Overview
overview
10Static
static
10w-azure fixed.exe
windows7-x64
7w-azure fixed.exe
windows10-2004-x64
9discord_to...er.pyc
windows7-x64
3discord_to...er.pyc
windows10-2004-x64
3get_cookies.pyc
windows7-x64
3get_cookies.pyc
windows10-2004-x64
3misc.pyc
windows7-x64
3misc.pyc
windows10-2004-x64
3passwords_grabber.pyc
windows7-x64
3passwords_grabber.pyc
windows10-2004-x64
3source_prepared.pyc
windows7-x64
3source_prepared.pyc
windows10-2004-x64
3Analysis
-
max time kernel
1709s -
max time network
1718s -
platform
windows10-2004_x64 -
resource
win10v2004-20231130-en -
resource tags
arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system -
submitted
05-12-2023 16:07
Behavioral task
behavioral1
Sample
w-azure fixed.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
w-azure fixed.exe
Resource
win10v2004-20231130-en
Behavioral task
behavioral3
Sample
discord_token_grabber.pyc
Resource
win7-20231020-en
Behavioral task
behavioral4
Sample
discord_token_grabber.pyc
Resource
win10v2004-20231127-en
Behavioral task
behavioral5
Sample
get_cookies.pyc
Resource
win7-20231020-en
Behavioral task
behavioral6
Sample
get_cookies.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral7
Sample
misc.pyc
Resource
win7-20231201-en
Behavioral task
behavioral8
Sample
misc.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral9
Sample
passwords_grabber.pyc
Resource
win7-20231130-en
Behavioral task
behavioral10
Sample
passwords_grabber.pyc
Resource
win10v2004-20231130-en
Behavioral task
behavioral11
Sample
source_prepared.pyc
Resource
win7-20231130-en
Behavioral task
behavioral12
Sample
source_prepared.pyc
Resource
win10v2004-20231130-en
General
-
Target
get_cookies.pyc
-
Size
10KB
-
MD5
d157cf31f7829c5c9c88e656409840c6
-
SHA1
1d53ed755119f80284b52f2e17198e2943452b92
-
SHA256
a68afbac4d16fa89db22d81f6010f520868fafd50c1b2c8d868a662d210301ff
-
SHA512
ccbdfc5c9db196f0a10195c6f52e6fccf073020a6715f2407da23800b12ef9bb6d7e7ffe08cbe448bea7fb7b5ef8772c931e2e129d3ec73151dafcbf7c610793
-
SSDEEP
192:TzOCIeinQfUF9LdwOEVOFc1mNe4qo+zEzzzzz1zz+HoowAE:TzOUiQccEe4qoOIAE
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
Processes:
cmd.exeOpenWith.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000_Classes\Local Settings cmd.exe Key created \REGISTRY\USER\S-1-5-21-3936660601-1848837011-2142350499-1000_Classes\Local Settings OpenWith.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1108 msedge.exe 1108 msedge.exe 216 msedge.exe 216 msedge.exe 4784 identity_helper.exe 4784 identity_helper.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe 4132 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe 216 msedge.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 4200 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 216 wrote to memory of 2220 216 msedge.exe msedge.exe PID 216 wrote to memory of 2220 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 3112 216 msedge.exe msedge.exe PID 216 wrote to memory of 1108 216 msedge.exe msedge.exe PID 216 wrote to memory of 1108 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe PID 216 wrote to memory of 3316 216 msedge.exe msedge.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\get_cookies.pyc1⤵
- Modifies registry class
PID:2232
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8ca3e46f8,0x7ff8ca3e4708,0x7ff8ca3e47182⤵PID:2220
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:22⤵PID:3112
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:82⤵PID:3316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:12⤵PID:4520
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2176 /prefetch:12⤵PID:2748
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:12⤵PID:384
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:12⤵PID:4956
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:82⤵PID:4696
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4784 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:12⤵PID:3192
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:12⤵PID:4840
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4056 /prefetch:12⤵PID:2956
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:12⤵PID:2960
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:12⤵PID:2180
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:12⤵PID:3788
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5316 /prefetch:82⤵PID:2108
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:12⤵PID:1912
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4628 /prefetch:12⤵PID:2584
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5872 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:4132 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:12⤵PID:2984
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6828991080429844423,17329943854267794021,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1092 /prefetch:12⤵PID:4224
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:760
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1732
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD558a9ee207caef8b6881b10e37b4cbc97
SHA1fa5f0c8626915f39161abb48df2212a79c9c6abb
SHA256fa60e147e18bd39cb6ce21d725ef37a2072d1d682547d9f7393d3f99e63711f4
SHA512dd20d10299a8c628c74adb51239c3869a01a731e42946f0039c9138c03524d8c8a940716226f10aab0b0c7aa230195a27e91aea54eed611c6e5dc9f02fa90355
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5699855dac4c3e1ac7f7d5bc09714c5db
SHA17c80099e9bc2152e8b2750a95b7394443d72a391
SHA2566651884e0d37b9f757c828f27c5cd54d073870b6b871eb3110b56e9f03cc3135
SHA512b453027bf5beb34f6b964bbbb37a075a1fd12d4115049e9782830016787d0b80c012f8b21236bb5fe00da45a29651d8c3e45c99fd1d31d7ea3e9161a2153b0e8
-
Filesize
5KB
MD55068f90553259e023b8a905c2b29a387
SHA11ba12a4168449823d471503752100c5ff745b991
SHA2565cc7a539f017d554a1e7416c742a31806c5113261b879d73a247aadf76a3b499
SHA51256abf0093c29dca30fc5003e916f8ce4c7a24856ca33d6eaa57a87372f8465fbb8cd5ced99846abf8ae603d429dd922dd824ff09fae3ed6a75fc3974f93266f6
-
Filesize
5KB
MD5df5e29ecf28077f6d95cedae6e94d469
SHA187d26636caafddf2a98646d88eb4194bd9b20e83
SHA2565a8c7ef17b6b40667df162eee77b90862704195793af9274e9778ae3826a6a86
SHA51235a494480164b02edfb2b6fde0e170bbc245dedb255680d7ee4de187c1f1c87a39354565182591480bca5c10257c8c9432c16d00d3c23151b392bf55c61a8763
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
4KB
MD5a92dc3235a1df5eacc602ef2de530a06
SHA15d1d4db4c6ac458d4a5c617662f303d266e9fa57
SHA25668f165dd29ca2d4911601379e766a90d2a71b667b637926c9a9927445ffa8e49
SHA512233d0e1ab3daf7ee47d50aa613664d576e60cb7c0de0f343865e48bd347b4a0e888d5a17c4b4d018f15c16edf75853dcb81121ce84466950324d38f71272426e
-
Filesize
4KB
MD565473890cf38bc8af6cd423ad363ec09
SHA1f25a7c6686132cd69f7a8cf6b51167ba07b6978a
SHA256e80ed1039f9e031b9fbd03f1cb7f6ef53fc01f84e747544bab3166c1b3e2dda1
SHA512ddd2471628ffdf23495cb55dcee4cf14533b7f64c22cd17b9fa46fc077fd6b8e3bed31ad08935e8c7e01dd1baf00652a2d64413a5f3b2f19faa34be11631726e
-
Filesize
4KB
MD5332718e8d12d1f7797518ac4018a5ffc
SHA1a67714e123f9985d6eee9104f5bf3663b629863b
SHA2565091d48b448106af857b7f40b68765a245cf4cc041a009163ef433caee3fd83c
SHA5129f172a2c07369da6fd7b457da149aac197410f7d3eb8a305bce544891e531a47a55e0e58cf7356290ea6e9039ae8ddb8f1eefe95a82b55c91c97440cb55dc0b2
-
Filesize
4KB
MD588eb22d53c4f46af73b3fccb6b4b5fb7
SHA1286c4de7d04abea00a9027f848e9ce691044f3ed
SHA2568e6393778348adb9216d6a8adf41cc70fea8dd9d16748d912421dc6876d12e7e
SHA512a770d21e834dfeb9ebe5df582fc31d8289008828ac91734468e29339edd0235d0fba4f8bfaa1f2a1c1c65d5951927deeec71adb3754db85230ce7fd8e2054196
-
Filesize
4KB
MD5d46a4fdf110688c8f7966751d7e3d524
SHA1300e86176c7745d598160116c9950e680820a320
SHA256b50a15c8db59d852fd606e4366fb96659bc77bccd29ce00be2ea78bee81de827
SHA512c07a7f2bf249a9e880d2094d61fecd16be0624559e4b1b6908d860b659d193433876f5d9657f46e3a2479a9f66317dd2c3dfbc1af02228e3f34301afe744c281
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e