09dd2d9fe7934ea2d88ab8a7d13a824bb462e73d9d2d982e26d8f9a35646e5d5

max time kernel
96s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2024 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Payslip_Amendment12009.htm
Size

5KB
MD5

931df36f406e0f5495c5d77fa91bf035
SHA1

01bbb0abb4f14451a48800e47d203732bc139920
SHA256

09dd2d9fe7934ea2d88ab8a7d13a824bb462e73d9d2d982e26d8f9a35646e5d5
SHA512

df882dd9eb3f6ed9290cb5b764653afdb3833bac947e6b18124454394380b1fc7cf6a7c5b7001108266aeb50813f6b5905e6bf94507f3116e76e66049bba1351
SSDEEP

96:ekUhhhIFDkrQJoSheziDftDIhfBDIEDHhDhiDgBhDMDftDIsjNhFiDIEDIfDhyDl:6hhhIFDkrQJoSheziDftDIhfBDIEDHhD

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2012	msedge.exe
2012	msedge.exe
1208	msedge.exe
1208	msedge.exe
4252	identity_helper.exe
4252	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe
1208	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 3492	1208	msedge.exe	83
PID 1208 wrote to memory of 3492	1208	msedge.exe	83
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2524	1208	msedge.exe	84
PID 1208 wrote to memory of 2012	1208	msedge.exe	85
PID 1208 wrote to memory of 2012	1208	msedge.exe	85
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86
PID 1208 wrote to memory of 4760	1208	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\Payslip_Amendment12009.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb566e46f8,0x7ffb566e4708,0x7ffb566e4718
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2208 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1332 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2220 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6108 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15232182689419248604,8242303039101304322,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1892 /prefetch:1
  2⤵
  PID:2600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3828

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07b04fe6-38d3-4945-83c1-78268a22b5f9.tmp

Filesize
7KB

MD5
40410f9850f66f272070828ad7424631

SHA1
70916720a579d0f0c4b1d8abc383a2b707697be3

SHA256
7d38aa9707d47f14bd6f4a3535f17cd80a7f0cbcd8dc6d00863b44f24e4fe917

SHA512
fc874729eb899190fda6ce313ff2f758b7362fe48cc94698347103643aac35432e5250309862d06a3ad4c000684039efa1a1287e8b3a0ec2747082590efb64e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
215KB

MD5
2be38925751dc3580e84c3af3a87f98d

SHA1
8a390d24e6588bef5da1d3db713784c11ca58921

SHA256
1412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b

SHA512
1341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
30248e37bbca53a915fb5c763b0d6ae7

SHA1
40e4ec2296c958bd28f24137bca5f74968fdff79

SHA256
e1ebf5083ac113571f05417a4d5eaaedbd9e71966f6711423ef1285d762b2081

SHA512
1130dcaa0018b6d40b5aaf0792a4fe5f5682de516607af090ebee01f108bd5d68bd47a107ed73c9c95c71b0f5e16ad949cf6a0ccce453fb65d6ce2881dbd2686

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
00b45224d742e6108261b654b3470564

SHA1
a4e2288b50eb7c1a2fc8eee506b7156b920d4d69

SHA256
8ca69ad8e812458280b78812e3ee2b06348cac0809d07d86cbaa0dda286488ef

SHA512
11c11debdf317fb1ba8301b76f6fbece145f049caa19146c24cd201e647b524c79fbf4028bad876b91894c20775bac35ad37b1ded460d5b5f4c71c1cac73ea4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
16ecfc712abcc7dc472a66d3fcfd19d2

SHA1
282a51b516292a36dce8ef424f3ef8b15b4f6812

SHA256
ee8f1ea00e892deeb9fcd58f68c7250d4012e2e4b328f7f7e26bfaf569a6498c

SHA512
91a01b1b0710a9e7499c33183348cecd7540a0af067b350cb50ce0370dcc60a68c84b2219dc7c051c4ca63aa3261cec634f3d446fb2e8c4719f7291cd0d64d8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
dde68bdd654f01d9711b1678c891f015

SHA1
5241d920eea50d8b494cc8c67f10330c21c7f176

SHA256
4c9e80dea8f0f929e4730b439aa2ebd21fbe18bb2f77818480c6ab241a9a6310

SHA512
876d4c2f24ae678aa7d3dd473369eb4728133b8e75a573b57b51bb79a5c99736ebb61021aac4e14581464c7674513f1bcb451b0189692975ba9355306a2e638d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c96d75edb1c6f872614fc2a006397441

SHA1
1325cf7804660e635cd831271ad95f06d08b7004

SHA256
bc674afe05ea3b0b67ef78f5cfdd61351465107bed3f847ed34912c8c10d3bb4

SHA512
8d1c40b07890f798941489d90ec44e6df5f42227ab6aa1b7fbc727c9659113b4b77fcef1494c4b6f6e17bd4feb180b9345f8e6328003290cc63bed51522cec27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
56cf5359c84e0408f950fab13d658e8e

SHA1
cb024d05f8e4f7ed88c16f15a302d6231f099cee

SHA256
799888c7dcc51886f83c1efc5511e222e8a23d779091c3298117c4f948cc94c5

SHA512
dfc9cbe46a3c9b45ceec081c0f4be78d66304c0a3f8ea9388cd28af5505c55fbd327ff4674839890ac42daa61322120f78e5e2481e0aed97e691b2b131ddafae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
874B

MD5
da363f1baed2ad15d987b348e8a2c879

SHA1
39e945c126ec27028c8eb6060f93e5374474854f

SHA256
08e49f67fcda1bef98eb5433154d6b1ac4aa059abf09ce335e42ed81a129153b

SHA512
65698efb80f4a971a2adfd2afa948d72aa0c3ba6d2043bfe1c7430df6eb2aa81e64e440eb6b53286ac754c3cf8bfc5fc2f9cc9aa697616fda1a618361f638704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5804cd.TMP

Filesize
204B

MD5
adf1afdfbe3ff90c562dd07cf620fcf6

SHA1
e9c32934e3866f7c166120c388377f20563e7808

SHA256
6139a0675fb23639314db976663c9de7dd0278e0907bc4d8c3c425239d964471

SHA512
e846ec08c6571d072ba88efd96418c042cc07b4ea463dd10703075e877de20a79e77efe0e0173f30afa17fc2c769a0a9c6645b6d29228ef873062561eff366d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f8b587065200327c4d3220994850a4f1

SHA1
2baab3377c96ebb46cfe431daccac205ead7da90

SHA256
29e223ff0440a12d5653057cbcde472480bc23c1e56c4eda20bae1be00877df3

SHA512
9781bcc09c1df70bf67e345770453c314e7d025dea03f55172425da8c36db50576effc1a5fe557ff29977fb41e2a27cfe2badadd13a1939c6f31f7a2818aef1a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
12KB

MD5
90b3028deb0d5279d8a5d1640dc533a6

SHA1
c37be6f18c0f16829af491f9c9bf5e4e7359b9c9

SHA256
df1dd4b83dfade6d477331e69817ddbd874d80a82d8b1e7ed88d886bb3ae6350

SHA512
958c5833db2b2d0abd761fd4dbb81ee461f8e23ec4197cd4e9815302c3d27d8184f5bd9129f465de53322accffdbd192e8af103315cf676eb09d8c7e2840961b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
525548468d4535deebfa78af3070728f

SHA1
09adb84c42d9d5d58a3c10c70159fe5117b4fed3

SHA256
889c1c57628f418f564e028fda9d2f70e736a6fb4a5cfbc8e7e35d98a56b7484

SHA512
d785840d19547cc4aede1db675dd1c7e40096b99d65a83508e2ef5bed15c03de1b16b650c889902f54ec6efb1f27d29635d1a6f90755bef120fd9020301c6870

Download Submit