Overview
overview
7Static
static
3Elsify v2....er.zip
windows10-2004-x64
7DiscordRPC.dll
windows10-2004-x64
1Elsify v2.deps.json
windows10-2004-x64
3Elsify v2.exe
windows10-2004-x64
1Elsify v2.exe
windows10-2004-x64
6Elsify v2.pdb
windows10-2004-x64
3Elsify v2....g.json
windows10-2004-x64
3Microsoft....ns.dll
windows10-2004-x64
1Microsoft....ng.dll
windows10-2004-x64
1Microsoft....ns.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1RestSharp.dll
windows10-2004-x64
1Analysis
-
max time kernel
148s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-02-2024 11:41
Static task
static1
Behavioral task
behavioral1
Sample
Elsify v2.2 by FrostChanger.zip
Resource
win10v2004-20231215-en
Behavioral task
behavioral2
Sample
DiscordRPC.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
Elsify v2.deps.json
Resource
win10v2004-20231215-en
Behavioral task
behavioral4
Sample
Elsify v2.exe
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
Elsify v2.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral6
Sample
Elsify v2.pdb
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
Elsify v2.runtimeconfig.json
Resource
win10v2004-20231222-en
Behavioral task
behavioral8
Sample
Microsoft.IdentityModel.JsonWebTokens.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
Microsoft.IdentityModel.Logging.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral10
Sample
Microsoft.IdentityModel.Tokens.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral12
Sample
RestSharp.dll
Resource
win10v2004-20231215-en
General
-
Target
Elsify v2.exe
-
Size
253KB
-
MD5
9e95e8f56cb6f3d1cdc6ccb08a76c912
-
SHA1
151a1f3272d55f1dcbeef162b7f70d04025bc098
-
SHA256
595fd61801d2ea5739d688e2b22a83f2917bc532fe82c02734972ccc159497a8
-
SHA512
026f1f2e86b684a069eca4626a7ff209bcd8017cd9e47bc96c6d13dab5e2811e3ab830211495971ce29e9884b17d0e0928e4b68692dd12ee5ef0ace5145d7907
-
SSDEEP
3072:MguAgTsGLYEZl70PsLko1Gs2T/0oim/JbRZzlZ2pqqJhBbC:M5twsLko1Gs2T/pPlZ2wqJhB
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
Processes:
flow ioc 99 api.ipify.org 101 api.ipify.org 204 api.ipify.org 206 api.ipify.org -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 1 IoCs
Processes:
msedge.exedescription ioc process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1815711207-1844170477-3539718864-1000\{C7B8D5A8-0F90-486B-9BAD-24C471550AAB} msedge.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
Processes:
msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1480 msedge.exe 1480 msedge.exe 1696 msedge.exe 1696 msedge.exe 396 msedge.exe 396 msedge.exe 2256 identity_helper.exe 2256 identity_helper.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe 864 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs
Processes:
msedge.exepid process 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
msedge.exepid process 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe 1696 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
Elsify v2.exemsedge.exedescription pid process target process PID 496 wrote to memory of 1696 496 Elsify v2.exe msedge.exe PID 496 wrote to memory of 1696 496 Elsify v2.exe msedge.exe PID 1696 wrote to memory of 1744 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1744 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1316 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1480 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 1480 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe PID 1696 wrote to memory of 408 1696 msedge.exe msedge.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Elsify v2.exe"C:\Users\Admin\AppData\Local\Temp\Elsify v2.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:496 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://direct-link.net/26814/valorant-skin-changer2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffd797c46f8,0x7ffd797c4708,0x7ffd797c47183⤵PID:1744
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:1480 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:23⤵PID:1316
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2648 /prefetch:83⤵PID:408
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:13⤵PID:2456
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:13⤵PID:1236
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:13⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:13⤵PID:1144
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4648 /prefetch:83⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:396 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4152 /prefetch:83⤵PID:3552
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:13⤵PID:3304
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:83⤵PID:3824
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2256 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6324 /prefetch:13⤵PID:2428
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:13⤵PID:3720
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:13⤵PID:1332
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:13⤵PID:1200
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4908 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:864 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:13⤵PID:3508
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10579252605474073264,9231698693118988613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:13⤵PID:2668
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3648
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:2500
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d5564ccbd62bac229941d2812fc4bfba
SHA10483f8496225a0f2ca0d2151fab40e8f4f61ab6d
SHA256d259ff04090cbde3b87a54554d6e2b8a33ba81e9483acbbe3e6bad15cbde4921
SHA512300cda7933e8af577bdc1b20e6d4279d1e418cdb0571c928b1568bfea3c231ba632ccb67313ae73ddeae5586d85db95caffaedd23e973d437f8496a8c5a15025
-
Filesize
40KB
MD5548766a02d7934da88adcb6fcc8b9bd4
SHA1e74c725a60f34c24df197d979789b9337f68a0a2
SHA256f73fb44c10dd3f49d9deff697eac37b89cd375abfc786de73928dcae423a2182
SHA512bf7113f7aae373a8049bfe8160fe3f774b9abbf0afb441b8e0dd8355c93e11f463dc09714c866dce98b85ae56d0af31af3fce81511ac69951d0b458fad56a4db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize936B
MD5e681b1138fc1f00a76538d3cf9728726
SHA142234f6ae89e3592232a0b30eab8f8303ef807eb
SHA25668b726052005f135c4aefed5764dad508635cbd03d7175f29d0160b1c0f7733e
SHA51299a300b8f61ca060d4bdfc2764bd91ac76c5944ba349baf2ddc4a884862b4ca0587edea1370b0374a7dd668aa5ae747a86ce4a4d3a9d20c13eb068ccdc9fa5b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize624B
MD5b5626c8cf3d1eb9ab6f9720b781a60b3
SHA1bd19af8b579cf80590282437086c0650f5033840
SHA25665a6b1f14245ac9da28e45d3879adccea4081fdcfa77a77f8ad70c42e90286cf
SHA51288669f3661ecab846924bad63b0968690d4e017808719258554a7983a770317a54b34a3a30da73e87daf5c1957e9762a3853bf57382170c1f54db89f58f38a01
-
Filesize
2KB
MD50b2611fb5fde6915725e9961810971ee
SHA1434f196f6152b307317a3ca1d6fd83c4fc2143b8
SHA256d2d7c179defab991fc7ee3626dbd32a0ea08cfad5fa27fca896c43576659ab3a
SHA512cc35a36d1fbd175ebd7f18bab4dda353497086a673405b3eb0012a0ddb49555117fd9b2ca20cdbcf45f4db77a530411e03efe4e5f341e8bd688f706e111eb97f
-
Filesize
2KB
MD558ed19272ae89b77bf1afc92f84ade84
SHA1b4e4f0102ec12a7b0bbdf5d2c375124ae3f9292f
SHA2563aea3f40f2c98dbdacfb15511188cb52a6639318e59ae4207048d650a00eb298
SHA512692c1193d129cd89a06cf5b75908b238fc4714cc7217d7c4c111daabc57b07741fee79542772af1da57e919ea421c52a66323f1b07a0ea0a0894f0781aa7ae68
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
6KB
MD5bcfa76a610599484574c9c876011567f
SHA1ba76705d9cae5c32375773d906dfe339176bcae9
SHA2566d63a6e96a0fca990a66a544de89909959f6ce931f2917623f983602ddfd1ce0
SHA5122d725650b91f2f6cf80236bb3bcc1c0010fa40ec284330ef079bbc14ef8720b08c70c166aa4000b2081be207b61241d1eb1f7ed003514776b14d21bf70e6edb2
-
Filesize
7KB
MD54d373d57e9d9232647f044460c7ca5c7
SHA12a239b26adebfe0ec7710cefa8e775f143f6164d
SHA256d0f6deafa9f3f73a55d9b0bb8fa665d69dc50b2c4c89729bf0650ad1395bc578
SHA51289d7f3504262bc53464a5fe6e7fedf40e5a506771dcf25b8f0032faeaf809063375c2246e2d637234bb5efa6e13c8ea7138aec959fed1a0eda1b85f8b7cd1412
-
Filesize
5KB
MD561db149217460c25dae7d4041c8d93e5
SHA1d19aafdf71b56c6b1994c5ce513b9711c4fdd457
SHA256bf6b17b693435951e225cbf61581f54a7b3518d5458ae5d71c232d001574fc7a
SHA51237672d58f8a15ed09aa265ba9c209cab8d2f2c3e9fd0fbb5c321f606ccacf96b6d95ddb80b2c4b30acf53b67ee1dc968e6b0b6f04448d4fa7dffb7032b96e501
-
Filesize
24KB
MD51d1c7c7f0b54eb8ba4177f9e91af9dce
SHA12b0f0ceb9a374fec8258679c2a039fbce4aff396
SHA256555c13933eae4e0b0e992713ed8118e2980442f89fbdfb06d3914b607edbbb18
SHA5124c8930fe2c805c54c0076408aba3fbfb08c24566fba9f6a409b5b1308d39c7b26c96717d43223632f1f71d2e9e68a01b43a60031be8f1ca7a541fe0f56f4d9f2
-
Filesize
1KB
MD506c8bed298731b89757f5824068f20f9
SHA10da0a243d1d41bf36bf363dfd5c53ff8e6caf5a3
SHA25634cc3e5e63db74670aa99ed4fccdf3a8b0c12b60753e996c751501f3c57423ba
SHA512ac32389bbce975acefaadce64361c8927431dbdb4f23107958316ad75a822811459fc2d5c4b050532257be570c209c335a73642e9f38dee06523d8a7b1c326de
-
Filesize
1KB
MD5a8bc18f91ecc77648d9ae3934c2f36e6
SHA1d0823c345ed2661c1f67af30665bacd6c58d6d0c
SHA25620183529fb48b12d490381eb9c9a8afd8a17d91650cf333ccdfdd91a1fb1febd
SHA5127c2f704a764d2614d6541002b8a8a0c9b645d3ce25f2dc51e2e7716592d8cf25f97860ed65fe6aecdb75690960525897e9cc50cf51f6eef0e8b295528187538b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD593d9a290950db60c684141a8912b6980
SHA13e1e1ede450a28247c2f52b4e3913e3403d9e1ab
SHA2566b9d09d07ee92230398783c86e8d67a21d05fc7ce63dbaaf75b8f6e1580e5f41
SHA512a933d1ffdbd0880345c50df8369d0d8c3af668938a109daabb3c0abb8331c910bdfe6c03e9b1a6c07faf5b2838b0b67e0841902508faecc388d977d5319eee53
-
Filesize
11KB
MD5936c28ee5476bedd63afa72273c3e762
SHA178eda4fae3977ee0076bc6c39d2112147e378be7
SHA256e20e5f5282e32955092b9b62207506deec91b02b6293a907b7c33dafe75ff839
SHA51276800fc18786acb8c6c688e0efe2f13afbc6f32932820276868c4edb8995f963099b81a35433ddc28a87ed4dd33887da08c153651c82c3c05597f5c2c5bb9be9
-
Filesize
10KB
MD523ad446156bda95876e17277a5bf8d04
SHA177516dbc67743c51f11865353ed7bbb58fc4e4d7
SHA256e97b9f774061002c21422f90dc48850a540a49624ebd78e33e1b682ca6ce8080
SHA51202e99bf1a404535e21f90b4c36036421ce13bc837e7816442103f0d8dc081e377971089986fde9f7ace0beb7018dea6f88a5485653ce72281fe74bf10bf09077
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e