hxxps://jolamar-my[.]sharepoint[.]com/[:]f[:]/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!R1iEz4FUS0SBYtb2_8RZWdPOAf9MhTksaMi0xIXlXJtGVn5idBup6PpcxjASER4eKbsTJyV4WqbTsQ$

Analysis

max time kernel
142s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2024 03:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://jolamar-my.sharepoint.com/:f:/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!R1iEz4FUS0SBYtb2_8RZWdPOAf9MhTksaMi0xIXlXJtGVn5idBup6PpcxjASER4eKbsTJyV4WqbTsQ$

Score

7^/10

microsoft discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img1@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img2@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img3@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab2-img5@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img1@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img2@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img3@2x
phishing
A potential corporate email address has been identified in the URL: Desktop-solutions-tab4-img4@2x
phishing
A potential corporate email address has been identified in the URL: GetListUsingPathDecodedUrl@a1
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3156	msedge.exe
3156	msedge.exe
4492	identity_helper.exe
4492	identity_helper.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe
3156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 4316	3156	msedge.exe	82
PID 3156 wrote to memory of 4316	3156	msedge.exe	82
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3924	3156	msedge.exe	83
PID 3156 wrote to memory of 3228	3156	msedge.exe	84
PID 3156 wrote to memory of 3228	3156	msedge.exe	84
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85
PID 3156 wrote to memory of 4800	3156	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://jolamar-my.sharepoint.com/:f:/p/jill/Eritfuq3V05IkfCu9NaKlMQBwsWpnFL0ntDiLN4HJgb5Ww?e=TmcuAQ__;!!P5FZM7ryyeY!R1iEz4FUS0SBYtb2_8RZWdPOAf9MhTksaMi0xIXlXJtGVn5idBup6PpcxjASER4eKbsTJyV4WqbTsQ$
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd0c6c46f8,0x7ffd0c6c4708,0x7ffd0c6c4718
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  PID:2192
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3048 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
  2⤵
  PID:1536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,17898804097290814564,12756007614572043252,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
38KB

MD5
e48061b164573549914439e190948500

SHA1
6ba0bcd37274504578503d87274659fbd4b47216

SHA256
eb7da0478ce4d9f3ea966d7fe81e057cdbd2ff0fd3bd9e80e410851ab947f5e9

SHA512
1d5b3b5980d8bfc31373fb5656f9d744fc60510efd637e14b8c4f63e6973fda67de2c4a33b832be54a29102dfc4e3304d4bce914d3100dccdae8358334dcd1f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b5

Filesize
21KB

MD5
3121eb7b90aafbd79004290988d25744

SHA1
5584f1beb7b9e8ca11833035c9962b3ddd54f904

SHA256
6dbe807b8da91d549a49beec3330d795601ec0f272ea232e91121f3ed703dfe4

SHA512
ed25bf0b7c12742a7b71bc271364970508fb03a5096f42eedc360ce92205af5be0ac4eb0567585882d34629d179f9cab287839247c81f61d894360a83b28aaa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b6

Filesize
25KB

MD5
b2b60f1c7184b15ebd6cb2a213c323c5

SHA1
8fed557ff6e49376f3a4bc56f95a548d6075955d

SHA256
dba7c93d3cf4806133d8fe211dce32aa12041fb82acc4591f464052714878fb8

SHA512
e1a4bb4afa8fa8c09e163ba9c0d264425378c8d50f212e2932a2b21cbb6983b566180657bb753681b960d02ca4dee73a5504d433c536e64da979cdf34aabb8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b8

Filesize
35KB

MD5
a729d45a65e2b9849159e08ef6fd5f12

SHA1
75a14f3e8ac5d4eca6ade8771c84f4f5328301d6

SHA256
11980ecd03e02439a6300eeff5dbf9a48bd52eebf14bbcc246752b0ce5baf223

SHA512
89460bcacbedba68cd7fe67e675c5dfd76e6c43d87ed13d03eebf4a66bc298c85f96605306eb879d4ed89bfe0e53699a11a09bba866226f767ab97203395a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b9

Filesize
35KB

MD5
e243d03bb4bdfb80fc2b9c40863299c5

SHA1
7abeba96529b293239da5536d4260efa1e797ad9

SHA256
a8283e1b2cabd16be04a6cb0a292e532d5b74520123e09c2cd9deb9eccf2d1eb

SHA512
7bda56879f1873647edf1b3d18e468430fa9a03ac88e8ac5209e834de13b7c0fd195f684f7afde8e526b4993c1debcdf6373357b925b423afcc37d76ee5c0f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
db506a3cc6295b06ad15bd5bce6d7a47

SHA1
71efc1e70157a2370cc414ea386b7316e980ed10

SHA256
789a5b599c24b5fb9e54b42e7dadad6abcb7307be38ebd5f6c6ad63c374f1ecc

SHA512
9592d8a7755648019ad157cffd6c8639415a36c16910b3a4988d6271a458f5775ee2eb1abfc2a4ef4b247b968b2ff7bfe764a16df784f0b8c27fe985852573f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6a423b37ea101a147a71bac873d2c14e

SHA1
ee57dd5e6401ab85bc8689821f7924ff0b247133

SHA256
d1fe33e3f6abcb1eb42bcd12a1bfc735fd741a49e6f51b08564f2fe6585bbb75

SHA512
4e02f9f9ced8028b3cb6a07255b6bff6cb09d2d1c7abb8d13929641732fc8f2613ee39ab5599e5bf09de88161bcf97aa561cb431a59345e589b11ab012c8b6b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
75db7f7f51538f3ccaeceb249c195b68

SHA1
c569f9d12b5244e40c126d4abbade0950c6fb9d9

SHA256
3ad018a53e920dd7042dae9c013f6e78935cd9c2cc279f40038098adbeff569e

SHA512
14c956f468481ef491a76e5d393a5d303792cf418a4def29a9cdac926f341c5313676defce7673d4e9fe86f2b1c6d9a842a1384a8f99eead28c80fd883791adb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
8469dd05d9ed71d8cd1fe60cd370ee20

SHA1
390901c219acd1e5806e6e6f77b0e4885d84aff2

SHA256
be253c36b8d63bc1d6d2157628d7f07766c69c87ef9f1c089ace1c879c433ed4

SHA512
e4c19340eed535306bbf9285af3611bf03aca76a845c6ba82cfeb249c68b90f7c04e13c7c65558a491f528f3b09461115a77001ca1c5c6b80e6bc6717d8f1f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e414ceb03e0acceb1027ff337f9f22a

SHA1
9733e99715e2c4ded2eb042afabb9698ba10ea41

SHA256
d8992d0a4deb001e7adc3acdbaae977a53ba228ead44ff38c23d128cb0eb9e49

SHA512
81314905231f7ef8840f7cc5617aa8cb76d2b368bd85061bd0cedb81dd3e21508b7169a91f9ea0ed97f27014a05bb86e4016f60282afbd9aa6320d63d1da0b81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1471b15f226cdf34eae5db300b2af07b

SHA1
3b604160b8cde87a0999ea8715c0253fe6429c54

SHA256
602acc66d045db018f7295b200474b1278e51b278addabe64aed2137ea33481e

SHA512
85b5afb839091ab2fada48db0046cc9aa077b52b40c2d6d5ec87bc9fd6ae1678113a9890c55078ae1aaa6a4a946a8efe32ffbff8428be84bd03a3aa629f71ed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1e96f43a65bf0e3566fa6e135620435f

SHA1
2ede1a8e63f516e88ed54c205c3b259828ebb951

SHA256
5529951c70c6f1cb3cee6c3955eb0b45348d35081e6d5a6f3f5187e0ca9950c4

SHA512
309f95b2d3a33d544d6e574e8f2610f0ed7d558d672b2576cb51be79ba5ad2e6225c4b5877e9f8cfcf1863695b859e167a3c9d0ec794d6526c4d4e0695f7cfb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
07d3280c18c9c539a061c8ef516ea5d2

SHA1
bd42a52e637533f98ae156eee96c286cb1f1fad5

SHA256
de6d4a6ab0e8b9f92ee33ba8e48d6e1d2b84a1dd78389c3a109f125e81fad31b

SHA512
862e85b665602e931eb5cf89dd616d7f40641a2eef2a7ae3ad36c3494558f993f5ab79d8d6503903a9c62fbd1599b2d42b0d8130b20f910e3278e95741ba9a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\0aca54f6-0d61-44c8-a224-680711323908\index-dir\the-real-index

Filesize
768B

MD5
442dc5bbc42c72af2cac016827606c2a

SHA1
e747c13709eb5092bca3aa9007af3b27bdc2a203

SHA256
ad5dc3849bbfc7b9c9435850a571a9e819df15f53fc47594f3e825c09ec3d634

SHA512
c6255219fe11012702fd442c0df949417187b06776c8db07c1e4cccfcb40e29fd7f53eadee01bd1296440ae563936e3e63476d5b9a764839136289f61482b9a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\0aca54f6-0d61-44c8-a224-680711323908\index-dir\the-real-index~RFe585e77.TMP

Filesize
48B

MD5
009b67dc71aba8c6e0367756de646778

SHA1
a20ea4f589bac756d196db433a48ef78bedcfdaa

SHA256
564f09371b53ea4cf2b7f1d5f63fe39e33acc02a009119eb2999424d1d1c299a

SHA512
0d8e15b61d7a6e6323fe14853641ee98f37d1a32e2cac4dc52ddff319fcd561596fd806f66ba6b4422a9eed90ec3e127ac5ff290c9e5d8686f75c48038cda8b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\8e65cd3f-1ec1-45a9-bdcb-1d7cd6e6c8eb\index-dir\the-real-index

Filesize
21KB

MD5
8125de0f70bfd9631635f31500b04d38

SHA1
bfca9e41d54ab4e69ab7c03efce90b41d1586716

SHA256
3a42ea2978c2877dbfeca6eba8be607869b3ddfc624d2dd0c3bc77477bbb5618

SHA512
e59e70aa426eb144bebfc43c2cbc1f7578dd712608dd22810ec1c20aaaac42ba581c806aa19d6beae269bc497b8cad32a5ad79bd063d54bf93d26b5e5c229da3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\8e65cd3f-1ec1-45a9-bdcb-1d7cd6e6c8eb\index-dir\the-real-index

Filesize
21KB

MD5
f1a076653762857887d0a8fb76762760

SHA1
72cd9c6370f5139717324c939d7466961b6d5fb5

SHA256
fecd5485e04063af463ec6652ca1b18f1fc17e967c6b365acf5994667e4dd46b

SHA512
7bc53332e561b6156888ffbb0153c48dcad21ab447bd9aed055781643fb9026bf1d73749e77bbe5d71929c54525c3bc027fdf463b43c1426ebc6d98d24538912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\8e65cd3f-1ec1-45a9-bdcb-1d7cd6e6c8eb\index-dir\the-real-index~RFe58a052.TMP

Filesize
48B

MD5
a1660d7b8f26666ab6353096b0b64e42

SHA1
35d04436c9f340bf71580e6708dbcc1710cc337c

SHA256
848bb03eb066c6bc1e9e2ef2c4b21857c8db46f449fcb039a0e0b2a1daa31ace

SHA512
3b1d41cd5bcd52a790515e42b27bc8eafc61d8e28da96c75c907f77ffb228ee473c61b9b87438e0fb71dafbd569cf624fa9c67839cb768ac45a211a09faf615f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
173B

MD5
1c091bcf6e46007c4b69ad43701266ec

SHA1
ff251c035fc56ea936aa88a9fe8d7510a1e3ee0d

SHA256
192c4f476d815844966abe0a74b547a301a8b79fa45ceb778852b26020a0ab53

SHA512
d7110c0311270417f9b767f86a0fca1ab9d8936459052113f9722a7a4adfd2e525e8b9f967b1e11181f97ca7a6f8980141afe34888161a295a12e69fa9911c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
173B

MD5
0a3fb985bd2341b6dc66604079169765

SHA1
59cb4690b5db764c6e86d42fc228c58194079fd7

SHA256
3a7dd9b91512f4ec1f68c06ebc989ff1fc8270fbc4cb3b8b0c5daf0075221e74

SHA512
651193b79ca3b4ff78e1dff77994848a2a62cb8b87af111c128d3a054dd72856339d6a8c38c79cbba6565e24ea0719a5cba621cc980e01b5a3b3779b3a85e509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt

Filesize
177B

MD5
f9b42b56adb94f99265bb60c5b94bd8a

SHA1
ed72c32b85a842283e5148dc430a1c31548d7efb

SHA256
a5b6249823c9b51fe25f84fb4d9c10fedefe6c9fc22d306a03e0b754c7f9dbe1

SHA512
84e558617eab060784052346d46ec139d97ee35b4a71466748481eb2ba8f8f1a7a77852aaa0b72efcd0e798e29cbe24efa6b4fd714efd703c2939c331ff2aa29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db5120f9cf38fd6a22659982d69773d0b54c3d4e\index.txt~RFe5808b5.TMP

Filesize
106B

MD5
8782e681141f4a15459825bb6b76cd5a

SHA1
b1404203aba0a3bfdf1dbdb960acd561b3a0d622

SHA256
9222943cae077e5329cdaea1fd45d0d3936982ca1f6121dca46c966c5359d5a4

SHA512
fd62da7709ea7e248bd80a2d26ec5990043d32b4052cd4b6ef1101ccc2c46223b97447681f864ab0a7193b901cf1401779c04cc561c8def4e440e384db6f2cf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
06a04e0f32bd933789f8dbc7dde711c9

SHA1
58f80adbba9be1793345ade6fae606515d6d609b

SHA256
f0998d5c0e6e82d87e840d2e985636cb4719cc498f71db87ac7a3e97c420d1cb

SHA512
ef5708427e939cff760a0d36f3c26840f4449785f4ef896679f5cb96c9847fc1b89140bfc2f6172a683e624f9729d5212980f4a77beacb44e69c67a29281be6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57ef13.TMP

Filesize
48B

MD5
0a942d1e15a846243eda4c42bcb8447e

SHA1
3c4206e127a2ed9aacc830f2a8f3d17a4a9e0be8

SHA256
5441f3328af643d5b6df30fa4f925ea428ca9a1c79b01790c75787fda5601835

SHA512
794a4e28c127432cd68e67df771febbdd5835640344a182e146e2c02fa65831f7130fe06984a02348dd22bf559671693bcb4f106af62920e3fc5b8ccd404b16b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
44e7f69c1879bc2cc6531babf95dd0a1

SHA1
24ddcba43f01a33566366d165491140d06c8be20

SHA256
22b3c4d075f79d0e8390ee04ac154589048d139942db2547bbb7624dae547a00

SHA512
e8e9edf1834d34d90129299e04f15f2b2a7e2a2e754b0e66c41ed38466e1d80d6f5cf9f3f32c4e6da2c535c199dbf0a63d21942e27269e917d6736cc90b9e89e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
781b421146c6838efefccfae93b86f43

SHA1
77584a34efee4e3a28649495ce943b34c392e58a

SHA256
7bb4c0800adae5bae61e38805adcd31cc81b85046ea8395832de51e6cefc6c83

SHA512
845c89b50b147b101942873e5170b6d7baa94201a4981d688533af0c603b3555e936fc4ccef652d64062c4238e78830a2db61d7d59d6042eec64d08c7052ef16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6036b7eeb633ceae47ba4ffcafae144a

SHA1
d5f2cec109f184e34546a765020c8a9d1cd35882

SHA256
817a867619a9aaa37113e1747b2b038d33f58eea55d5f0b515576df56dee5209

SHA512
df49f12fd790be7b98a548fa0dd08a5d3cde599baee53c08d8861fefbf9316d0d0d0f0693134171c0ff7ddecfb90a4f7438b6be2c6b044de45273c1c40719b5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7be253c507200508eb2e5a30dad0b09f

SHA1
d187198750d8be6df675e10ff573933fff6eb923

SHA256
52013b8e82d9a1612ed8435c8218da0b0f1d17c6fe0143c4008c2ee82d75af41

SHA512
c7a3e7700c2acd74ebe7ccaf50d8f48501b92f6367861bd7d177accd5cfa09fea043395fbc415ab32929d619e406a412657ffe03f5536e3eb9a869fdf13527e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2255d408b1f892bfd427baf19e709a8a

SHA1
64b8cd8da523fa7ee0a0ca1c2340662cde438a7f

SHA256
ffc5d7d0bb631b5ef4b925f9e88f7c3a8a5ca65cc825a997cb9c489008745dc0

SHA512
88f40dae5fff66baca8ea7f975ade7d2f465afb52f4bd5d5f3e3a748a6ffc89cdb331776e3bb36b4fa032b573cc082d8064ee6bea30627b9be42df40dd328bf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
7f60ead49c1a57279051307b3d27c53a

SHA1
6b194210c3b96aabe5da2f03d64533b30aa0890c

SHA256
46ceb83bd280ddfcb94494195cc62579088ac21a984b07a7edf35697329aa39a

SHA512
26a4c6ed183cb67f03dcffc01a6efaec8ee69b1e87e1250c5f2693dba4d1066aa59b27e9b5f15ffab42cdc319693348eaa2eb248a62af84092dd0efc49930f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1918b370392353b0f56b8e3a103d5459

SHA1
ff6f375edf758cc83ae85e79a6eec711625f02e5

SHA256
bedcbebe7d1eb5f842e4808d329fbc7f34b4d4f9ffa8a4160435397f2c9d9bbb

SHA512
47835662e35afc8fea4543fd6d186fc2b9680262c68c040666de786f37fe418c03357443de4fa252c694922d7486819f00158ecb10b6785a08529de416d4a018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e3a9.TMP

Filesize
1KB

MD5
72d4bbc60c908f325daf5bafbcc6d479

SHA1
8ad88969939e6f60d159e77209d6a6f00396b96a

SHA256
21c18f05971ae3a991ee478fa8337e4453ff6a703101855ebdbe72db85704a3b

SHA512
9262769247ed04336898dff300328af71b25ed32d048dce10e23c0603d2dbdb1eadcc97d4337b61e0ee36a4958b9f283c55b29c73108944a457c5ec67fc6c7ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0fd35767d15185a840fef41bc772f35a

SHA1
9f79a75046dca0441cf148214d42500ac2d44493

SHA256
d450830fbcf2a37ef8d978978406cdcc97178cfc752b297c8baa4d17e35650b8

SHA512
192617cd1a6048dc5c71b0f1266a0fa702c2730d28ec9089ea0a007eced9517a6805214bb77d759e970759d97557205d2a2bde44a67b9a732eff6095e8864b3b

Download Submit