee107e2f74519374b0ccaec7703a31d06df18f8283d7dea16ce1001a752e2c7a77620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
9800fb99004788461657c103ece25b75

SHA1
e820e1c2077568f3b608aa54467351941a8812c3

SHA256
1f724be217a1d1d3452e7463be0099e1310e2ed726e81d4ff5fef5989debde89

SHA512
36e22508bda70f4eb650d29aa2f5a14b7a5609749c348f4a05a4d3cb9c13978f63cb20b50fa7b142318063c1a203695bcb36276c88133428895bb978df7edd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
536B

MD5
dbe5afe432e4d78974e3c50f4a7631a7

SHA1
27ed3dad267c8693789a724d654bf682b3ad859b

SHA256
c882982f17149553cb04af2974600aa2cc8d8be534eb7501c572393ae2f84471

SHA512
ff52894f3db8a1bda5fa345b931ab4c3bc191518d25309448e622fd2cf46616fe07a8c4129507e8b3a07c825f1670d52bce3443c5a8217c5461069f5b6fcf850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ddbd.TMP

Filesize
371B

MD5
f377280173279b4910aa8981a95419d1

SHA1
07a124f5eddb79b7333963c51db588120f65c1f8

SHA256
cc4bedfe28f37b8f655ed77891746ebde62b508b3e91388031ea12619664a2af

SHA512
5b7cc0ec53cdfda4b7477a854456d42c3fd5f42d7821b0f11ff592d54b8a5f80b522650cb44b96c667af3182cbc7e546721487dbbe346c0ac449a6b24928bc79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
569e795f5a3bf1541f53443c0233a2ed

SHA1
60123d0de076b36d27578b2a62a98460013bc7c7

SHA256
8c2b92ff86bd5e83dbcdbc1784a209b0af9f5ffd062dcf7431413ccb9de2e11b

SHA512
e5a4ed3a3b0c272da75c332d04ec350bc30246de49b22cc5d6658df68444697fdc9e4f8a3aa6aceb20f30ea478b33cf3300c16c0b9ba9c4d44c58633fec2c970

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 991401.crdownload

Filesize
117KB

MD5
f2ed63abe1b169d885baf59623cf264c

SHA1
e73cb81b4fd036f6cac69541f01a6b6ff634c80c

SHA256
16c4a5b2d0a400894638820a1525fdbd1a02c98da3dad1bc7db803e8001cb195

SHA512
c995deb3bd6a4fc7c6a2d013db93cd9325e002e40cb559630048db9c95b9b402c31d595ee1a4bd87d2446a6d34923b67306c1a2821856f10eafc393362649535

Download Submit