Analysis
-
max time kernel
152s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2023 06:17
Static task
static1
Behavioral task
behavioral1
Sample
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe
Resource
win10v2004-20230220-en
General
-
Target
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe
-
Size
109.2MB
-
MD5
3fd9d81c06743c2eaffce6995ff1e46c
-
SHA1
4c64ea9050da098573ed0bf08a4ce285cb915465
-
SHA256
f799e7e81b66cf7d787abc864ed82c3dc5fd2aa95c9f3d24a39c79a3741d37c1
-
SHA512
ca57c64ff307cbf16cc4e6cfecebf50ff609de8de62d0ff5519296ecb69764af3635052d0a79318d1a43378f9a704b51b01b6556a010a1ab6f009f21d511df9d
-
SSDEEP
49152:tpSLLUdk/rsMH0S1VaCS/8YpDAb/0tZ4DTtoJjOK/uQU14N0aCoWqGoUZfaqqAn/:tm
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
AcroRd32.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
Processes:
AcroRd32.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Modifies registry class 1 IoCs
Processes:
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe -
Suspicious behavior: EnumeratesProcesses 28 IoCs
Processes:
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exeAcroRd32.exepid process 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exedescription pid process Token: SeDebugPrivilege 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
AcroRd32.exepid process 2176 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
Processes:
AcroRd32.exepid process 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe 2176 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Praxair-Prostar-Platinum-Regulator-Operating-Manual.exeAcroRd32.exeRdrCEF.exedescription pid process target process PID 4992 wrote to memory of 2176 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe AcroRd32.exe PID 4992 wrote to memory of 2176 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe AcroRd32.exe PID 4992 wrote to memory of 2176 4992 Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe AcroRd32.exe PID 2176 wrote to memory of 3644 2176 AcroRd32.exe RdrCEF.exe PID 2176 wrote to memory of 3644 2176 AcroRd32.exe RdrCEF.exe PID 2176 wrote to memory of 3644 2176 AcroRd32.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4720 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe PID 3644 wrote to memory of 4620 3644 RdrCEF.exe RdrCEF.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe"C:\Users\Admin\AppData\Local\Temp\Praxair-Prostar-Platinum-Regulator-Operating-Manual.exe"1⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4992 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\s2zbang14fc.pdf"2⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140433⤵
- Suspicious use of WriteProcessMemory
PID:3644 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6EC0C304A8C2F0012DC7523753807A0F --mojo-platform-channel-handle=1736 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4720
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=EF619C3F0DF97E1E80DF70C63EFC8B3C --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=EF619C3F0DF97E1E80DF70C63EFC8B3C --renderer-client-id=2 --mojo-platform-channel-handle=1756 --allow-no-sandbox-job /prefetch:14⤵PID:4620
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=F6007EC0E278033BBB21CC24F388B5D7 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=F6007EC0E278033BBB21CC24F388B5D7 --renderer-client-id=4 --mojo-platform-channel-handle=2316 --allow-no-sandbox-job /prefetch:14⤵PID:2692
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=740D025A24ED1D655CA2CB8DD37E26F7 --mojo-platform-channel-handle=2588 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4004
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=226557747CA242118ABBD758639321DE --mojo-platform-channel-handle=1928 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:3364
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=9C90C086D1CEDB3E05FB876E25C7FB10 --mojo-platform-channel-handle=2668 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:24⤵PID:4628
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3748
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
64KB
MD5701c75be0f1fcbcec555efe3b5934173
SHA1821d2dd5a02e84f04af1f73c7fe071f9d996a1d2
SHA2565a58ec75597be234ea07df5b9e2ba0631ec29281e1da9db0638d6e0d49127e9d
SHA512a21b3c6fd1533c7c2917141bd099b8646d3a0d5b996c480136d4f16867d52270555de60cc8f6d5d0e171ceb88a3db06f79faaf3a7ba0b924cfebb67b1e08ef84
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
2.0MB
MD5bca2b414927295c683c7592e99bbd76d
SHA1fa23efaee9a164215c272b14e20a6ecf35a58c84
SHA25672462f1ffc92e6f41feccf191972c51ef3a62ea58609d910f3c0a5f46675c2c4
SHA51286d92e22280d311b437322467c60c7117786d10fe4091f714bb4d8313d12e636a0e9fd728eae9da3cae760136c8ae9f4e0c019b23f3539a995ed7f5ce7a0a656
-
Filesize
81B
MD5c9bc39f484f4ca8d95da03ee9c02ca92
SHA1f2c79f78718b158efc299103e95530f4f6dbb515
SHA256c7c818159325b980d25ff65fac6cfb1b3a7d3dc34a8ffd49b49eba3dc0c6b5ef
SHA512a0448a221f3f51e8726e51f0c34bca101bb1f83c00e495c7a7d16de7943984dafd6a45e6e1f5376c2a00fab23cc8e032e5446029b0001e0984d05fd0445abab4