Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
20/02/2024, 02:43
Behavioral task
behavioral1
Sample
Star.exe
Resource
win7-20231215-en
General
-
Target
Star.exe
-
Size
266KB
-
MD5
4f2d0374f93b4079599cd3be7293c68c
-
SHA1
28e6d128300a2a25203d39f492503b0391932f51
-
SHA256
7e5a131d6b76fd964d4947b9c060fa0ff827162cb5047a9aa7edbe4dc5a91f66
-
SHA512
7d3b853d1bbfdcbbfb7d5aff8e595590a0f1866459b80ca7822c5fbab1e5043c99e70b87f71cef4033dc4e1fcdc864b0fe0c3e3b84ad595a445092cff35fbfcb
-
SSDEEP
3072:k2Jog9kK82e+i392qYpQZCi+oynzDQjj5JWCnWdZN7/VmtgzExXB+btwBtIxY8eM:jJo29yXZYmCnzDQjjLWNRmTd98e1Zl
Malware Config
Signatures
-
Detect Umbral payload 1 IoCs
resource yara_rule behavioral2/memory/1028-0-0x000001D3F26E0000-0x000001D3F2728000-memory.dmp family_umbral -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 1652 msedge.exe 1652 msedge.exe 4172 msedge.exe 4172 msedge.exe 1944 identity_helper.exe 1944 identity_helper.exe 3412 msedge.exe 3412 msedge.exe 3412 msedge.exe 3412 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
pid Process 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 3372 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3372 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 1028 Star.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe 4172 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4172 wrote to memory of 5088 4172 msedge.exe 94 PID 4172 wrote to memory of 5088 4172 msedge.exe 94 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 912 4172 msedge.exe 96 PID 4172 wrote to memory of 1652 4172 msedge.exe 95 PID 4172 wrote to memory of 1652 4172 msedge.exe 95 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97 PID 4172 wrote to memory of 2548 4172 msedge.exe 97
Processes
-
C:\Users\Admin\AppData\Local\Temp\Star.exe"C:\Users\Admin\AppData\Local\Temp\Star.exe"1⤵
- Suspicious use of FindShellTrayWindow
PID:1028
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4172 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff834df46f8,0x7ff834df4708,0x7ff834df47182⤵PID:5088
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:22⤵PID:912
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:82⤵PID:2548
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:12⤵PID:1464
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:12⤵PID:4300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4200 /prefetch:12⤵PID:4344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:82⤵PID:4904
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1944
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:12⤵PID:4508
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:12⤵PID:5016
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵PID:4868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:3512
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:12⤵PID:1348
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:12⤵PID:1460
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 /prefetch:82⤵PID:4740
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1800 /prefetch:12⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵PID:3716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3512 /prefetch:12⤵PID:4264
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:12⤵PID:1504
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:12⤵PID:3900
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5208 /prefetch:82⤵PID:400
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,11482872101814612238,14128427513827933734,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6564 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:3412
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3192
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1460
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2f4 0x2f81⤵
- Suspicious use of AdjustPrivilegeToken
PID:3372
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53e71d66ce903fcba6050e4b99b624fa7
SHA1139d274762405b422eab698da8cc85f405922de5
SHA25653b34e24e3fbb6a7f473192fc4dec2ae668974494f5636f0359b6ca27d7c65e3
SHA51217e2f1400000dd6c54c8dc067b31bcb0a3111e44a9d2c5c779f484a51ada92d88f5b6e6847270faae8ff881117b7ceaaf8dfe9df427cbb8d9449ceacd0480388
-
Filesize
78KB
MD5f3e6697902773ca97e32a62ab8b8b3e8
SHA1d1fd8ba462ca2689c042180c312208616b630c32
SHA25638f727f0f31d62c93d482ca209551103df8a842709d1b31c8332f08fdf22a186
SHA512355be915fa1b5b4aaf8bd5754cff21a560df19c3a1a8325151244d004f793f0bb853fe858db7e382926fad32ad3061a347fff1f40fc305a26a43482cac7e083d
-
Filesize
19KB
MD5138da7bd71a4ac24cb796615b49907b8
SHA1097a9d62b8774383e2a34ea2894be5ec35a74c20
SHA2567b06941157e843ea2e2b80f132110af09f72b143d65a78c44c36556174d91b89
SHA512d186fef1b52a2d03b226c9645116631daef86906f5c5c74a611325682fbcfdd412eab14d8912b87e5a1630fb3b9d127eb4d3fa4fe425d1ce011210640fcfea0b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize408B
MD5811b9c1b9e1f1f587acf7ad325e666f0
SHA13fb44ded3b7959759720fd7ee016a14070a6c38e
SHA256c60d64b523680d30cad2e6537f3f4b0c0e26f82bd5b936dacfb24992ea89331c
SHA512b2f56b1c74abfde00fe37bb82b03838b0e991732ca14baf551d413f32010ae946f084b622a239fee10d04c21cf94a1f0f7487e653dfcfd20ee85d1fbd91bc2f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize816B
MD5645cec04c4b23025dd2b8d87783214c4
SHA18b3648946c1c391da3c1c2a8276fb24b12c2dc9e
SHA256601b02bb1faeda4087564546f52f71ef82dc063f920cb9c7650fd4e227e21e30
SHA5129dad4231ae60d7dafe098e142aaa3f83de334cf3efa3ea0f35824e41a3d122f68af8b9f11ddc352be4ad575e3f23f5faf55fe7e4c179907995acd2179fd0ff67
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
2KB
MD59eb9f5b67ac6fdfb9489a160b364f35d
SHA18b6bdbfd4ecedbdc1364e6f94a74159e073ed3c8
SHA25634989e4dcdbd1720600bd9ab47fa51417f74647aa2d9a86133a098a0055b8df1
SHA51274bf294699c4c62af575160cb7bbf8f8bf7ca1f12359ad75f44fb63554193b3a36fd503d20f2ff9d653a238c809ae99f186b4da708216a31830b83fb59bb5c5e
-
Filesize
6KB
MD53aae1d0c5065a447b188f42e730c6253
SHA105ee85f711117cce52c01339fc439084bd3108b5
SHA256c2f296e76a8c7ce2ed773619a85cb37a6e88686dd2497b1c57644ec1ebd97d42
SHA512fe1badd47db39bb0f00f1616e99c2dc5c77b3e9aa01e1f276f4b827002b17c2a827d10d02dcc6de49a811a7f103c3968283a111914059cf62b17eb445002f529
-
Filesize
5KB
MD50bba96e12e3659788a1be284553de941
SHA1050d59123f969d72364bb56deec2504e6dc95a48
SHA2561d8334367fc7583c4b6477a6970e4b540a691e455e716e707a872d9800fc565b
SHA512376400e93a42476d7f2c146602daa45f2a58977b49138a0a69999f551f8d06ae1adcfb4297d1ac7378bf26105be7d019080832cff8ee9b6c5a29178d8ed83d06
-
Filesize
5KB
MD5634658cc5dde16a11b87fd5dbec7fa5d
SHA1a6fa96cae7bb83bf79b9d40f7633bf69b0b05fbb
SHA256dfac3ee2e80ca54791a8a9f7162e44ccf22aff03337b70e84efd353c1ecdfa08
SHA51218b25c17597d0e8f488dcfcb40f740f4b6b4034ff9894ee0c0693637b9ac55135c8de91db733c7a0ba530bcc68ae0dab39772979f763d2926e18988d54c622ca
-
Filesize
6KB
MD54a146418ef8c0f579b2a8d39f4aa5891
SHA196efae12c718c49af80b41dc65a2487c4a139803
SHA256986e9b402900ab6d946be8f46c45420d8d17c330b8115a102c3b016c3fe3482a
SHA51249468135c94d031c66fc991f57b3ed8cd11780b8c86a3bbd2e3c56e6812e1d6656acc7dae204f2d2afc02677cb25c3d315aa2fefe4585a0c286d814b57aeefee
-
Filesize
5KB
MD5d6dd3af21e305a6039338b13d2d315e4
SHA145b2d85e5cd5c93615698153a427831130aa625b
SHA256486ba3d66cb137b827dd5b175cfa1416a1de634135dddd4ee1912c0cdda236b8
SHA512062f4f27af3d7b4f06bb04bcc89a293ca64becb101e6351b052226283812c18004078ce3193628fb3e57dda72e5ddefeb0b799d93ac97a01ec5e83462ac7575b
-
Filesize
6KB
MD51355fb079cab98ad23fb7022e0e516e7
SHA116e4045c88afb746acc2002f97cd53c815868115
SHA2566b610e18148ff276b7a47d66d9dd5f386dbd9879ff444583b439334c265f52e2
SHA5121b3743c68b6be2551641d11f3b51867afe4504ae822cfb85b9e589ec2e91eb95255637f5488644a76f60ab2fca2f3d3f19c9db7d2aa5a0a943164108b9964c48
-
Filesize
24KB
MD51b1b142e24215f033793d1311e24f6e6
SHA174e23cffbf03f3f0c430e6f4481e740c55a48587
SHA2563dca3ec65d1f4109c6b66a1a47b2477afaf8d15306a523f297283da0eccbe8b1
SHA512a569385710e3a0dc0d6366476c457927a847a2b2298c839e423c485f7dcce2468a58d20133f6dc81913056fb579957e67f63cf1e20b910d61816210447cd1f1f
-
Filesize
875B
MD519eb381b7d30ff0792231e5a44cc6e16
SHA1b303dd8df20232bd5056cc0318600447f696c168
SHA256ed43e9485eb68e5969196a7886b2dab7745a913f4a8fdc8405496742617e87ae
SHA512983d956459c15db2ea3a96a3e89df75042ba1c8b9b5fc9c44898fd681962d1fad69b2e875be3ed3107a6ac3fb35425af70b1b236c169e6f461deeabd88dc211f
-
Filesize
1KB
MD54709bb2a1a244d4de8fced3a233b4993
SHA14bfd1af55b92016853372b4380dba9a04ef6c9d7
SHA256b2d02ea7e6c4563143fa78ce70e138d8a33e4955328981a80565bad89959407b
SHA5123b5a01603335af9d1047745dc773d9303e3600759cdf09fc830c6e82719985a76da790c0887908b3a59e5811c04e00280e2a004c718f15040d80123f8913f379
-
Filesize
875B
MD5095381e90b2f33a1b7724ea321a561c1
SHA1347aceff16754afa44bbc3641356252a71f72fbc
SHA25684aaa2542ebdd086507f49582c9d116e59a70d054bc73a9785699c34a62ab878
SHA512c0760eb439f007f49443098996c091b018ec4eeba5863f30f1bdb5840e7bc9f884b2089b55543574591801b321736aa3359daab4fd3d23b14ba6146957f2679e
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD533bee0e1013bd82606e11f06a5a2d570
SHA1386c641a8e4ffb7fd8e2fd8bb1f62df97a1c6479
SHA256f289f53b8b57e87e18934e57565bbf0d93c854dc6858be284d0638b9e8f8a9b2
SHA5128e3af1fe057fc270eee8e3ea9959fb04406c33b520667f82fd6abab9c38b229264c0aa247283e600aae2d4177f5671d2e75c8447c6b96224741484c9a37dfc02