Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
25-08-2024 20:03
Static task
static1
Behavioral task
behavioral1
Sample
c177ec516d070e9e4918daa4fda0ba7e_JaffaCakes118.html
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c177ec516d070e9e4918daa4fda0ba7e_JaffaCakes118.html
Resource
win10v2004-20240802-en
General
-
Target
c177ec516d070e9e4918daa4fda0ba7e_JaffaCakes118.html
-
Size
77KB
-
MD5
c177ec516d070e9e4918daa4fda0ba7e
-
SHA1
d8e9d375ded46a0afbb1e7ba83520415ae66f461
-
SHA256
46f2b6c8e47cc8deca4a0e1b80327e53bf285bbcef0a0d68b07a710e9eac5f66
-
SHA512
ca18e1e1ed6f657380ceb85d055d1636a6d724666cbbc496a7ec0f661802031759bd2031403b09100a16423581f428fe120f75a440d667cbff82cd32abd30d98
-
SSDEEP
1536:pwgr8VkeO38eWhy8nIfSQ06hIpu1MeOKaS6cgRrmdB+F:VeO38eWhy8nIfSkhIYMeO/gdB+F
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 2016 msedge.exe 2016 msedge.exe 2900 msedge.exe 2900 msedge.exe 4308 identity_helper.exe 4308 identity_helper.exe 5452 msedge.exe 5452 msedge.exe 5452 msedge.exe 5452 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
Processes:
msedge.exepid process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe 2900 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 2900 wrote to memory of 2204 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2204 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 1516 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2016 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2016 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe PID 2900 wrote to memory of 2212 2900 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\c177ec516d070e9e4918daa4fda0ba7e_JaffaCakes118.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8931346f8,0x7ff893134708,0x7ff8931347182⤵PID:2204
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:22⤵PID:1516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:2016 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:2212
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:12⤵PID:2064
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:12⤵PID:3408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:12⤵PID:2408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:12⤵PID:2896
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:2084
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:82⤵PID:1496
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4308 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:12⤵PID:1676
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:12⤵PID:4824
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:12⤵PID:5312
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:12⤵PID:5320
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:12⤵PID:6000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:12⤵PID:6024
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:12⤵PID:6032
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:12⤵PID:2760
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:12⤵PID:960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:12⤵PID:5904
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5308 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5452 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:5184
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵PID:2000
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,5796978096663619127,7797976294651135209,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵PID:492
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3804
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2264
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5ff63763eedb406987ced076e36ec9acf
SHA116365aa97cd1a115412f8ae436d5d4e9be5f7b5d
SHA2568f460e8b7a67f0c65b7248961a7c71146c9e7a19772b193972b486dbf05b8e4c
SHA512ce90336169c8b2de249d4faea2519bf7c3df48ae9d77cdf471dd5dbd8e8542d47d9348080a098074aa63c255890850ee3b80ddb8eef8384919fdca3bb9371d9f
-
Filesize
152B
MD52783c40400a8912a79cfd383da731086
SHA1001a131fe399c30973089e18358818090ca81789
SHA256331fa67da5f67bbb42794c3aeab8f7819f35347460ffb352ccc914e0373a22c5
SHA512b7c7d3aa966ad39a86aae02479649d74dcbf29d9cb3a7ff8b9b2354ea60704da55f5c0df803fd0a7191170a8e72fdd5eacfa1a739d7a74e390a7b74bdced1685
-
Filesize
71KB
MD5da52e38c98b0f2047abeb07609608ab5
SHA1da1210caff36df73e49a0c271ff7d573c2d20d02
SHA256726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b
SHA51235adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b
-
Filesize
33KB
MD514f9dd38cdffe59be03908f72ecd230e
SHA1fec01cf03f79c39be9a9e7de6a38021c68c5304f
SHA2561d7b50b44b0b035afe34a18fb604f9776861b8060a3fa6d1e1e59648ee81f1e7
SHA512e5df181552119f8de991e19156b3d6b1098d57ded119b3c6fc256d0bea8bbfe287a55f9d5200b719a7fecb01831cc7cd621b7e52c58f13c8611a2356f19c24c4
-
Filesize
232KB
MD5e436a692a06f26c45eca6061e44095ea
SHA1f9a30c981cb03c5bfa2ecad82bd2e450e8b9491b
SHA2567846b5904b602bd64bea1eb4557c03b09dabc580b07f18b8d1567d1345f0a040
SHA5121b09a98336cbc0c8ff0f535a457a3db3cd3902e4a724bb2e56563648ed1a36201dd84e63f45dcea80bb6edfe80a17db388379417386dec76341fb9eadbafa88c
-
Filesize
155KB
MD583f309bddf741a758a5c1fbbb30de08c
SHA1867379574338d1066ac4885ace54484b27790f21
SHA256d02b00be233253cb48a355f4209a62e1f65b986a6fbf278586132324ca317a7e
SHA512d325ceffa070641743c8567067773791ee1df0f511264f18a53b2160d5f01285091e76cd05ac8f656d905d698d720b9baf9beb48d39f0a02414cbb68c26d549e
-
Filesize
27KB
MD5b0f68294321d79bc9cac62a9e994117f
SHA1b15774a1d78d76d54e783f403db5b75a9d1bbd1a
SHA256a67abc9d09ef920da83577bb0900b0ea4e0b0364dbd008aab0f56295d2135243
SHA512a7dae50cb7b38333539616b449ae73c0c4b5699f3f1ac9660e418891386e8fe68090bb07bc1aa7605600f71e83a410c91b44779ad9c03dfde892d4b2cd02a19b
-
Filesize
40KB
MD535e6604bdd797949017ffc5d33b5693a
SHA1e42fe5d6c41475d4c0532cc525f0b988bde7d374
SHA25684a25d88323971afcfb47c27334910516bf75314b2975ef3e60a003d142fd7ce
SHA5123d8d5596960349530d128cedbb45d0daac8f459be5e72cbf4482c8e8521722a19e9bfee8cd13b1e2f01b7a6cd1d7ed9fbca1e5d921f7455c06249c21f5281601
-
Filesize
17KB
MD59a7dd9a35901af572b85bc2285c31570
SHA1dbcecdc6e62bb59b67d353fbbe581b80fa73f996
SHA25611f3acc6794c6a6ca750e20311a1bd3ba577403a8e4da9f3c126a37979611d33
SHA512ce51affa26857732cd3396b080828f0b72135c08f3292f81bcd97f2969ec2c1c1914f59dc0389a8aa71189b174be97d7562fb5e4bccd9be72b96efeba63453d1
-
Filesize
34KB
MD5cd05640564742b1a72a818d15873a1c1
SHA14673e5731f755d45d3899550cc48cb79a40585f7
SHA2560b940c2b7629585e9b218cdd1762c3c79003dd2ac37db8992ecbfb3728359e1d
SHA512b2df34cb210457ed5371085ca2cdfc59c0c1aa291865ff0760805a464f3e6a8ba26e77c5bff1e0ebbcd5973fd85833ab9e71ad2b1a2e2594f7a49c6fd7baa6b9
-
Filesize
23KB
MD5a0423f1305547bb6b8f5a4fb1a9fc2d8
SHA1092dcf1fe57e6bb53821eb754e04188ee70602d5
SHA2566add651cb411ed9ce9a17883c1522920a6ee3b4eb676f5b411e72d1a5e7de6e8
SHA512b8487c60b40d332e562cc5d4fc7c515e3b3c2c82311700b788905754c1376ce6f0da650583545a4691d51f04ec5da0c0204997214d167c85b788d4c85236c4c3
-
Filesize
23KB
MD533a83c16527e4531fbfca2631f653674
SHA187a63514c262ba4bffc52d2ceebb3ca14353507a
SHA2561156bb50a264543f6a9dc8922dd2c65d444c8bb11b3b18be95d5adff840b33b4
SHA512f1dba28d0f81aa0894436ae7b4ba76a2e635f002f666d17d31b8b21500dc2321d7862ca8dcfd22e44aab4d1f33112c076dc95191c889546a40f9c6197cccbda3
-
Filesize
34KB
MD5c5362e1ccbf0de936e5b3431d1013231
SHA17ca343a5e92cb2832b07980e5689e8281ada6c1f
SHA256d623276ea41281e2c9f7f9f094f21bebdac9bb5c8d87264f75f66492d1fa9902
SHA512a4b53ccdd0fb74691952f3b1298f426de03b24b9f2df4a107a54a414a09ef34d3c658d1af039212674acc63939cf7c79927a6451059415b9e02a4ae66885d502
-
Filesize
20KB
MD5a1afe33ce7442502a96deee597945384
SHA1fe34cd78635f5617cf238de6dc746058d6f88899
SHA256f7eeb570c60aff1435db1daf3767c0672634269789870ef91c69b2b90a47edaa
SHA512f8bca21c3fd79d63c8265f5dfcba95419eac697b42efb600e7c33d15dc5d9c3e0d0d360da39e14004facaea4cff4dcfc00d7437979283ce0a2b06916b69b8c80
-
Filesize
136KB
MD54651a4bc4ceaf8d1811aea20ab8584cc
SHA1e9ba2c1e8b5f2391eac8fce3567c920a68391c11
SHA25673cbb0b6d9c83a076751991cf4db53e24f0a83a6124d74d5fd66cc1d830ba138
SHA5120e2552bdeed8ca32fdd2d9d90c1dfac85514ec4f54840778566b9cd37649109487473b1cd234c0195ddd17e127e185f8782914b2e7dac9bb26fb8233bf615fa1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD57a34ecbcaff723b013ba19f85b72384c
SHA118143551636063cc60cbc35e967e901b652c7711
SHA256faf91e99522bc10a70a81f467255f69e22978043d4023848c755151de4eae5a8
SHA5127eba06f930f07eefe75d3a87832227796f4f76eec2cbbb240239733a36044a6b069761fd8433d336ff940f61d07164b2e667f12ac443c191da7c7dd984145a5c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize264B
MD57d48552c508ba68624caa62eb09ba906
SHA12d7ec6d742442de62f573edaa54b8e1c885c4bfc
SHA256688b8b1bbf1dfe902b0225048eae05abb8f89da04204e687fbdd35ef86e5a049
SHA51251278d6fc82ae064e9bf5eef4a6eaa0bf8da572b07473433fbbf327ab0acc261dbd13ea2a535cdb1545f3bca6fc17e6458dccfc125549f98dea90935430bb5d9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize384B
MD5c8109cd8b97d130aa6af5c6845209757
SHA1927d170b594df3ed338591f4c58d9e70add4b58a
SHA25678e892448920ffdd811ec259f5272f3010222e72bf120cc909fd1f09f3772169
SHA512047a31514516d1db17161b8339270ed47eccb81bc8e8b38d58700a15301f96b428fa6dc69b95d9611df413e61fc1f0df78f13ac93d5867554d41813b06291982
-
Filesize
2KB
MD5b3ee9b159a0749fd8e29819d51bc3cad
SHA1e1b4bd638248cb1cc528d61f4f4033de5f567984
SHA256ae332fbc2631249fe864bdf4f990a6092262cd201188a153ef8d6d0db00ee766
SHA512f84e6b77a5e76ba4f67942afabf1f24740eb2f8604d6ce2cbfd62f8ad75368fcbf487fe02efea68d6bb72a23613edd59ca7a7f573c15118731d92419b135f7cf
-
Filesize
7KB
MD52cf89dd20d7e40c99e2e72e5164df2cb
SHA1b3a5c3026c5bf260609b3319ece8fdd4b102feff
SHA256ab018b0f6a211b3a19d60052465d73749b7715704267753b332f7ded80476982
SHA51296ff06621b3e65c8b3fb29a64edb6833216b600a7b36b8c676be9efd62c43286b5441ed2cbbc7b1e1578bc4ea86fc245c0c5ca848f8da10fdb6ba16628555a73
-
Filesize
7KB
MD531d4645752ef8c7889b4570b7c0f6907
SHA197d9b5865543ccdd4d743489d2e94abb0bd4a2e3
SHA2568f8ab479dbb13644035c3ca8169605334b6827fcba6dae0ff1d8c6be53847d48
SHA512113323d4dcd39db884c9222a67cbe40d069e9214286938930f562cb1c0c1dea56791d648664aea94e829c6720f6ce79c08b9ed8648a7256b8ae98add2c76d1d8
-
Filesize
5KB
MD5a60606aaed0dfbd6cb630288108f922e
SHA1388e049d8fbe71d49221d23de4b6dd35e315cdd2
SHA256dfe31b68627c4c947f2de0f19691428a06ccebe98005543ef4aa5821aa768b41
SHA5124a5300cd0e6f3da6c7091cf535d02b33790d9fa68f33a4f5aaf270f2f863ebdbcf2eab26726b3caecfb29f029cb74ef7e7152abe32a3b316253cd31acba965b4
-
Filesize
7KB
MD54824a019e26b712cffcff08f521d4cb3
SHA196f41ca2909a4f2ed7f4605de9cf2bc87bdec995
SHA2562fcccd01f81da46f2a6d030ca27fc88e4339b59565fdeed9d6198e7bcc38889e
SHA5122d3f8860366b9e6e7e6fee8cc7418ab459070d1672111413c8a2270285f95b7e74b315aaa7c95b73e6b6af645e6686d1e6aeef2f9005994094e3053d0719d9fd
-
Filesize
698B
MD5725199891d2629b5a4d61043742a99e3
SHA15eae5a1768a3f08417db7bb58364a067efa10c0c
SHA256b22e813e6ee151c5f6f6d2c7f3a8034a2f1da9f4a229c4a7536a2c0b93771117
SHA512b99f5a5c241709a57f662a244aa14ae2b5abff1cfc3a9af535f133f48f8061ea4582c2412f3f96130b8b1c9ef1db89ee04d483f7563b218f15df6c3c564637cf
-
Filesize
706B
MD5e2952572a1e01e4403a07071e359e843
SHA180834bba6f0b744cd456141ef878d2760e9ddd88
SHA25614d1ed42347d2449b7a6578282829c5d102770883048863cbf3c14f13fa43ef9
SHA512a0f38cae3ec819b8c7715a32581993255c6de9aa1c0db8b72e4846d95930ef91e0ceda8247b42969569d94834843b8f10224cf319d63d4e002ccd4c3aa0cf046
-
Filesize
706B
MD51a5fbfe3b5202a00dd96a026ca368548
SHA13bdf5d2116abf61ef806996a7fe4af598a0b375a
SHA2563e92590481a065298a561d7b0685ca4e66b654ca30cc91b4b6dcbabeecd58e39
SHA512edee4e2cbba2262c1f7a1b54c6d58b3579aa0ba57f0918623dbad4e75f2b7d52e3836a700098578d2a195414d55a42ddbf2d24dfb4b199c3db4c9678578c3990
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5c3fa7a6e666bd938a187b3841a97ee33
SHA17774ec4b327f1c5107ca99be194cd1cc024a0a61
SHA25614dcb5574c86b97a9a17e98d349114d5f163276301bbfb6b5143b8be7e49e337
SHA51239137b125170d3c9071ac2eb146dc0b407c86c8ae826d4db811b6896b5fa9bda9b4a228d201c6c84d526ec4c78087e3001e0c69cea1e17deaf2659f199efdf22
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e