Analysis
-
max time kernel
150s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
19/02/2024, 21:33
General
-
Target
https://github.com/hacxx-underground/Files/blob/main/CraftRise%20Database%20Leaked%20May%202023%20-%20Free%20Download
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 12 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/hacxx-underground/Files/blob/main/CraftRise%20Database%20Leaked%20May%202023%20-%20Free%20Download1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe8dad46f8,0x7ffe8dad4708,0x7ffe8dad47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4808 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1820 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6324 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4836 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3656 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3320 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6892 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6532 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7144 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7372 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3392 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=8036 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7292 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,16897286003030527573,5856082959958237445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD51386433ecc349475d39fb1e4f9e149a0
SHA1f04f71ac77cb30f1d04fd16d42852322a8b2680f
SHA256a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc
SHA512fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e
-
Filesize
1KB
MD58bb3cff1ee312190fede0ca29db58ea5
SHA19e7e664421d0f6ce9cc2891684728703fd5c15a2
SHA256ae055cf9a0bff88f430a89c65fb317b74af0dea88505cf1839436f85e3622995
SHA51271cfa3baf16117028c0a1f21bee51ca9f1f604bda743fdf0f185e853fcea27f9d4bac548a6c0fb674728e9b7cd2ac5a24835d235cf42f3f37bd19340b4103349
-
Filesize
2KB
MD58130b644497d1687cc9ff771a4d97a9d
SHA1716421da7ad84b748158e041662ec05423d41e13
SHA2560c9d3c93f5112dc155c1e87f5d8f24160bd9849cd90e257c5c596d36e776dbe2
SHA51287c87b820a534b49640f9abf08f8f98733141b49795c78f76eb78f3ed91f0e342efb19cfd60b3b1d6fe6168651b0565880c4e74b2f0ac217633e6d7f8440feda
-
Filesize
3KB
MD5ff075489f67204534cc8a8a75ea9500d
SHA1da097cc3a562da831be9603c77560241718824cc
SHA25626f904156be4a43272a66b9527c9102167473700edd789be638934d3f2bde192
SHA512eb82b96c1b594a239a492c878183d760c2980d37aaa028d1f691777f3699fb84f8ed7535351e540603c4457d53206fa85db6258d6441d09544ce58e4dd5088dd
-
Filesize
3KB
MD59c61d430e31cc9950e444a43aaef8bbb
SHA1e16985650e426f1c93a037cb6ba1d11d94217fad
SHA25636229beae8a8452c109f8ddb549418768114df6c54fbc0aa1fbcbf351c99f032
SHA512468c45328d08eff52433dd6ecbd5248c61506b4165576680f626f252df8c8e407c1f96ac0eb7aa51a19126dc2036951e1abd17c60691b4479ee74e57f0dc1324
-
Filesize
2KB
MD58db8f63e85a82ba47df4ac4ea8fca88b
SHA1623a1130f07e8988b4254ec966ee30ae1f812e6a
SHA256d1cf79517467559b527d36e5dd2f0a13e8246531462987b55ac21dbd6583cc6b
SHA51205381d8322f18b013a8403340d020cabc39f53a6ec503d030e3453e5f8e0dc1fa48d5dab8f500133c86a1130dd5d815c094a5c890846af955b866b51143630d7
-
Filesize
4KB
MD501d7cc13c4350255a5dd90eadb058e01
SHA1e5d175b62936c27385b37995d5a6fd3bb0016bbf
SHA2565b2f43334cab154cfdb80d5f0d3444993f2b5fee0e53866139a0fdfd0ce7a39c
SHA512632cb916374d0e88f8a637dc6b65e440845b19bced18b1ae85bacb59a784688bca0e036f3f1f0442724d0c1d2d2c8392095b4664c466d2ffd625fe8f09b5bcee
-
Filesize
7KB
MD57d4f60272996a94e2b3142656eb63502
SHA184ec768fe8afa77f0e5af78d0601fe9800e28cff
SHA256f2a7b9c40321f38c8b011e4bac99a92188c1f9a099f9e7da2f6f940da720eb14
SHA51223d8e3a27453c2ace9448292f3ff98955f9a95baa2dbf5789719c264d83c46af28fb60ef413b155b1d4ddff57943ed217b42524b1d24456e14dba00c6cb716d2
-
Filesize
5KB
MD59453cb7268afc9d0d2aa19b5e5e290f8
SHA180b0e198827a749b84184df819b226241edfeca0
SHA256b9d915f97732a98ac0fe666ba36f29f351d784269beed36cc0ef6ea9c3cc753e
SHA51298c5a4bd0093c6f11cfc7620e12ec8598ecbd98b0c89edf52d1c420875171a59bc6f2f842cd4132689dfd7e82bac053279f7e8bad0fa1b47e37d33afbdc99b09
-
Filesize
6KB
MD50556e4a454228f0d13412bfb9307fc30
SHA1c3c9e75590aeeac7b5a9a1eddf914b9c93dfeba6
SHA256a71af353744ed30efe727dc23839250eaeff50a463be2efa4465451d53fd066e
SHA512891e1dd212d394396d4aa24589c0d348484a576e773436f1d39461e901b4785cfdbe067ebe595a63aca22ed6682fa4444dd4e4814e53095ce382f571a077ca5c
-
Filesize
6KB
MD5789911c4298ec00da255534f6d1ba89a
SHA15d241b7e6fecf706cd0b0411faa7a1cd31b41fb5
SHA2560402443f003a9d6a35ce5580a38e3d075fe5ede993194a25c82c5381d44d47ec
SHA512db5665085d6d3b1085b2d04307d8191cc31ffc9cce1ccac0f47f65215a6f6a1c2f49335c0a01563391c1440011c53ba7d74f5e060c7754ff05dde5c14515c57e
-
Filesize
7KB
MD5d3d50ed476de8fb909d96cfb6eb0ce0c
SHA11fc61f11376d600cb14c0ec2fe4b3cf0857d0742
SHA256cef246452e8a1356885cdcf94bc0bcc08b115d52bc2a325d3a2d2c53e168ac49
SHA512b5f4467e9c62344cb9d90fb1139c6ed5a99404e14d1366800e20c2c64990ac8794070aff6d857dc7d8671e6605bbe229501bba5660974f2b51684f6d36800f44
-
Filesize
6KB
MD5f4c67ea9466f4045135bde0a451471a5
SHA1c2ac3d26a69a772ce40b112a75ccbaae308e7e90
SHA256180115fcfe4860e17b68c3901d19a4868a2967099b1fd6e68a00a3b10b6daf82
SHA512d519de2e5cfb2bfc8b6c34ee82ff091d371be7348d9181600c1dcf9ba4117f2b5ed827e6e2b0dcea7e2c49936495cd60da725b147fd93584817d6e8f6ebf4f22
-
Filesize
5KB
MD5e8ecd5b509bc9b025fb2b9d403666011
SHA1145964b1320347c2a48db07aa346b80e4eb0a90f
SHA256411beb4087b9fb646d6aa857e24e4c0c4a0fa8c2cebcb8b76596b35a27dc2eb6
SHA512f011042c4a2e8506ab485bdbea3129d03b599abfaaad5edc88559a742f1d84e2a8a62333ea4e86a7f627e5129cd374d5a9424fecaa2b213444aefbbf03b1cfc3
-
Filesize
24KB
MD5e664066e3aa135f185ed1c194b9fa1f8
SHA1358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5
SHA25686e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617
SHA51258710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e
-
Filesize
2KB
MD5aa0cc6cdf570e9914d5d0e126c01fd34
SHA134f7cb9fc3f869abff42d8654c1b3720dfcfcb8d
SHA2560bd99359594608cdc0c9fa60f1d9dd4fa2c8cc4e8b3948af826cb7b0255b7c81
SHA5120903fd1d107292f10e9f2165015b2ffc7b644663c8695e8a92c0b8aa65bab726a0785198134f9756cac2af54a2355b5b6c8d2bb0bb763269954e848746e3a9fb
-
Filesize
2KB
MD59208db8c516544a9d866f574ff693bc3
SHA1e6c824b7d0e1ffade9b52cd486fde323d7e31f5e
SHA25607bde45db10c3f732fc8bedf8e41b83c919cca9fffad5eecc78f3848ad30a442
SHA512dd720276188fa1e07931261449b71b5417ad4496e8501cbe0b95bf0bf47a1e58f2c290d56fd490851c6c33f2f2d768d8c0c165cc552681a54817ad47a942f3e7
-
Filesize
3KB
MD56c1e23db7686cec5ade1eb062e84c537
SHA1e214a8538b469bd21f4c1778224811a7bc1c5b96
SHA256acc40066595fb359929d7541a483120b328ec221cb20cd6a86c88fe759022f8d
SHA51280d28067d56d29374198c832ab1d8e3ff04346345ec437f5577916d0e7f1bc31c520c7d20151758d87c558b12803f58682c3a8c0c04dd2804facc95b13666846
-
Filesize
2KB
MD565ea36ffedef1007d37469f6b21f79d0
SHA1c0173bc5b00f121dc5797af2c7654afdf21198d9
SHA256fb15606ed461af6833c25f92a5b235c0f54f5d35c7c1072f796dfb8ed1c1d41f
SHA51270864a664472939b1932485a9802335309b34cbeadad32cfcdf778ad49a87e5511c96e7520928ca5ef82d0c42d47b54d41d56d3bd4e9203a4d836e52028c62d5
-
Filesize
2KB
MD5127ec4edcb50e95f7002e3fb0237b3c5
SHA17a05d3c8b8c5c9d6232c14a58343935b975d4a64
SHA256e77cea8883f3f7acb6fba8953cd69aaef35c3699c4dd30698a738df501abf019
SHA512df52c59f4fd7a3b73d3b86f482e5e6d81a4377bcf1eeea3094362a5482ac9f1ed95304cc5813f77442ee5b99d009ad6447304750e49b7cb517c68135b6b663ca
-
Filesize
2KB
MD5471bcdb407da783b17d394a243e63e50
SHA109c415108e2e0c52a1edd70890b07217b1a7d3c4
SHA2567f554041fedec67aeb0d7ba2c3ecf25f4b3c341335f20de16d500555cba13873
SHA512e5b3b1051dcb8e56be283df2b7a6ede4ef53e8af1f36c33f1a3097dbbdd77e09ec336b88290901448becd22b625ea5e746cecd5e8d23cfd04e57def7a9a712b9
-
Filesize
874B
MD5508713244f3f728186e20e3876aa2eb5
SHA1cc4c4732e3d462d3ecdcb573a48590f9ec051a58
SHA256373c32dfd235f96e69311a2ee12eac51658ed1acf21142cfb30aa48bcb355f71
SHA51258137119ed370a43676bdf4fa4492fb986a7b0339afa5e6ce917bd758f8dc6748a4af138ae426d90e7de042e51177ff2aba27f77ae587c23b8ce151b50f200bc
-
Filesize
874B
MD5a8a51410898c15e668eb441e91b584ec
SHA1a9ddf124bf0435657432666bc62744a101f8ee26
SHA25650da72465fddc19cf80bd77ab5c57257e511f477f68fafebc56509cd72bdaeb3
SHA51288a5bfbfc6d9a6435f71c0581d25d9d16dc1c2706641c6c39ce364c484e0b18e23d75f545cdea266b772704197c7b30a4c84c05e0ca9af06b8785df7cd4b4c96
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD5209750d347271b40b0596662b7432968
SHA18020c139859280b6e836deef633e1facc67829a0
SHA256f4e269e0dea5f3ffbbc0509c0143072cc368ec88603e426946d231166be38b70
SHA512bf9188a64e80e2faa18ef21c13c674a59674e14afa78f7845140f17969d25debe88639cd65a07ef73e27b17928790457d99ab73d53aedb5c05b3f93a254d2fd8
-
Filesize
10KB
MD58e99cada187947cf064ed440c4f3339f
SHA10082180889448a9c8863f4d456cb6cae67a951fa
SHA2565438e1cd8d5b11ae96fe9bc38d554379061a8d79d7c46a8616e0df81e52bbfa9
SHA51295270745c5ff2921e3d2c8a27fd030f8babfb40c9d33f7954c105117d616c67142c88dfbb51965d484c25c6dba40045ed9c63f8d3f1ba7d58aa4aa5809df1f25