Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
10/06/2024, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe
Resource
win7-20240508-en
General
-
Target
2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe
-
Size
258KB
-
MD5
5bccfa5d3d7bcee768187346a73608d1
-
SHA1
4ea22c666a8ffe6e0f03607e45a85deba5484cb1
-
SHA256
2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba
-
SHA512
28be9c9b18f9db60abb7b13ba92152278e650e59e76843bb4143f3375f23ac5e08cf45a209a13c4ca916e27555a45836ddd066544f9e9d6e4d8c49a4eac7e7e4
-
SSDEEP
6144:S+aezDQZbO5JCSZT0wwla4G13CmdxLzI9LTB5xnmT:S+aRbuJcfcXbz0Tfxo
Malware Config
Signatures
-
Drops startup file 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini Logo1_.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\_desktop.ini Logo1_.exe -
Executes dropped EXE 2 IoCs
pid Process 1536 Logo1_.exe 4496 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\H: Logo1_.exe File opened (read-only) \??\W: Logo1_.exe File opened (read-only) \??\S: Logo1_.exe File opened (read-only) \??\Q: Logo1_.exe File opened (read-only) \??\L: Logo1_.exe File opened (read-only) \??\I: Logo1_.exe File opened (read-only) \??\N: Logo1_.exe File opened (read-only) \??\M: Logo1_.exe File opened (read-only) \??\G: Logo1_.exe File opened (read-only) \??\Z: Logo1_.exe File opened (read-only) \??\Y: Logo1_.exe File opened (read-only) \??\X: Logo1_.exe File opened (read-only) \??\V: Logo1_.exe File opened (read-only) \??\T: Logo1_.exe File opened (read-only) \??\E: Logo1_.exe File opened (read-only) \??\U: Logo1_.exe File opened (read-only) \??\R: Logo1_.exe File opened (read-only) \??\P: Logo1_.exe File opened (read-only) \??\K: Logo1_.exe File opened (read-only) \??\J: Logo1_.exe File opened (read-only) \??\O: Logo1_.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jre-1.8\bin\keytool.exe Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\fi-fi\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hr-hr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\cs-cz\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\ca-es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\eu-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\js\nls\fi-fi\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\js\nls\da-dk\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\js\nls\ro-ro\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-il\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\he-il\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Windows Defender\_desktop.ini Logo1_.exe File created C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\css\app\dev\cef\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\sv-se\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\nb-no\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft.NET\ADOMD.NET\130\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\plugins\access\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\task-handler\js\nls\en-gb\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\msedge_pwa_launcher.exe Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\plugins\tracked-send\js\nls\hu-hu\_desktop.ini Logo1_.exe File created C:\Program Files\Microsoft Office\root\Client\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\plugins\audio_output\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\core\dev\nls\ru-ru\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\fr-ma\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\editpdf\js\nls\de-de\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\exportpdfupsell-app\js\nls\uk-ua\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\ko-kr\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\tracked-send\js\viewer\nls\fr-ma\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\uss-search\js\nls\ca-es\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Windows Media Player\it-IT\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\WindowsPowerShell\Modules\PackageManagement\1.0.0.1\DSCResources\MSFT_PackageManagementSource\fr-FR\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\Localized_images\tr-tr\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\js\nls\ro-ro\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Java\jdk-1.8\jre\legal\jdk\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\nn\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\VideoLAN\VLC\locale\pl\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\app\dev\nls\es-es\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\nls\en-ae\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\js\plugins\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer\css\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-recent-files\js\nls\pt-br\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\signatures\images\themes\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\images\themes\_desktop.ini Logo1_.exe File opened for modification C:\Program Files\Internet Explorer\uk-UA\_desktop.ini Logo1_.exe File created C:\Program Files\VideoLAN\VLC\locale\as_IN\LC_MESSAGES\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-computer-select\js\nls\en-ae\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\search-summary\js\nls\fr-ma\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.185.17\_desktop.ini Logo1_.exe File created C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\ja-jp\_desktop.ini Logo1_.exe File opened for modification C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\digsig\js\nls\en-gb\_desktop.ini Logo1_.exe -
Drops file in Windows directory 4 IoCs
description ioc Process File created C:\Windows\rundl132.exe 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe File created C:\Windows\Logo1_.exe 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe File opened for modification C:\Windows\rundl132.exe Logo1_.exe File created C:\Windows\Dll.dll Logo1_.exe -
Runs net.exe
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe 1536 Logo1_.exe -
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 4832 wrote to memory of 4056 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 91 PID 4832 wrote to memory of 4056 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 91 PID 4832 wrote to memory of 4056 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 91 PID 4056 wrote to memory of 1620 4056 net.exe 93 PID 4056 wrote to memory of 1620 4056 net.exe 93 PID 4056 wrote to memory of 1620 4056 net.exe 93 PID 4832 wrote to memory of 716 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 94 PID 4832 wrote to memory of 716 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 94 PID 4832 wrote to memory of 716 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 94 PID 4832 wrote to memory of 1536 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 96 PID 4832 wrote to memory of 1536 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 96 PID 4832 wrote to memory of 1536 4832 2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe 96 PID 1536 wrote to memory of 2032 1536 Logo1_.exe 97 PID 1536 wrote to memory of 2032 1536 Logo1_.exe 97 PID 1536 wrote to memory of 2032 1536 Logo1_.exe 97 PID 2032 wrote to memory of 3184 2032 net.exe 99 PID 2032 wrote to memory of 3184 2032 net.exe 99 PID 2032 wrote to memory of 3184 2032 net.exe 99 PID 1536 wrote to memory of 1308 1536 Logo1_.exe 100 PID 1536 wrote to memory of 1308 1536 Logo1_.exe 100 PID 1536 wrote to memory of 1308 1536 Logo1_.exe 100 PID 1308 wrote to memory of 1972 1308 net.exe 102 PID 1308 wrote to memory of 1972 1308 net.exe 102 PID 1308 wrote to memory of 1972 1308 net.exe 102 PID 716 wrote to memory of 4496 716 cmd.exe 103 PID 716 wrote to memory of 4496 716 cmd.exe 103 PID 1536 wrote to memory of 3268 1536 Logo1_.exe 57 PID 1536 wrote to memory of 3268 1536 Logo1_.exe 57
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵PID:3268
-
C:\Users\Admin\AppData\Local\Temp\2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe"C:\Users\Admin\AppData\Local\Temp\2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe"2⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4832 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"3⤵
- Suspicious use of WriteProcessMemory
PID:4056 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"4⤵PID:1620
-
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\$$aF57C.bat3⤵
- Suspicious use of WriteProcessMemory
PID:716 -
C:\Users\Admin\AppData\Local\Temp\2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe"C:\Users\Admin\AppData\Local\Temp\2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe"4⤵
- Executes dropped EXE
PID:4496
-
-
-
C:\Windows\Logo1_.exeC:\Windows\Logo1_.exe3⤵
- Drops startup file
- Executes dropped EXE
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1536 -
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:2032 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:3184
-
-
-
C:\Windows\SysWOW64\net.exenet stop "Kingsoft AntiVirus Service"4⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"5⤵PID:1972
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:1016
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
583KB
MD580b4ed875f0b2d49bc5ad056ea34e86e
SHA18b6cfd1956a55cc22cbdddc8799d571974d1f274
SHA256622c928a4cada8ca1f49b08c72266e229a183ca5ffed94f06b4ccfc6558624a0
SHA512d75ee42a91eff1c955cb3f41f944de6cacf25adc3079de910ec6fcfa949a7a6687a0c5091cf544fc0e7ee79151d47fa56f76186e06a08edf703ad8b19f78e883
-
Filesize
494KB
MD573b8afa9c3c287b59a05eccad6bc1d60
SHA16ae108be5c05fd882c422c37995c3eba370c41e5
SHA256b189f4bac49bd3e9d501b009ae20db1a60a6a3fa931118ce3fa918b3cfd4811d
SHA512685cdbf70d4829048d2f908f41c0de3edcc4eeb53b4852616983ca41d4428c787504e94c65329292370d355fdd90bad02a60834903279a917e0bbb814c17c53b
-
Filesize
722B
MD5e8c378addd1c8bb46d6b1d52c4801bbb
SHA1972d1355bc1939bfb93dcc7fec180b299fa714e7
SHA2565a85d2cb51c877865e70c1cd704642b1944a3bf769890cb10296d6c8cedf16c8
SHA5129afa7c684bbed53a61c40b2ede77439ef89e6aa73759acd1d31a568ccbca4099492c1ff88a695e9363f2462dbf1cc94d1d126e17352d797598ba15aa52deb14e
-
C:\Users\Admin\AppData\Local\Temp\2eede65324b2e8a57b63f82ae8cc812497596ccdf5da71e82a72228f74d542ba.exe.exe
Filesize218KB
MD55f1707646575d375c50155832477a437
SHA19bcba378189c2f1cb00f82c0539e0e9b8ff0b6c1
SHA25675d348a3330bc527b2b2ff8a0789f711bd51461126f8df0c0aa1647e9d976809
SHA5122f55dd13abfeb5af133ac5afb43c90fd10618e8fb241f50529241cff7987fff382cf151146855c37ad8ae0401b34f6d9aa32cbec03cdd67a224dfe247bad6c99
-
Filesize
39KB
MD53119e880ce5d6d029185f7ed591e11d0
SHA13ab197daedf94e992062faa4eda18905b87c75bb
SHA256b1eada5fd013195853bb65ee2b9fa55eb97840d20077d7a2fd43167800608eda
SHA51218cafd3a73312811037cb0e44a578670498b09350d72febd262d62528094b9ba738357ef861bb9cb7704097b9c930b9aa38ee5823520e22cf71d4ebb453bf4d7
-
Filesize
9B
MD560b1ffe4d5892b7ae054738eec1fd425
SHA180d4e944617f4132b1c6917345b158f3693f35c8
SHA2565e9944cc48c7ec641cf7b1b0125f47f26102c371a973612f0583f604bc3900d4
SHA5127f5c200924dbb5531df997e6a35cb94f36b54f5651284b0d6404f0576301125ef72b410a170fca889d46c033063663cfc7791f9e4c3c30695af069053eee66cc