hxxp://arseyal[.]com/ccc/bbb/AAWuoYDHx6psHfx8zsm2HZNDMngd681ozIyhB/cnZpdGFsZUBlbnZzdGQuY29t

Analysis

max time kernel
887s
max time network
857s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
17-01-2025 21:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://arseyal.com/ccc/bbb/AAWuoYDHx6psHfx8zsm2HZNDMngd681ozIyhB/cnZpdGFsZUBlbnZzdGQuY29t

Score

7^/10

discovery phishing

Malware Config

Signatures

A potential corporate email address has been identified in the URL: [email protected]
phishing

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f6451ead-fb2a-47e4-8a06-fdb996c96a90.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20250117215521.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3308	msedge.exe
3308	msedge.exe
3192	msedge.exe
3192	msedge.exe
1400	identity_helper.exe
1400	identity_helper.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe
2744	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe
3192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 3080	3192	msedge.exe	81
PID 3192 wrote to memory of 3080	3192	msedge.exe	81
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 4084	3192	msedge.exe	82
PID 3192 wrote to memory of 3308	3192	msedge.exe	83
PID 3192 wrote to memory of 3308	3192	msedge.exe	83
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84
PID 3192 wrote to memory of 3864	3192	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://arseyal.com/ccc/bbb/AAWuoYDHx6psHfx8zsm2HZNDMngd681ozIyhB/cnZpdGFsZUBlbnZzdGQuY29t
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe1b5846f8,0x7ffe1b584708,0x7ffe1b584718
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2108 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:32
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff665065460,0x7ff665065470,0x7ff665065480
    3⤵
    PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2960 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4477766918902834562,5812076821034709163,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:3364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9d9e89a46ea1c979d600d8ecff95392f

SHA1
a03b20076c4a9bd34d03af90e43d5815943d187b

SHA256
7d5e0d521951eff280f780f5134b8f1b4c614bb4e96ce15577201272a1e4478c

SHA512
7bd673c3e908e62928b35bb2ca183a79e575775a1b76b1bd3e584c9da331d4a4c213b3de25fe209090504ce0af3f3823a27767196ed81cceb7f881106e068429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e66a3d46ce02326d71914c69bb1ff5e

SHA1
91ccf10b11a8c2d127fe825840b0f5a3c5a51513

SHA256
8408d688778cfc5151fd454f1182175674719a8a5709dd36aaac95512c7b1054

SHA512
3fc4c3299a000fd48b25ec9fa88d87892fe60b3e82005195d0afc80e028ff270e1429bb2a4fc07cfcfd5d8c23a44283c92a11f9ff11d28ec951331e3df05326c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
2fff01b3c04e6e730901b9644138a1e9

SHA1
b95254813a6f40300f5cd1024b449d6af9cccbc4

SHA256
a2de8eb4ae32bed3771a5a9587f9341a3c7363f7f5b4179056a282e3091548aa

SHA512
bb1c5d8971f639f2e88a223e577e8e7715d5e2cc9b2eef7f4baa91bd362942c957e86d993b2eaf83dad71e28fdefacb9a6608dcb4ab6e166dbde89b7409cfcb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
1fd3b58e3cdff6e9822861f0350bc679

SHA1
4a603acd169fdcbc04f5283b33dcdc1cc609cb26

SHA256
c5480a9c9365a77905261e6cae27efcbb4289717adcda6b124e14c6aacb0f9e3

SHA512
4ed5f9d7e9605d694cae3f73aa018e7f8cc16dd3b3148c34a860eab92a41598c234490a3c87f5461c8d2830154a1644786db59e4e9ca02098d94c6c01cf77a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
5cc4053921999e6832ed95a40dbb3e2e

SHA1
d4d3c5363935b737c4f1f9bb5bfbeb4d28eeb05c

SHA256
d746eac0b092045fdde1f6ddf4063aab5306f1925ddb4039fbc59174f0f9e0f1

SHA512
3153b9723d63293da8de8eb3bdbe14be919eb6827be05865d90ad9cf29c30e064747cdbe3b992e5c4f7efc19254ca447b2bfcc5dc3794515d7f28b627cea2031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
2880b140b4c22e6e9d1903c509abf12f

SHA1
d6921a6c1fa368567f34142237fecc0483700d9f

SHA256
49c36f902a16bc97c718b992834c0fcfee2a803fd61a71154b4a4a2ea93f269c

SHA512
e1e4dbc78afb4a7c6b570a40f5ef10fe12f10242bd6714737c4a193101d0dbad60aa5c32decea7ad9a5917adab2eed3300ab4f5d246764757874b6d236466459

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
232ce1beea0ad98aede1c41d34932ecd

SHA1
780cc7e5223d49603c8cb429cd87d26afc1d1e7e

SHA256
d9bba06391a7e58ae9e269cb5500f2dc24f472d56760bbbe628e335cda44562c

SHA512
6efaaa2bb35d34f976fba27feb407d35ca143459128e6dfb1c447d09a4b975efb5d021e3924f2c23c8656d846a514d7109ee043f86be22fdfdba968831f5aced

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
dea38a9aae98dd9e15c06e42d3701068

SHA1
79e056a2aee43f3c95bdd528b05be70a6094600b

SHA256
ab140d50d54e67e0c4f42a31ad2a14590e5eabac1bfd613091ec17b0709114bf

SHA512
25ff1974f148d60da7036a248ff682478c1c1ea96e308aeaea5b38fad8dd1aa92244242882f86e42b1fbda67b1a0be522b91c64ad6a018534991b8b711c6f025

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
59614d59136339b870bbc95c04576933

SHA1
46c99ae7c92498409dd484fc05bbb3ebb164429d

SHA256
50d1a62bd531fcdd2c15d3cbdd24417601884976c66ae85c710885730594aa9b

SHA512
87587c58975828d19c69c35316fff2747d0596a1036d4db9f573cb208d3c5d03a1251cfe4204379abc602ab8267883d3e93a9624671f1f2d841dc0b9e178888e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
75a98993780f6c6ea32265393effa78c

SHA1
d86bcb25bb37036e192a8209b2b0ece3fb7755c0

SHA256
1ab460db49588d46f6b1942ea3a39ce0fbc93ecd86274208ce165475fb328025

SHA512
4633dc540bf2d45f68cee9c56dbc6b23ab7c600f67b710a1253266008e797bed38197c755a413d36937cd030dc0140f8246c5bdec4885f378672ec4ca6fc3963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
5d74c4be083f0e86d85d62cde3375f11

SHA1
4f1aa8f9c2654c9114ccfc02d3cdecad909ca698

SHA256
b8c78a2bb3c8d9f5319f459abb932b5ceb5701ecfda9f0f5271c2134079e78bb

SHA512
bcc96c8d71984cc1d2ba652902b525eab4a57efd9e7e0e20c168c01fe587236eae1903cf6638615dac000b327e030d9f51615ff8c0eeeb20a37917b639414f88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
632B

MD5
4767c1018b5afd7939feee7a8a627eb3

SHA1
e8f2bbf9768c68349e5b8d1727e54c07f45a27ee

SHA256
a94970d230069d0a60cb70e1a3726d6a89bf0c5d21fbd18c3ccf987251cdedbc

SHA512
5e2ce6f47f5521c90011e3a68c4ac0868d21ef15b78a34592883c06661ba1310d3a8a102ace835a8327f2f746592c17d39d3396196459a28e32f73a9ec5e8b8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b489bff1dbed6e29f489cb76b5dc739

SHA1
c58e80473b0489ce8f3a102cb7b770b152112ff4

SHA256
de6941231251d0ee1ac24e1aa20b185d7559ac91af1d15d745336a2df23ecd76

SHA512
5c34cbddff7e1fb41badc3889c18231fbdc5b56025c3201b66dc707c86e98e47459c265f53f27e001aa37e3b98a70b49e7ffaa3c89e83dc623a41149cc294da8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85952118a519c9f67d6021b5b8138742

SHA1
b4f0814c6eeef38d688982e2ed84cddc2a9e1a68

SHA256
2c05a44fa80632af51d339accb7af3f098a6632029cac207ce8ec9f304376f85

SHA512
49325454a409a05565c54c3d1485ef4d965dae5b188ecd4a1e65ba85dc05cb82b2c72c97a8f083c6fa0d6e101e405639552208263c4ba2e1d205439f58f11733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b1acf1898220b8f4abc13ea0b7d51b12

SHA1
ee30605f90773dad1ddbde396e5514cb0e9eea1f

SHA256
2a543771472041c04bf967d7f158bb430b2d0cd532437635376f7f86da1e85ee

SHA512
0433409f13eb2b9fd4eb0417bd1a7a6ea98d9e5fae99d0c8a550a2b8f64c3a82d66e64f975d9acbbbbd09f04793ec817753b2d4011084d3d490f061e2099f866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
424f54577767c6597aba89d34045d0fa

SHA1
ecb480395b1c12523a2575c6153f578953f94455

SHA256
1953d62dd6f29b80999bfff0978746b2cc0d189108511aa72289473dcf863879

SHA512
cc261ef2335bad14e7c6a4001afbb69bf57a9182322dfb91b364157ed985e7206b194373a32b51bb1764a34adf85dd3c056f1830b88ea897c1aa9f3175153e0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ff5dd20177add5f2fb07a017c096ccce

SHA1
7afe60457ca44419c3421847c4202a50fd4b80a8

SHA256
0e18c1f1f59aefdb789413aefaeaa005421e9369195f7c35929008ec30b50cb0

SHA512
3bbbb7e4af49e8a92b5dba457567a249db23b50a1b4a79c33bc38a14e5dc4ae9dbf480b6f42abfd3da28af57c06aeaf4b0b7f3da39b712ca49981c8c7973c77a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
8bbb70b63ea38955801783c83b928cf0

SHA1
91e76aa432aa9b323f7f8efb7dc94fe0b9587496

SHA256
e31be9b1110c9d3f71b40293c8f3d21fbdb1d53910d91dad2ed1f29c363102cb

SHA512
1172db8453c8902fe6ab8e417ae44da691b72e8e05a50c85d5bda1ae3cd6b54407b1393d9707cd152bc37ad56b1c380ef23dae445f8f27e35844f6233132804c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
d55d15f31b7ac701de8ef0b9a206f5dd

SHA1
0d42f7deba871e675b98d67623f5e81ec81fbd42

SHA256
c11fd71ea59a38278160b1c6c4cec0f4698397987cf9ac107b40207fb486b4c6

SHA512
8d2193e6db0c2a9632cc253a63a9804eb16be8f7ff8bbe44cd24ab0a5ca9ae0f9133d1d289f158e831a0a46cede19a1f778b94bfc21953cc9e64493be099d6e0

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2bbf6983d25e37c0da5e484b7569f6fe

SHA1
2e11421eb712b0dc3a3642e0f89e6b764fa963eb

SHA256
cba100e79c3fce79eac135aea9b0a21a0f449bec682aebe077500cb6f8656ba9

SHA512
c6097c7d7405ffd19a4adb3aa64b6a326b7fde30f96ab0cce1801d3207f701eee44d446bb7f416e2561406b25d041d6d006da9558d6baa2c7ce22c04663318fc

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
facc3c387f2e6e969a7dcabd93d3328a

SHA1
f02fc07374130b21fd9aad4785b0004ad8ce7675

SHA256
0b2865341236c7eeeb80a9ebcb2e0d993ad602bf03f26a28ff42bdc7b21503ec

SHA512
96755c34acf04fce14beef07dcbcb0ce3b6cb98d3dd63fd12c43952928bf8dfca00a7810a059f5ef992c1f955a8b8b832baaa1c495d214aa9268286d96e41ab2

Download Submit