c824585f93c8bfc172b5f9a732044c8926ffb8fb73bb467e2e0e3efc33cc2906

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2024 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb68bdf3a5bee43589f4ec4de4ffedc0_JaffaCakes118.html
Size

82KB
MD5

fb68bdf3a5bee43589f4ec4de4ffedc0
SHA1

556008e9127cf8c5c4970bebf25f1d7bed7b43db
SHA256

c824585f93c8bfc172b5f9a732044c8926ffb8fb73bb467e2e0e3efc33cc2906
SHA512

b7450d13d4b4f4f256f89630add29bf3e0b749b6a7be993b061baa3c95328720ba5eccfe3db9fed31f9e0e911ec8dbcfa6218c4997ee92f57410ba71323ff7d2
SSDEEP

1536:oXwgr8VSeO3xOBo7EolOGTgDnY9luV5uaS6cgRrRt3You:ceO3xOBo7EolOGgnqluV5bnt3You

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1164	msedge.exe
1164	msedge.exe
3532	msedge.exe
3532	msedge.exe
1756	identity_helper.exe
1756	identity_helper.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3532 wrote to memory of 336	3532	msedge.exe	82
PID 3532 wrote to memory of 336	3532	msedge.exe	82
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 2736	3532	msedge.exe	83
PID 3532 wrote to memory of 1164	3532	msedge.exe	84
PID 3532 wrote to memory of 1164	3532	msedge.exe	84
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85
PID 3532 wrote to memory of 4952	3532	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\fb68bdf3a5bee43589f4ec4de4ffedc0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd0c6c46f8,0x7ffd0c6c4708,0x7ffd0c6c4718
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
  2⤵
  PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6916 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6244 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5752 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1868,17576280542235368350,17915275603774877346,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4300

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
71KB

MD5
da52e38c98b0f2047abeb07609608ab5

SHA1
da1210caff36df73e49a0c271ff7d573c2d20d02

SHA256
726a2ef49785eaecce64e98fcb3490c40db06d6a205455784f3267a5b4b7c34b

SHA512
35adf36acd8e1c65f040663d7a064f642a6db5e0b7978241db8a9b4eb52b8ae71cef4e7bb1b4a0d85e4af1f7240d6d52e5a07f512e5e90504e063e51376b5f5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
61KB

MD5
468446a7240461af44b59ebb2047c231

SHA1
47b7c525dc91bece99df0c414960b9490b986ba8

SHA256
ae1a0126552472d1e1347ceb8027ed725db3b93fcbc0b39745a92412cc1641a6

SHA512
ac8cdf824112a3d25248e58f05495b458038d9388ba7e46e1ea8f6933cae23f044f4e532b74b13f52812bfaf602ca12ec152e44ce95266abe7cd6bd66b4a70b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
23KB

MD5
7e98564be3c2fbfe5d55ebceef08fb8b

SHA1
4b35415b61c5ed813f615475df2d513f5dc73d5f

SHA256
b9a21d15fe5b99b73ccfd9f8df4213debb40456341e1e71d0848b3602cad2ad8

SHA512
4878d6d53441aab8c306b67a0e4051fe9fa0aa5377d6ff806c6e86fffb042c41a82efd7135754d9af1d6fc571fd23e3da37e680eb4bf983ce08de72421b0259e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
34KB

MD5
377d11c8c3e491cd57da7dcc653e76f8

SHA1
ebe8e9b2af0d4c0229171c435080a5bbd3e447cd

SHA256
c2abf87e908f6dd965b451cabb0bcd6dcf3589d0e55a7e8cbf95a6fdb43cc648

SHA512
e74867f4ef39a363e4c14b57c3383d2f13f7a052ef0b2a27f654f8bacb4f8b5dcb01ef102c0e5140e77611f4feea545d301b76c276e2176e589b414cd5589f96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
23KB

MD5
facee74c789253ce2d2a63c6d49aeb94

SHA1
79b895ffb82ba8363f8a67f8380cd6f32a5fb907

SHA256
804c9c6d6384db9e246de900d22b3f4d79a7265bf42ba72513d3a060302b3f10

SHA512
4a1078ed20af2a83f3a3f1893f4f1e6c5f94f8608ad85c50ae232aff6b8eb931167c082ce80dc51da4f116e4cff970571b2d51234f9777ead0d5b9a5de4fa8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
41KB

MD5
1da8deabd421929fa1a865599f43aad8

SHA1
88af7573c39022643333f85b523a329cb6448675

SHA256
07b01330c36ae322ea1f1e2ea70e60b629b292b3f7ee7aae5a9968dcf341e685

SHA512
0be3f8d02397c3cc32164b116c807115c42a310fd70c72c94b3b523732422ea2b222d8762e81d91ef0c36a8328df4f7ae8e4570c4bc46ab94cbed5131389ea3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
76KB

MD5
2353dde54fc75226c61cf3ae7c34dbf7

SHA1
64c35e7da8f1bc3c0dc8b715cc455beddf280365

SHA256
718b334065a9554523522e36f459747aff66266045415a6a7b45b9b0339bcdbd

SHA512
bffd633b060043e92d1028b445d216ba1c35c45ca3fcd6afc252ed8528e099ab9b126dff412d293c3926c5f6ad4fef41c985a83b0448c2ac9f6507aed0348167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
116KB

MD5
dfdd04d19b19e36909ddfb2a274c2baf

SHA1
ab8b139782531e53e53889391659b78723d0a4dd

SHA256
2e54a27fef29fd03997dfbf305ba27106ba00f9722c6076a2e9284946fc0366b

SHA512
f7521abcc764cef171df9291a8d7a81eba0d00281074231f599c9101f330e96e7ac0fcc4baa762940da83231af78488b85a29afbdc45f1bb4249e3db44cbd793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
127KB

MD5
dc8d5f8dc9569824b30082599f5ad24c

SHA1
4bbfe1f52cbd55548c49383ca22fba856ab09dbc

SHA256
99a00ffd1c25e6b6c3e529a1892faeaca8b7cee0648ae452750ec4451f3043cb

SHA512
6bf5449ae63d6a4cfc76adaa556d216e71e9078ca564edc846137801710d5fdab6cfa3bfe53077f6d40e0f52c86ef841e21ef5b956e46c51b87a1fea90058261

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
11bee913bc5bf606a95bbbb1376c705f

SHA1
00ca0e4affa8bd431930944773928804d0a5c455

SHA256
0028414cf5139e9bfc075f9c6f46771ee0781addc032f256ec4f0a390205b460

SHA512
3afe649268e6bdc2e6a9ba1c208b0c2dd93a92d6ec8caedeeee79d5ebfddcaacc6b378fb0b2507c7b112c65abddc4cc883485660fb29f08395adb853efe0cacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
549c0defa8167d614cba8332915a22b5

SHA1
5a11b9cfc00682170f1362a14ec3f791aa124b9d

SHA256
a466a60b94f98bfbe4707f52ec80dbc7de5c66d9ffea16f3c96ab8b8dea2d3ca

SHA512
3fa9945af4f042feb9961bd3846fb2618fc6448efd1a23225cfae180be3be1bf917856d6b661ea8008f6d32e0d4467486143388510081e5867c51f0b603c19ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
4b284b237400b755b1eca225085e2cbf

SHA1
541d73dbd919db6d1cb2465661a36745724849c4

SHA256
5aa5b791492b29900cdea1c38ede23f1c411f2928859be9a3608f7307e7d07e9

SHA512
42f3dc96270109fe216479c7c4543abf0a850efca43158068434a78a6ba6e2d9619e12434b00931a233bb2fa30da21f9f40e1d797d0c946275709791af5c8236

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e6de006dc9b4b46fd02e51a5f6fd7b86

SHA1
033ce1868d790722d9761a576c4c90cc902da795

SHA256
2ea9f1acbe30e011d2855d699bb30745221c5e8c5381a720a4471e938538e69a

SHA512
10d05b634d1030e7225a7e79ea70dbaa13dd75cd8f91a84da5d300f4e689ed1890c1637e0e460844a988b9a43a12e50f800c26577354b93ed3169308bd9ca201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f09b5ac1b53115a2c3035e4874604238

SHA1
b3cf19d165ba046963bbc5d65dc2a4fe5f8f9bd8

SHA256
35e961eb0d9dde772aae9aaf734dbd73ea8fb58f1462495a4f839d79ee997965

SHA512
13b926eb9ef596e47f2015237b912b0374aa60a09bac14801e352d137ee651aae304c5bb28dbcc605786eb2517f25a14e74da372bde7b5bfaab7f201036e0097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
14779a7154ce5c4d3be3a87fe908833e

SHA1
fd264190eb73651b9f1d043abb6392fef7310d95

SHA256
4c788d90908d6fce350d9ca85de96a56da1cef6149c5773296c668d3f8915918

SHA512
7804fa28619e9dbcf83d09b6a3429514df4618f856e5586232f82be98af2f778e836e214a11d4420942ba103d9336aa4803b113b197958b43a0db5f20fa0397e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c521830cab4049bd4978ea4dde094f33

SHA1
936a1192ab0fca1a0a999090a3e1e9303cb06d6b

SHA256
6a5eba5b4cde6acbc59c448791881724f07d5b861ffe62fead90a259404ccb2b

SHA512
065e1d2f909a7372f7e1377af138814356d71b96b392c94590cf3ab55d0880d6d759a3069614781f8bcc8fc9d8a6e13b760d7d1871b882e97ca930c1a1ea7091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42d902302bbba5ee552db5e3b126b0dd

SHA1
d9cf7e3e9bffd890e1c7a9c2c07fc5f36babe744

SHA256
2f174f3cdad3718efc0f943bfa36c897e5192683b833a003306fde5d34770e61

SHA512
5989e6211dcf99dc26e8604e0d0759391525521d50cb8ee028918782e571ae3424b82604ffcf53f1f84d0e73fe5ca038c38c597b83964c9c54d42b6a04a1eb60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa77b4559cb2ed4ded078fe7710c469f

SHA1
0566f3022c134e0cd2ca5a33efad57362d1373f3

SHA256
54f09cc01fbbcfc48e1353ab83c0b4b94ce104e94712a5b197873ebb68b088b5

SHA512
69c5b5dc452f220c5ce324b8aafdf8bc08ae0772b94a6d6a32453debc1d3fda9f4e620355f3302c5ad26597c8c4c6fc490e368c7b2fdbe96d475fb1192ce9de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02e6ff6a842b849eb64b03ca8714c742

SHA1
be4a901e8d6363383b880eecc1a9f14ec6338ac5

SHA256
a5ca19211d3e3c24e03da2f33d46717637146437df5d06ec3c764a282086b79c

SHA512
344c11048cd02635200882516483772f3da74dd18c524a352260cba76fb9d94cf8b1f5fd8d31d010e13cdf01878c501744b9a1ad4ba017e2502f0ff2cb425964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
c4841bcec438b1655206a523ecbe637a

SHA1
d1a30f388d5d2c267419d8142115d441e1634338

SHA256
f1e4e8a426b5d23096aa67b43bc4e708809007c77af52875e0ec92b0dc0f60a8

SHA512
97e0c3715be964a4c9d4e4f0b440ee23bfef8cb2b0767e2d1acf93abb1518889f880352182ffb95ff547ec63780ccccb7bd71de81d3658c464a64955ec051d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
366B

MD5
59ead699b259a350a8c74f8d2c93d112

SHA1
6678051880ba1dbcd5668363af1dc554f245f8ac

SHA256
adcc893be0cd3f1d8ec18b4158e467db4fce7c76830ad67a60c011f57a9253ea

SHA512
1c4c8043ad1479c13fabfeeac7387439a11f3e7ba92b523dbdb3b8d4c33d1cf4a4620577bda5ef3d09d9a55d9207084ffe2e081e425232c16fc8fc5cb4d3347b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe588af5.TMP

Filesize
366B

MD5
230f6134fa496e3b15737ece6fb3e1bf

SHA1
2f7e6622ae890fb0062941b6eb6968de154a2d17

SHA256
e570009f7fca0452aa628fe3f45c57e9c4c0a2f51a5f5b1e66dbc26c5fc452f2

SHA512
56a4628b4e7aea6000e37d80bb55c862b459cac98481a11b21f42d42cb76ce0def628cf74ec3f42bb28fc68771ccd1a6d5eb2a8f25749788d5e916129ce664e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6748f589f814ea67aa550497e6998b92

SHA1
a9e674097e9ae86b38b9e0d03515f496dcbf77c7

SHA256
885bbbf2f37336a295d7930d1abe6e79798fafa8f7b71e891e22db05a4f9e8df

SHA512
a00d786a2b2ec5f7f96204321786a22c87ccb482233b83e34982e941a9006456938062f5a68b06e3ab3c64284c33ce4a745524b74b0ae9c234abb19eed60786d

Download Submit