53cff320dcb8fcb38ab070e6cd540d552d72458b89686ac64805b932829b97e6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 08:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa0a6c1b77ec21577ec94efc853c7a63_JaffaCakes118.html
Size

191KB
MD5

fa0a6c1b77ec21577ec94efc853c7a63
SHA1

1e1537d02f90cbed160b790084c8a7d79f669216
SHA256

53cff320dcb8fcb38ab070e6cd540d552d72458b89686ac64805b932829b97e6
SHA512

9d6d0e800609487cb057c22ef9dd2f1708109885ba6db0998bcd552afc71c072d9368cee0e78f849e71c49e5afa5fb40d35a7a0f6f97b3e5e1f7d2f4de9ef349
SSDEEP

3072:V6OfR7tOeo5PUNhysZedyQvFkyqBMORvhODo6xt4R1Pt:V6OfAvFIZ

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
2232	msedge.exe
2232	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe
2232	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4788	2232	msedge.exe	82
PID 2232 wrote to memory of 4788	2232	msedge.exe	82
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 1344	2232	msedge.exe	83
PID 2232 wrote to memory of 3508	2232	msedge.exe	84
PID 2232 wrote to memory of 3508	2232	msedge.exe	84
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85
PID 2232 wrote to memory of 872	2232	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fa0a6c1b77ec21577ec94efc853c7a63_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8996946f8,0x7ff899694708,0x7ff899694718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6704 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7060 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6824 /prefetch:1
  2⤵
  PID:428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:5216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9100 /prefetch:1
  2⤵
  PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,12999320192610100909,11639290249508800814,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
23KB

MD5
c897f8479da25ec570027594f1b4db24

SHA1
81a3ff06cf35a87e697fc4733966dffc270ad06b

SHA256
7fd05e325904c9c31e435d5c65b9b4ffa11a9116d1df0282d6cd7c87ef6f1dbc

SHA512
b1c1c46810c3bc5c407f7d30a9d74db8242860965d958ffc5bfeed35b1204774843775ae81b8c414ea89322d00d7ab97313965e20cebba588edf13b9b8dcbc10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
23KB

MD5
2f24e0f5d2c2997a89fb4a8d943c141f

SHA1
99515bde1a5bf72105116ac902ccf3db1dd3df29

SHA256
60c9ecaf27ba56d7c35aa78c329aa7dfa586e6c71ed3cdd0019ba7e767b18aaf

SHA512
0f4c5508dfdcf0ef63141df8d29c76e219d2ec433d59d37d7f17e110b455f24235fd0bc4f539ad5adc368285536d73f57dc4e21e3201dfd5753e76789208989d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
25f843fc2bfdc630a441da77e15432c6

SHA1
6066f7cd53096bbc2e529a9cf84cdd19f8e72311

SHA256
cd83b7de36a65c6a71fb7946b22ec51f4a713c202447de55bdda8a67bc839f8a

SHA512
1273246dff6b06bddc5d282b78bef14b28b9c9d43712e370dcc062419ff9578067968d2c3d740bf2ebff10104e70970ef58c1ec0a4e07a6db587ddafc27c068f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1d3b3d449feeb326c38b177b48e1e977

SHA1
053076df3e3173d8cde8c243435e89aa598adea1

SHA256
23738dfd06acb745af38cadde7aebdfcaf3594826beb068e9290cb6a8907e686

SHA512
340db42d1dce681ed62b321255c5a5429fff35b19afc4c957d3f792d92746063a3698125326de58e6593d9b545ae1c084fb03c081de9712e518c1e7deb79ffa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
7a986ac180dd0c19e4c257fb16dcc903

SHA1
4ff963218017008edbb056a0180942a69d948550

SHA256
d2f71456dba52076e008d9634bfc87599a5a5f83934e4e7bc8a125918d21f149

SHA512
d1405871174b534b036bdae5c5f0c093873bb1808e3453a04b10e0d9a7bb96be05cc62ead0491f5241d62deb1969ee187cad7b3dabcb17c27e49b6b18d7a5c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
16e7a7cf6f63d5d5138b94a5e2d32f8f

SHA1
41ac6a44f5643bf249bf7f0a1b4a9efb3127578c

SHA256
98df1ceb793a1f0578cca63f359dce7a088b57beb3a2409ecb464c21d9b7d1dd

SHA512
34b68714b81a5fe27bb66541e1741d9dfe9725fe6bfd21a89a4d0f2da988dbd4630cec965e3507ed5f67ecc302cd80e085f2561636f13a2d41b23a4e1d5176c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
843993322d419b71a57ef75785051002

SHA1
20e7db0a912b3aa2fba8433b52ae97d1ca04f5b1

SHA256
b9f5e20f567be19b49cd1ad46ead20bf58052fedf1b5c23f8b98d910f269062e

SHA512
b82010c39b31a27be41dc472319f4f8c3a2c8a19421e6e638e0cdcc9737610408090d0ea6fa5646ef8e72cabbb81e0a8c142705a991eb026c1efe89b0960ecca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de068af801bdd7739f0ff66ab38a3b01

SHA1
6f0ff35f91eb13c5d69d4aa34e8bddfbcdb687a4

SHA256
d9e5406dbf00a43b488df035aec314b55fde007b5c6b479e01e98168a455ac82

SHA512
49a49949b91ab5ccde735b3b2e59c013eab6fa5212d2ef8fb18e3ffb23587de8fdce2a28dc6d5bbc91f14165b76a2f64a1474599cccadf00697d022f63a2adcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
857873ea2feaf716f156c692fe78ee3e

SHA1
7184408467a533f07a194db64e397c88a6bd6465

SHA256
0aabb3ff20e4e249c2358204b4e8f2b56c4f6d6e812cf5dbb17a9a368ef62ca0

SHA512
51b15e849e72ec19962f8c8c6c1629aded54be403f268a30768a609925c86d2bd71688b78b5209774ddc6fdaea932cddcde1a54b034a48734620e54a6fcdad9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95de8899d222859202859b4f9660ec84

SHA1
95a68c6131ec93250fe0dccf37e2edc3da4b9c9b

SHA256
bf0ed0f466e0213d04497f047ec8fe16d19d0db5440efe1fb02421be72a2e20f

SHA512
36490f0d527cac5de601faf982e9a8ed83961e38290669452d3b552f0e8d4161d3398973b71df8fd65f164587711729ac98e0aed9878c22568521c0f247063cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
71cc4d3ba04ba9c9adfc06d35c6ed7bc

SHA1
00a081e2b6a92c665d40a718b0a790b0b8331eea

SHA256
a47b14f88e02e43c210ab60f9b4fc25a08ec3cd2ebd5936504bd4dca2ab81af1

SHA512
75aa8c62a28f37c62b97aa37da6696d4e79c964d9b68c0bd833b457d8c20df5df04a62af84af3e03db280b8b22aeff29a0fc45042eac2bd365765f762681998d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
85270054c61e82137a7fa9626547afdd

SHA1
12ec794812078daeb38411ca30ce2163d37d1afe

SHA256
c43ddf8154013a2b5e0096484f889746a4288746a772172ea1f850922957fb36

SHA512
66bffdb223f9b85e7efbf544cbf36b5270561283313af79ca8a52f0efc87aa5e800c23d2f44cb46229a203ed92e8886a23cc3d8bea0d2ddb500cd30c12ca3a02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5834f6.TMP

Filesize
1KB

MD5
d8d8f55aca58c478d94bfa2df221c27f

SHA1
ad8618bf878f60a43a423d3da9a607d7cd75ab3c

SHA256
6f7bee53a1845036f35c7c71d2124b501a1dd159c6557c749ce3db5efb2e477f

SHA512
cda74087bcebbecc13a3e4f7d45fdbc5db17a576092fc67fe3e0d59f053a2df2b95cc3bc3d310eb251cad08dc44d86b124ed5abbcc19591d6dc8ff3146c3c3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d41dea4084d68e6de558985c9d9c66fd

SHA1
b7ed696ab258d4304acea01512d1b12b1132902a

SHA256
ea0ce5f08255b65ab19cdc50d1869c878f138acb09dab856b5ec0cfff978a72b

SHA512
50ef63af13e276408ae9813a18b7264081cd1e5faa6d812248c461407071deddd4f2719a5aca3a75c9b3cd9f8fbabdf98f4bfcb5df3031e2a14c961bef052a5e

Download Submit