Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
141s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
03/02/2025, 04:24
Static task
static1
Behavioral task
behavioral1
Sample
JaffaCakes118_847318573ada820bb0a8a92e1e8bdaf8.html
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
JaffaCakes118_847318573ada820bb0a8a92e1e8bdaf8.html
Resource
win10v2004-20250129-en
General
-
Target
JaffaCakes118_847318573ada820bb0a8a92e1e8bdaf8.html
-
Size
242KB
-
MD5
847318573ada820bb0a8a92e1e8bdaf8
-
SHA1
849929d5e3c852bfe63d0f0f9757641a11ec8372
-
SHA256
0c24d39237b8224fe5568b0b87a3c77269b644a9686177f26f69fd631f51e7f3
-
SHA512
aec638b53a6f45c2898dc4c4b5ab4ced2dfb8f894cbb12cb6fe39d9248a25a3a6b3000fb6dbbbadd39abff85f75337a2dce3875fcb8c01f50f05a9338bc36a1d
-
SSDEEP
3072:14U0gOS+XOVLgOodKhMFp+kjXIPzBjmaLH9ZCroYna3vZSP5ZbI0ty/derD8f9u1:14XgDTVLe+OMkax9YDPngfNwZ8W
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 118 sites.google.com 143 sites.google.com -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1952 msedge.exe 1952 msedge.exe 4252 msedge.exe 4252 msedge.exe 2220 identity_helper.exe 2220 identity_helper.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe 5956 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe 4252 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4252 wrote to memory of 2744 4252 msedge.exe 83 PID 4252 wrote to memory of 2744 4252 msedge.exe 83 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 2076 4252 msedge.exe 84 PID 4252 wrote to memory of 1952 4252 msedge.exe 85 PID 4252 wrote to memory of 1952 4252 msedge.exe 85 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86 PID 4252 wrote to memory of 3804 4252 msedge.exe 86
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_847318573ada820bb0a8a92e1e8bdaf8.html1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4252 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6cff46f8,0x7ffb6cff4708,0x7ffb6cff47182⤵PID:2744
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:22⤵PID:2076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:82⤵PID:3804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:12⤵PID:4360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:12⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:12⤵PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:12⤵PID:3436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:12⤵PID:2932
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:12⤵PID:3048
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:12⤵PID:1188
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:12⤵PID:3948
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:12⤵PID:1164
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:12⤵PID:1588
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:12⤵PID:2540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:12⤵PID:5076
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7560 /prefetch:82⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:2220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7348 /prefetch:12⤵PID:4928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7320 /prefetch:12⤵PID:1140
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7072 /prefetch:12⤵PID:1608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7188 /prefetch:12⤵PID:956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,4475456391271280879,6107401059386138261,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5276 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5956
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:456
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1348
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:868
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59bfb45e464f029b27cd825568bc06765
SHA1a4962b4fd45004732f071e16977522709ab0ce60
SHA256ceb8f1b0aaa1ba575c3704e73fd77edf932d68c8be902b33f1ba3b1d130cd139
SHA512f87cce8bb5489b56027f5a285b948b639a1c7b0f213a111f057235177e5bffc537627c82586736704e398a0185cf2ad8ba8cdee788531fb753a2d08f16e906c7
-
Filesize
152B
MD5ae2a8f2ebc841509f7b978edf590d3cd
SHA191358152e27c0165334913228005540756c35bd3
SHA256631550765e3db02be0709748c0634a2cfdab711cea94f5890854d0c1dfbcb214
SHA512e52180dd175f1e6ff72d76400085869387cd70da33919de219a04dc26871e8421e93b22e7c59125c19c6ee54a8a8f742d796ac68ea9077c9dab5f03b80967d11
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize600B
MD590c6c337a1e53ba1a63404092de59c4c
SHA1246b92a6579ef6f5095d46690cd55ce0d29b5ebc
SHA256720a19f53fd3d8969478532ed870ddcd798497ec823ca86bff101d2abe8d6860
SHA51286c7a8e6537e679036da9b20e862eb5ee015e903aebab0da857c63417f7073adea68077f2f1a2b5ae4c2fcd25a38bc0845b5de03b170571a27938624afb13423
-
Filesize
4KB
MD5df9d1bbaa03c0f9e43324ea7a508052b
SHA1adc9c646a18b380d010752ac9c16aa10e78266f5
SHA2565145534e8dc2282299676a03fa81a0e69f0e35182d19728d38f773ce15f2fdea
SHA5127c684dc57547d90f7e89ba57d989e67bb9dc90c4f043154c2fa5734a9bca8727868290347f85e4bf279cf2663993c9e19386341fce9fec0bf802d6e2903df6d0
-
Filesize
4KB
MD5ece864f24b5de0baca67471b547a4020
SHA18bdac5f185e9b58c51f60f0dd08e26bac9a52d9f
SHA2569b222cd9e08467938102d0db7a8247d2f25e09039cd3751f974e70631685d1d4
SHA5122e510fe97872bef72dd0020f2bf74ce2dd0bf66b49798f3cdf02297083fc61e58ffa0ab205f8f21eb08a0ca2c01dbc1290b9c791b05438f3b4fabb8cfa0bc841
-
Filesize
6KB
MD576e4ccfddd74ee962f2694a46aab498d
SHA12d7a122d88cd0c6b8ac38f5d528836a10363e40d
SHA256512a140a5135495efd1c5e64f86812e1089bb549cb0a2f5851f9ab03d6474026
SHA512997b750f4e3f6e960ef4e23cf100138977c7d4769552aaa430b2eef589d8eb0ff4daa56b21063f775bc41feae6ef6f7f3f44f7078ea512ca723eeff305d7e90c
-
Filesize
9KB
MD5ab444f58d87c01eab43cb01944f0d612
SHA13d25e358e1b1ffc299aee3bf5e8c0388040884b1
SHA256a491c122950b1edb25bf10f40d3244a880e1e62ccf1d3ab3445f63997f0fade2
SHA5127907de7be5a233a8b910e6e6d8c15c2e49532f102f61675f7ab4fa145344da176741d28b6324a92724d52c19c6b050ce02359342ae76f48f721eeb669ec6396b
-
Filesize
9KB
MD5d2739343d9384e3eb631c5d5ad857053
SHA199b7863619d9ae74353342cbc89e7768f26ea24b
SHA256cb5f73ced3ae9268e4e960c10a776a7c72f2a0e20b712fbaa7ec97ba435ad4ce
SHA51265765f04ccd25db22c109a1d873a4ef86819ca7c5f60398a358e27d6e6266f5a36a1084db4bb1e2b7fda747c975fb9dbb5d2d407a56f89eb651610ad75781360
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
10KB
MD57e236e3207862e8179ddeb41f0bc6efc
SHA1099184b66ce0470df90feb44ce3a43f414ef2189
SHA25668434d93a616e82ffc5208451972d77c2f712cac865c9c66b65128064732d0ac
SHA512aee299eba175f103167b23d9109e2bb03a0b392a69777ef738653dac96ebc58e4d1e3be3696bf99f5955d5c52445dd3c4672bc275763b7d6dbc28e7e9a84e9dc