Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20230915-en -
resource tags
arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system -
submitted
25/09/2023, 00:34
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe
Resource
win10v2004-20230915-en
General
-
Target
SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe
-
Size
270KB
-
MD5
f9aa3d61b410ec59b8a1f5d9d287ccfc
-
SHA1
081685d3b83c654730fc6a22525b47c082ffa65d
-
SHA256
d9d93ecbdd4afca82d80c8e28f3e97e5cd0763ce59acaf2d1286ef85eca37a50
-
SHA512
2027a814984ba57b29f7d91cfb8a1d17b566a29ef7f7efb512bd2bcbf300bc131ca63de561aa27983e05187f654e89b19e90b1ffc8742fd37898ed3e3134aa37
-
SSDEEP
6144:vRlhrJ+j+5j68KsT6h/OCy5U9uAOSA82fqfqw6:vRbN+j+5+RsqGGuZ8ew6
Malware Config
Extracted
smokeloader
2022
http://77.91.68.29/fks/
Signatures
-
SmokeLoader
Modular backdoor trojan in use since 2014.
-
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 2732 set thread context of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 1 IoCs
pid pid_target Process procid_target 3564 2732 WerFault.exe 84 -
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI AppLaunch.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 2336 AppLaunch.exe 2336 AppLaunch.exe 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found 3176 Process not Found -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 3176 Process not Found -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 2336 AppLaunch.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of AdjustPrivilegeToken 22 IoCs
description pid Process Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found Token: SeShutdownPrivilege 3176 Process not Found Token: SeCreatePagefilePrivilege 3176 Process not Found -
Suspicious use of FindShellTrayWindow 25 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe 3616 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 2732 wrote to memory of 2336 2732 SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe 85 PID 3176 wrote to memory of 1692 3176 Process not Found 100 PID 3176 wrote to memory of 1692 3176 Process not Found 100 PID 1692 wrote to memory of 2284 1692 cmd.exe 102 PID 1692 wrote to memory of 2284 1692 cmd.exe 102 PID 2284 wrote to memory of 2916 2284 msedge.exe 104 PID 2284 wrote to memory of 2916 2284 msedge.exe 104 PID 1692 wrote to memory of 3616 1692 cmd.exe 105 PID 1692 wrote to memory of 3616 1692 cmd.exe 105 PID 3616 wrote to memory of 1788 3616 msedge.exe 106 PID 3616 wrote to memory of 1788 3616 msedge.exe 106 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 3204 3616 msedge.exe 109 PID 3616 wrote to memory of 4684 3616 msedge.exe 107 PID 3616 wrote to memory of 4684 3616 msedge.exe 107 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 PID 3616 wrote to memory of 2472 3616 msedge.exe 108 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win32.Evo-gen.17369.14688.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2732 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"2⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:2336
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 2362⤵
- Program crash
PID:3564
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 2732 -ip 27321⤵PID:4116
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\65F8.bat" "1⤵
- Suspicious use of WriteProcessMemory
PID:1692 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/login2⤵
- Suspicious use of WriteProcessMemory
PID:2284 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffe358646f8,0x7ffe35864708,0x7ffe358647183⤵PID:2916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,6598060475976807694,6832156282040063040,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:33⤵PID:824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,6598060475976807694,6832156282040063040,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:23⤵PID:948
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/2⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3616 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe358646f8,0x7ffe35864708,0x7ffe358647183⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:33⤵PID:4684
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:83⤵PID:2472
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:23⤵PID:3204
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:13⤵PID:2280
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:13⤵PID:1660
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3864 /prefetch:13⤵PID:3888
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:83⤵PID:3924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:83⤵PID:2504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:13⤵PID:2752
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:13⤵PID:2720
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:13⤵PID:5056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,10468242684103281672,14748137690765837205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:13⤵PID:3996
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1752
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3040
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD56351be8b63227413881e5dfb033459cc
SHA1f24489be1e693dc22d6aac7edd692833c623d502
SHA256e24cda01850900bdb3a4ae5f590a76565664d7689026c146eb96bcd197dac88b
SHA51266e249488a2f9aa020834f3deca7e4662574dcab0cbb684f21f295f46d71b11f9494b075288189d9df29e4f3414d4b86c27bf8823005d400a5946d7b477f0aef
-
Filesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
Filesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
Filesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
Filesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
Filesize
152B
MD516c2a9f4b2e1386aab0e353614a63f0d
SHA16edd3be593b653857e579cbd3db7aa7e1df3e30f
SHA2560f7c58a653ae1f3999627721bad03793edc1e9d12e8f5253c30b61b8478f5c81
SHA512aba1ed22c7b9ae1942d69a7cd7a618597300ae5c56be88187ddec6227df056f81c1d9217778d87fa8c36402bce7275d707118ff62d3a241297738da434556e06
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize1KB
MD598ef50bd69fff2f55ac67ffd68585d48
SHA108b975792880fe8e37989ab27ea7f5337f0438b1
SHA256c95c052724c100fdbbc07f69ebd391528ac0a04f14e2ec1bb6c2fd691e53abe1
SHA51292d43940b19a1f6c63f5d282132562970d4060fc333de6476cf64bae4ae210b96196f41a8c0908a4acfed26a290007a6d5b294b2fc80b3ff97d18d92662e5d7b
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
1KB
MD56603ba4099121f2f4188947ad87c66ee
SHA125bf9cbab33d1cdabbb239ef7d164b5799b286b7
SHA2564e065997cf7b13abc9cb6a05032ffccb033e8ae8d681500da9b2e9dbac64c993
SHA512aa69a651469516e30e82c161ee13b1cb3c5eab33254d5a9304d80d959fde2fab05c05b5f3f2a71f8deb407de196c34ee4a9375bc7a932a6ebb13fab729fe9f85
-
Filesize
5KB
MD5f15e41e96b6d1e89fb8bf6c9da83976f
SHA1bda3aa249bf89298eccabb92a61dfcc81443ec10
SHA2567ea35183a26f92f4e7c0879b9081ab385e55b521026d31a71230cc3a3b385cee
SHA5125ebf681e83f5f607da407a95ec2dfc96236b528b2acf7794bb8cc8ea43f703fee3b747ecf3b970a27259c4e28216c26a1b94ed3910a9f6f8cad148542c120b8a
-
Filesize
6KB
MD544e723f396d7816b4ed54bec8100df17
SHA15b8a2548571af4844d579679d524ce7014dc919c
SHA25630ca2e0735adad0c912afff8b05d10069bb66752360f42ccdbe186e0363f9a9c
SHA512c8e8f3a7db3c0292c6834c9da792b6fc62f74ddb0d6536748016c33ddc3dcd1b01814bef44180c24c658c73524ea592a85ab7ee5e86d103fa80e8c7b85c25294
-
Filesize
24KB
MD5699e3636ed7444d9b47772e4446ccfc1
SHA1db0459ca6ceeea2e87e0023a6b7ee06aeed6fded
SHA2569205233792628ecf0d174de470b2986abf3adfed702330dc54c4a76c9477949a
SHA512d5d4c08b6aec0f3e3506e725decc1bdf0b2e2fb50703c36d568c1ea3c3ab70720f5aec9d49ad824505731eb64db399768037c9f1be655779ed77331a7bab1d51
-
Filesize
872B
MD5c94d55d744b5c27498d022dff57c71fd
SHA18f94c287916e6dd6b1e30dbf7327cce581a45f9e
SHA256a38c80ecc9d73749382b250573d5016bc68204524f87ba6da394d52425985149
SHA5129cc824c9f42f2a310011aabae753913777b7fa777c9cbb2b68da7ea9746bd9cfd40563d5162619881b63401f49ab35ccb8e21daa4cb72bd868dfa8c2bf00940e
-
Filesize
872B
MD56362896d8fc2004c6d73636b66745699
SHA195f7ab75e913651d52905cf234ae3e6aa597edf9
SHA2569ada25675e638e52b6be7c634b5ea2b5972885073eabaebbd450564d63c97cbb
SHA5128a98da83dbd3ffe9abfd136872bf0174a73cb035fdb21721616880f5d75e6b4778ac4ed2dce3e2f2ef576c26b92bfb6bfe33c516b4daf897cd11b5530ba1f2cc
-
Filesize
872B
MD55bfd67be0ad11e1f7627cacbd73f9222
SHA119eaa1528288fb92afd02978827c388f9f98bc1c
SHA256985e68e9dfe0e70cfa1f99d8ac254962d1e9b076c3cad32fcdc629794576cfbf
SHA512663ad1b12074effb7d9938ae99998ccc900eb7f4893e41f05741d395dd44f1c93656b3b17b8b2a0ab3dd8b693a8520dc0d2284c691f9da8f6a6417635fcabb2b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
2KB
MD567c574f9f32841101dfc814b51100787
SHA198d92d655dc64534f7dafd6dd6faba4dfb77cbc6
SHA256152eed815f53d9ac64b3b5722b39ef658e014cd5a9ea02adfa4149395a7b7d26
SHA5128c037de8d49a65ca5439224f948abe3360557aaf2714dd313cf28e248d81f9a92b1bb762e439bda8ad402ae323b4b1ec9d2ffdaf8c8b91fd01847313e0fdbb2e
-
Filesize
2KB
MD567c574f9f32841101dfc814b51100787
SHA198d92d655dc64534f7dafd6dd6faba4dfb77cbc6
SHA256152eed815f53d9ac64b3b5722b39ef658e014cd5a9ea02adfa4149395a7b7d26
SHA5128c037de8d49a65ca5439224f948abe3360557aaf2714dd313cf28e248d81f9a92b1bb762e439bda8ad402ae323b4b1ec9d2ffdaf8c8b91fd01847313e0fdbb2e
-
Filesize
10KB
MD5b282c4e818786ce1b3f63270607d859a
SHA15206bf9ec3d63fe523ea311ff3e7a9b0ef1b16b9
SHA25663d60efa1439b388c82fe5d1413da896e40767f2f68c8ff1ee76116ecc2f514b
SHA512a5ff8cc02f40d43dfa2519ff41080c8ed28a66263e6abc78d5f67a405414951cd0b6ec88dd4857d276991722f6c17bcc131d1432db05bbc284e8d71adc30cbce
-
Filesize
79B
MD5403991c4d18ac84521ba17f264fa79f2
SHA1850cc068de0963854b0fe8f485d951072474fd45
SHA256ef6e942aefe925fefac19fa816986ea25de6935c4f377c717e29b94e65f9019f
SHA512a20aaa77065d30195e5893f2ff989979383c8d7f82d9e528d4833b1c1236aef4f85284f5250d0f190a174790b650280ffe1fbff7e00c98024ccf5ca746e5b576