Analysis
-
max time kernel
252s -
max time network
258s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
05-08-2024 00:57
General
-
Target
https://drive.google.com/drive/folders/19qwHb1eY11BlHHtF9MUW25XLteBZpIWu?usp=drive_link
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Looks up external IP address via web service 2 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 64 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 25 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs
-
Suspicious use of FindShellTrayWindow 38 IoCs
-
Suspicious use of SendNotifyMessage 12 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/drive/folders/19qwHb1eY11BlHHtF9MUW25XLteBZpIWu?usp=drive_link1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe24fe3cb8,0x7ffe24fe3cc8,0x7ffe24fe3cd82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1920 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2096 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5132 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2524 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:82⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6288 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6300 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6132 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2552 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6452 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6808 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6228 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaService --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=5628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7496 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7868 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,3259011770736383099,12600565928558776179,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD53e2612636cf368bc811fdc8db09e037d
SHA1d69e34379f97e35083f4c4ea1249e6f1a5f51d56
SHA2562eecaacf3f2582e202689a16b0ac1715c628d32f54261671cf67ba6abbf6c9f9
SHA512b3cc3bf967d014f522e6811448c4792eed730e72547f83eb4974e832e958deb7e7f4c3ce8e0ed6f9c110525d0b12f7fe7ab80a914c2fe492e1f2d321ef47f96d
-
Filesize
152B
MD5e8115549491cca16e7bfdfec9db7f89a
SHA1d1eb5c8263cbe146cd88953bb9886c3aeb262742
SHA256dfa9a8b54936607a5250bec0ed3e2a24f96f4929ca550115a91d0d5d68e4d08e
SHA512851207c15de3531bd230baf02a8a96550b81649ccbdd44ad74875d97a700271ef96e8be6e1c95b2a0119561aee24729cb55c29eb0b3455473688ef9132ed7f54
-
Filesize
100KB
MD5fdf09c3c067041ffdefcc9e1bdea9718
SHA1e31cf28187466b23af697eedc92c542589b6c148
SHA256144754d90b3eaad27d8a11c86faadb24da4ddc251bead8e43b9ed515fafb84da
SHA5129e32b294cfc17fd52fbdd62732571f4ee57dc0308d62af476331887d0e2446b483ceac06ba4617cfbb1c347d771c0f7ea12108bc384e93f69b180c7ca1a92268
-
Filesize
51KB
MD50a7c0eb14fb4f288d5c61cba111e3dc3
SHA148f6448938e1b8df723a9f7c6490a78887f240c6
SHA2568bef2cb55b40f46f7e2fadfe280e4c41b71a657081858a8224c6fb639d910e4e
SHA512a63a2651e36b03846d5818a4e03f7582ce95a34d9b4d4be9a5ee152ce22c305a14fec2618aa3f904495bed4c94a3256951ba75dbb0fd0386b3f570096ad4226b
-
Filesize
51KB
MD5588ee33c26fe83cb97ca65e3c66b2e87
SHA1842429b803132c3e7827af42fe4dc7a66e736b37
SHA256bbc4044fe46acd7ab69d8a4e3db46e7e3ca713b05fa8ecb096ebe9e133bba760
SHA5126f7500b12fc7a9f57c00711af2bc8a7c62973f9a8e37012b88a0726d06063add02077420bc280e7163302d5f3a005ac8796aee97042c40954144d84c26adbd04
-
Filesize
1KB
MD5f4127a260da53c6fa4c3ac43f06818a6
SHA14296c4030d647b1a21982ae7d2827efb5c08a303
SHA2561ec3c8951a855ee6142cc108ede8de445bafd7c1d1129418a2a6ab1011499772
SHA5121863af47cb22201909ba5a02d3c7c37b58bbe48c72fce0c10a85d11328a111dbcd0d418a4677aca687602ca6674094732d53459b8bea64a05a6241593fdddd39
-
Filesize
5KB
MD5784289cef130908d4e387c4ca15f0ba8
SHA19e7c53565232ca77c5bd772a85080be00a4973a8
SHA256732d0ae57b88354ea984de31280762691be6729b67b4ec9a541bcdd49d28bb9f
SHA5129cfffac65c06c004cd5cfd65485806a4dd9b0447297af30aa92a63ea457b4580515f8e1d99dddc091efc0c103134722d9c219f03a559c92079c95d9b1b7ff90f
-
Filesize
5KB
MD5f505d6c3c4180afde81f73d019bc6639
SHA19e5be4edce5112e49d02496ba0db02b6e012f07f
SHA25663dd86b3895449042270e2bd23ba9ecb84aef7ff19655a9fa3034adae4db16d9
SHA512a1d47ece5208e316c46fee38eb58139f9ce0a4ff158fe8aff2fab556ccd7f23f71e0b21682fc2b9768970f2842844d6f6e82cb86c13726a6631f5ca5081f4047
-
Filesize
1KB
MD51b52a84972a03a10c00e6a70a596b7e3
SHA1c7f1b98e90766c4182dee3e929d0ab448787d9fa
SHA256afb7530931b08d800658da827cb4f643138bd963f10bd210c5b9d8a6f3c7dfe3
SHA5128b095e24d6857073e3f79f343661441ff1d7b84d8711bf74926d2081b3569fd46b91ae04ced37fe1fa17cf38a47fc58b5c6d98ddcde923087f3cac3474e9f0fd
-
Filesize
745B
MD51a9562769a07c736523bc7e4067e32aa
SHA1f28c3facd532caad902f69f004f4db70c8aef547
SHA256bc4764767db879030d96d1b28abcd77cabc70ec7d20e0e653a926ae43da9a3fe
SHA512e3f2eeb6a9a1d457c1e516d20e699812a95706460d71990fbdcf095aa7d1df1fbb51f11e6f723ef6440bab3e5447ddaf0d9a7744328d8fc3605765fb1ea45031
-
Filesize
1KB
MD57ee2a4110486907ed310e7342c3d9a3e
SHA1e2eb1984bbc66b45ed39f5208a0f177a8fa6cbc0
SHA2563df5063811f2797b8dd4b02ce3aa85418a6eadbc37a5975c41a38d627e4ea36f
SHA5121930b456cf5831725fca83122b0f894162214fa75f37930da4ff7c793f793afeab68cb5a8b488ac057ace71d4e613d1b31a851f2195f8ff4142913bb55808abc
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
3KB
MD50e84b851fc0f3765f84d98c14c66771f
SHA1928293457f8d17a224a5837b4d8d57ab0fd9e6e8
SHA2565f7d6f077243e9b4c99300247561d3ffba567fceff777589463fca5b8e0eeda8
SHA5129cded16014122ce5699b87bd31032058c28daccc75f24ade559b0c248046e4521a220eddd12c4f739dc6bb718717ad4e872e7da2b1094f5fe7a4202172b289e9
-
Filesize
7KB
MD5c7f97b931fc839b3606e3c8712a4c93b
SHA1ba4bf1c25b0224361b62d0415e58dda8d4b45b3c
SHA256393589120998365c11e51bf3625179d76a52272b92a31bd90d88e84676305ab2
SHA512081b2419a35cb5e593f6623f159c8cd3de2a81db34fa154c3ff7fae07046969fc8e97dfc12e06da0a628e88a76139e8607f3bc80147b2b88b8d9c01b307ef666
-
Filesize
5KB
MD5c08345af97e3a097483ff059b883d19e
SHA1bcc588eb33de8f4ad74604dd3d4ea1fd95b9282c
SHA2560310e4b623c01cdc26a00eab9e7263e593b2a112708aa486f3c3f5adc800a4e8
SHA512a5701157da294bfc3051ebfdd722dc1c4aba6c06d0aa3e3f91e37a9fb22b8df83f46aa7bdad52829c655b4b9c7364d75064bb9557f0ad299fad90b838d3f7a4b
-
Filesize
6KB
MD5ecb560737d0aa98b1ef6b48e04c38cb5
SHA1e3603ffe508501495e00673648429dc7fe3e3c9c
SHA2560bab14f75035890842a8d9655e87f7260776aa25cf3205fe088d2da194918d77
SHA512949bd51ee1bcadf24b469e8c7a97143f4c03f9c7702c8a2e5267cdf2f97f26b9ed00eb4a24ebfaedb51fbc90e47342aa1e278a4c66cd3fd3fc164655ba4b83ab
-
Filesize
6KB
MD5ac5b42613daaba6aa0dab584aa7c3321
SHA150855486fc21fd18c5e2feb0f973e6cd5672d41f
SHA2566ee6719a12fd8cb14804f6c9361dc6ec84a930c878de2b6ea646f25962724fed
SHA5122675cc3f381f565f175f76ceb1758f8bfdbd5f5a2624ff8d0ea811ebbcbb14eaa68b1eae176761a875415abf5be09ebc7bd22517fb883039e895275f9eb95729
-
Filesize
6KB
MD526d1c7c3baf3c70ed0bd91fb96e2338b
SHA1322ec17674733b118caff438ad05c9253b61121c
SHA256e9275a4355a50db39581db8773caa4d2d5d88ed3e1ce200204c8e0c2a22b3b6c
SHA512976af2d6f217895ec903db2c0311ee7f23ad9d850f71ebdcd39ad658ab842a7375aa896bcc09981b61a7382d83aa7426388607a3ca2603a84474c4180d2dbb09
-
Filesize
7KB
MD587242c0e6718fee4429808d893042178
SHA15ac3bc3d33e9406367474ef6b0b9cd2628a2abb4
SHA256c7086cf74b5de742678a0eb92634a903a2eb7739dd950be205f0ee2dd64ffea1
SHA512d6df2ba8edb5f3d47d8a1f9bc6b58fd9ce7b56d8e2233f215d42d5fb09af9615c23c35c28bf21b354e47525d5d8fcb81beb8361af3aa2885708e7316c6752d6b
-
Filesize
6KB
MD5d5c2677cd3b5edd6ea388cb739adc7cf
SHA1c3bfdf8a37ac48fca5304880f13a27ed63da0a7a
SHA25658c72a261d093c72434019a9cac4d10b159466170723552b03652b9cd845aae7
SHA5122dccaad0f4c557fd01ea6e4bccf880f6ea773857ab68ee1d071ca562344e5746db80f2a21ecf5076c96e8783a892d9ae25b456b6e1cb17f68efe8f922ffc8881
-
Filesize
7KB
MD549a0a69f538fcf442edaf6591b8d6152
SHA179993456d3a0c2bf5289f366cdb036ec8673505b
SHA25615b4b63d725c27770d5b3eed49fdac9ff6f9c259e4f5e21a35b1c49e2e6d013c
SHA512a70112e222d48118dca569052cc3a46cce4decbf48edfe26ae9e22bfaa8f87bb024f5f8638fbe3e87bff9849467b613208a30ebe1c9aad739628891744b23415
-
Filesize
6KB
MD5c358a308c6ef3e187df1b11a9632a55a
SHA141081a464bf29898f477b60942ffda5bdf9114d6
SHA2569a03fa54e8d69f2f4bb2a092b7dc2d37b217479fd6376ac0fc8d09535092dace
SHA5124fa796f682716cb9c90a183c216a7b83a9c79ffc5b8978e3480dd1780813a96d2f685b52e3d15aee597bbba09dc3dc475bc9aae285146a4852ec94f34c90e81d
-
Filesize
27KB
MD5564721a836ed6c39e47a99f5451a5b48
SHA1a721c439b69cd1660a52d4e929fe729acc556ab7
SHA2561ba202006dbd995443e94393242b5e2594a956aa359d5b2c33cd5c753da96248
SHA512c5df79e331c9b8149b550af4a10b2cbca3d577bc48cfc312548e08d649470d0686a346690cac392eba8ee2bd0a955db775e0ca062689cf651e795bcec4696b0c
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
1KB
MD580a84d37ffaaad4abc023e77bb1c8b2c
SHA1759b59ad5c0367784424b578029844d611548de0
SHA256715aea8156265c4fc94f4a54c5b96b13414850af566a5a0847609670db718a68
SHA51216a7d2e64dccde899cf4ec1b506970e37c4416c7ea56f82c3eb8de60f618d19b28e5b79f45571de8d5d676754c2d22cf8784f59a0a05336650b4b9ebff3ee189
-
Filesize
3KB
MD53e8c21a1c894b1c95f2e0a24dfc53110
SHA136cda471bca76bc810d663f407d7f45edd8c6e8b
SHA256bbfe20a7eaa187ae580a171a45cc79d21cf4ca394c37071bb8c1379ca704b30b
SHA512d4b1e77a5e55f13b566fc8bfadc50293dcde815e8fa5d8fa1b101c3c31427a9d94d97bef82032862a9230bad511ea7fd27de8aaf2d25d9f4a621c24730a11baf
-
Filesize
3KB
MD538c00799e81ac3df832398263e4b410b
SHA1e66dec2a59b4c4d8a52e8e1821974f4eec74ced6
SHA256e9d970c0738584f9ccdc6b71f13bf45fb55f16fddef74e7bc0b79b783a7e8d5f
SHA512a28bb1cf46a6e92dabacf175108a837c9aa55755a1ad7c042a316e606fbb4b720c04f00740b5a3cb5efb87e59d5c2644663f9b3d7ea4fb93edc29e7608ec6e72
-
Filesize
5KB
MD533a54f1676bb10584859ff73f3d4c455
SHA1d673a0e193978fe9826559985fee06dbece0d9d7
SHA25622a673604eb8a296d489adb41c0c838db404ea44f6b2776fb9bc47f876c66a4e
SHA51239f37a4f783432e919b29169df417334d00a5f3d21d510d93a420bb1f5f84306cfcd77da6051b9b7fe6f41922f588c35283eb8fa16a7ecff8abbf81cf6ed3f30
-
Filesize
1KB
MD51ed0f890221047d834bb3609d81dbdba
SHA14666b5ec9c44f6118ce5225c5f9b236a3cad2eb2
SHA25687e86626e2a5be14ba9d37009d32c6d55ababba934acb95d415bd96ae71338d6
SHA512d852198380788e686c2dcd8331e787ceea5385404c2f17f19fb62469e7fa19325fdfb740fe5fff04cd2e3c6c8b283c69869d73f962ce8884fdca1672edefb4b1
-
Filesize
3KB
MD5557d7a478643fc3e79ccf20cc971899c
SHA1b98541d8838fe8e62099712e8bd209e6542df2a5
SHA25670a8e44658dbd94f036fbee7afe028337e105c1abbfa506dad7215cadf591138
SHA512151f9a4b07e949157c5eb8934787f3d2ff17efda1797f65194253d06f16c57c9cbf8501ad0c5912bfcb4e964e8b2cafa35eb3d77529e8c092ae8c5175e2eed4d
-
Filesize
3KB
MD517211048865b44b41de758ca6fc441b5
SHA113cbc95fd5d12f2ab59947b23c7e139bb70b82db
SHA256bec48b1b53cdda73b885b6a59296df14b627a091a16a5e0d2b9bd8e113774fa2
SHA5121577544c7457efa5ba8743d2842746858e57ebdd13fd98fc13ba7210e4feffe5947f78cf2335c84eb6424b365c842352e1709f6a250d01e5379589aa3e95a718
-
Filesize
3KB
MD5bc93187803b187297961b9baa45e46ab
SHA10d8c2be5c437fbcd1b7e2973f4755423b2e2fb05
SHA2562849788003abc509a6a68053cb8cf635362b795ed5f75d88231b5723cd94e9a0
SHA512692cedd1318fee4a56713f25e5a857df3e30e43fe40d6d06b847d0fb55e1ccff00643d88454ec745ba3d37f3dc9cee07a710209707ac01e1c60c9d16f4e318d4
-
Filesize
1KB
MD5b2f7b4a8f0c55b13708b342239b509a1
SHA1873e720a14639e47493f87aeda74585b6c740914
SHA25659200bbe6dfe7783cd26d5e7de0f86ecd2c3202a5dbd4256d28b66444140bfc8
SHA512d4e0eb2fda7301ff0020bc9e03edfb46bc0d37751a38a9cb21ce61f5389932161a1a3eb4191b68081f5b2a706bdb0ea18c11c77c9b8b6eebeb1dd771985664d5
-
Filesize
1KB
MD5cdefc4a57774a9ee8d47ba116546096e
SHA181cd4fb7b1b2e2c77c64c4b36a60a11df59455a0
SHA2567a2b39fd65f7d93c93c585c1decfb1b218bd16d91a49f0919480789d049a63cb
SHA51252b7137e38e997fb909c905a0f5f331bf5782e40a4dec891967333b58ea9796d63732c8b39e11269762b0ca2a0e1c80513bc651d0bfd9520baa28e565b3f9520
-
Filesize
3KB
MD5e415a0fb77fb951508072110095ef2ab
SHA1ccce19581496f4b66de8f09d5c96574a9bca9b7d
SHA256fc2e0ecbb0d4e0dd00889232d151961e7d5e4a68b7d749ee1f6082db1b681e26
SHA512ce1453733613b1339373b010bb80070bf5a65b13bf40a19904285bd20f499c2910c11b5c5fc1d257205b33992cd7796da7c3d41375c37a5786657530604f0ea7
-
Filesize
2KB
MD5e35198c4cbe630f8c1f238e4a969b070
SHA17b07f08f4235af284a25d401eb68a59e3743fc2b
SHA256bb2bbc724cb7a545ddbddf00582ead0eb3b2e8972146b89bd31ee68c5c87297c
SHA51253842ad75bd5e9c7b9effe6b2611be8f6bce5d61bfe53846ad8d702585135b656ed0eeac2053dbeeaef451d8e784f2bb2dd412535c31e51346fe2788f2a4b23c
-
Filesize
1KB
MD525a2e0ae15f2215a80747c837220e577
SHA17cc4522ce5da248a951d0bb71eb9c515abbaf968
SHA25669e80f199fc347f658118d9ee5cd394d0f4f254b29fc8d0c2a121ff59284ff88
SHA5121ec8deab305ed72d9ed6632209b7d7f19448d7f975328db614a1c9ed91fbd03ec44c719cb78cfd848553a9cb71feda73c6c7efa1a4cfac48a592fe5f561a9f7b
-
Filesize
3KB
MD517e3247fb9d8807eb456631b6f69bdfc
SHA174ea2d7f852d2cfbd14a56ec44abfffbb3aec238
SHA256291259a74baaaa6a3292c5747e4f22b72b335368e22834eec16bdf96e9d3cdbc
SHA512596380147d3e3a3369e1eee06d8272899d004d188e71fa4ef71bd2efc085694b2211a0d5a5ba4b34c7b552b26dc7f690a9efb46fd479bda56932f4233417bf5b
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD52603986b7d882cbda1e3744233ca5f06
SHA13da80c4afa8309e92b28f40f82110a0662f8a330
SHA25632486f32aa6e5ac6766f8ba6c80ac9fd6bfa551f42144fd5400b702decd3d522
SHA5123700d2afb26dc608ad867c25436172711050cbff6f1bd5d936d69ae7dd3a95794843943c96b50a600204489a117ed97cd3c293e6c9c0c105aa0c5f3ab4107083
-
Filesize
10KB
MD55d67165601f34a32c9cd864a9391bcd9
SHA1db6cbd6c09ab132114181e502743a6d7cb85c5a2
SHA256302b5bb35ae97660ff0ba00feaffe99a83ed24eabf73b462254c9bc54d462ffb
SHA512984763dab22a2769704d460ef38e3cc6d25e0b16eea2a61e1cbcdeccc6ee519e6ca9d5b840669bb4c27cfa4bde3569309abc713844a734642d5a02019c9770f6
-
Filesize
26B
MD5fbccf14d504b7b2dbcb5a5bda75bd93b
SHA1d59fc84cdd5217c6cf74785703655f78da6b582b
SHA256eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913
SHA512aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98
-
Filesize
3.6MB
MD51e3d838dd024c62b0545b14237f8dc23
SHA18490fd7bed697c3f5cad57266b2232dbbafd9d92
SHA25696e27fe05d516353e8fd7b0fcc4798c03e61d65fdaee2f7b9732b95f4dcaf91f
SHA512813141962cc11542f7279e4d1726249520e5b86f9d6330dc00bd959c50418adfe62fc45d498fa226654e466b4ca17cd5cb9dbbf5205450548ed79fe6337d5724