628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f

Analysis

max time kernel
1s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2025, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
Size

2.4MB
MD5

661b96903bcc280477687eafea94490c
SHA1

bf768cc4b289bfcc55ebb1d823ddb59528406987
SHA256

628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f
SHA512

d8047c23478d80abdbc751a0c01441884e726ea7a40ac0301865278f83ad921e39ea0a866b904ad1f5df3b35302c2d332f61992d5f1ec8662ac0edea95e50f61
SSDEEP

49152:B1tlBBduVcFQbsnk62zHznhXT5X1H2GNTA1w4sJi/SeItCVbNdk1:rPWbsn+hD5zNTA17sJi/SeI4d

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
1144	alg.exe
1732	DiagnosticsHub.StandardCollector.Service.exe
3444	MicrosoftEdgeUpdate.exe
2728	MicrosoftEdgeUpdate.exe

Drops file in System32 directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
File opened for modification	C:\Windows\system32\dllhost.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\2db7dd91956f5279.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
File opened for modification	C:\Windows\System32\alg.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 3 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
5316	MicrosoftEdgeUpdate.exe
6024	MicrosoftEdgeUpdate.exe
4300	MicrosoftEdgeUpdate.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3100	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
Token: SeDebugPrivilege	3100	628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 2728	3444	MicrosoftEdgeUpdate.exe	88
PID 3444 wrote to memory of 2728	3444	MicrosoftEdgeUpdate.exe	88
PID 3444 wrote to memory of 2728	3444	MicrosoftEdgeUpdate.exe	88

C:\Users\Admin\AppData\Local\Temp\628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe
"C:\Users\Admin\AppData\Local\Temp\628dde147c3b18a471af97a23d600f929f4cd395a330628bad79ef36781bcd9f.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:3100

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:1144

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
PID:1732

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /c
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2728
- - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ua /installsource core
    3⤵
    PID:4712

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:3016

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
PID:2592

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
PID:3436

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
PID:796

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
PID:1392

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
PID:2408

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
PID:4580

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
PID:3192

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
PID:3456

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
PID:3760

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
PID:2576

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
PID:4280

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
PID:4388

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4304

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
PID:2868

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
PID:4640

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
PID:2588

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:4904

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
PID:1976

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:920

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
PID:1084
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  PID:4652
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  PID:1116

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
1⤵
PID:5332
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODVENTBDRjgtRUNCNy00NEFGLUEyRTMtNjY0OEE0OEVBNTEwfSIgdXNlcmlkPSJ7NEVDMDA1NDQtNkEzNy00MzJBLUEwQjktRDIyRUQ0RkU0RjhBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7OTBBMDQyMDEtREM2MC00QTE0LThDRUMtMThBQjlGRjFDN0I4fSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMyIgaW5zdGFsbGRhdGV0aW1lPSIxNzM5ODA1NTU4IiBvb2JlX2luc3RhbGxfdGltZT0iMTMzODQyNzgxMDQ1MzEwMDAwIj48ZXZlbnQgZXZlbnR0eXBlPSIzMSIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMjE3OTg2MiIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTMzMDYyNDg3MiIvPjwvYXBwPjwvcmVxdWVzdD4
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5316
- C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C77A52F2-D46B-41EA-90EA-DD2F5835D0A7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.45.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\Install\{C77A52F2-D46B-41EA-90EA-DD2F5835D0A7}\MicrosoftEdgeUpdateSetup_X86_1.3.195.45.exe" /update /sessionid "{85D50CF8-ECB7-44AF-A2E3-6648A48EA510}"
  2⤵
  PID:5912
- - C:\Program Files (x86)\Microsoft\Temp\EUD27E.tmp\MicrosoftEdgeUpdate.exe
    "C:\Program Files (x86)\Microsoft\Temp\EUD27E.tmp\MicrosoftEdgeUpdate.exe" /update /sessionid "{85D50CF8-ECB7-44AF-A2E3-6648A48EA510}"
    3⤵
    PID:2416
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regsvc
      4⤵
      PID:4644
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /regserver
      4⤵
      PID:5444
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1036
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:3364
    - - C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe
        
        "C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.45\MicrosoftEdgeUpdateComRegisterShell64.exe"
        5⤵
        
        PID:1504
  - - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
      "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDUiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODVENTBDRjgtRUNCNy00NEFGLUEyRTMtNjY0OEE0OEVBNTEwfSIgdXNlcmlkPSJ7NEVDMDA1NDQtNkEzNy00MzJBLUEwQjktRDIyRUQ0RkU0RjhBfSIgaW5zdGFsbHNvdXJjZT0ic2VsZnVwZGF0ZSIgcmVxdWVzdGlkPSJ7Qjc3RjRBMDctNDNGNy00OUUzLThFQjEtN0Q1MzJGOTZEOTExfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQ1IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjMiIGluc3RhbGxkYXRldGltZT0iMTczOTgwNDgyNyIgY29ob3J0PSJycmZAMC43NCI-PGV2ZW50IGV2ZW50dHlwZT0iMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU5MTg3NTAyMiIvPjwvYXBwPjwvcmVxdWVzdD4
      4⤵
      System Network Configuration Discovery: Internet Connection Discovery
      PID:4300
- C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
  "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7ODVENTBDRjgtRUNCNy00NEFGLUEyRTMtNjY0OEE0OEVBNTEwfSIgdXNlcmlkPSJ7NEVDMDA1NDQtNkEzNy00MzJBLUEwQjktRDIyRUQ0RkU0RjhBfSIgaW5zdGFsbHNvdXJjZT0iY29yZSIgcmVxdWVzdGlkPSJ7MUNDMzQyQkYtM0VFQy00Njg0LTlCREQtNTEzRUVDM0YxMUEzfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjgiIHBoeXNtZW1vcnk9IjgiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O1ZQUW9QMUYrZnExNXdSemgxa1BMNFBNcFdoOE9STUI1aXp2ck9DL2NoalE9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0ie0YzQzRGRTAwLUVGRDUtNDAzQi05NTY5LTM5OEEyMEYxQkE0QX0iIHZlcnNpb249IjEuMy4xOTUuNDMiIG5leHR2ZXJzaW9uPSIxLjMuMTk1LjQ1IiBsYW5nPSIiIGJyYW5kPSJJTkJYIiBjbGllbnQ9IiIgaW5zdGFsbGFnZT0iMjMiIGNvaG9ydD0icnJmQDAuNzQiPjx1cGRhdGVjaGVjay8-PGV2ZW50IGV2ZW50dHlwZT0iMTIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjUzNDM1OTM3NzkiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48ZXZlbnQgZXZlbnR0eXBlPSIxMyIgZXZlbnRyZXN1bHQ9IjEiIGVycm9yY29kZT0iMCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTM0MzU5Mzc3OSIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMCIgZXJyb3Jjb2RlPSItMjE0NzAyMzgzOCIgZXh0cmFjb2RlMT0iMCIgc3lzdGVtX3VwdGltZV90aWNrcz0iNTU2NzUwMDIxMiIgc291cmNlX3VybF9pbmRleD0iMCIgZG9uZV9iZWZvcmVfb29iZV9jb21wbGV0ZT0iMCIgZG93bmxvYWRlcj0iZG8iIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzE2ODM4ZTg5LTYzNGEtNGE5Yi04OWU4LWYyMDlmNGVhNDg2OD9QMT0xNzQyNDMxMjQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWtvcW85ZVRLTXVFelNaaTdCRlc4ZiUyZk0xeHlSZ21MMnNtYXZoS2haZElKNCUyZiUyYnpVU2RCRiUyZml0SlklMmZzZ3h1bFg3bkFOMkt1aTE3dGJjeUVNWERJNnUzdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjAiIHRvdGFsPSIwIiBkb3dubG9hZF90aW1lX21zPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTQiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1Njc2NTY0NDMiIHNvdXJjZV91cmxfaW5kZXg9IjAiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiIGRvd25sb2FkZXI9ImJpdHMiIHVybD0iaHR0cDovL21zZWRnZS5iLnRsdS5kbC5kZWxpdmVyeS5tcC5taWNyb3NvZnQuY29tL2ZpbGVzdHJlYW1pbmdzZXJ2aWNlL2ZpbGVzLzE2ODM4ZTg5LTYzNGEtNGE5Yi04OWU4LWYyMDlmNGVhNDg2OD9QMT0xNzQyNDMxMjQ2JmFtcDtQMj00MDQmYW1wO1AzPTImYW1wO1A0PWtvcW85ZVRLTXVFelNaaTdCRlc4ZiUyZk0xeHlSZ21MMnNtYXZoS2haZElKNCUyZiUyYnpVU2RCRiUyZml0SlklMmZzZ3h1bFg3bkFOMkt1aTE3dGJjeUVNWERJNnUzdyUzZCUzZCIgc2VydmVyX2lwX2hpbnQ9IiIgY2RuX2NpZD0iLTEiIGNkbl9jY2M9IiIgY2RuX21zZWRnZV9yZWY9IiIgY2RuX2F6dXJlX3JlZl9vcmlnaW5fc2hpZWxkPSIiIGNkbl9jYWNoZT0iIiBjZG5fcDNwPSIiIGRvd25sb2FkZWQ9IjE2MzQ0MDAiIHRvdGFsPSIxNjM0NDAwIiBkb3dubG9hZF90aW1lX21zPSIxODE4OCIvPjxldmVudCBldmVudHR5cGU9IjE0IiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIwIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI1NTY3NjU2NDQzIiBzb3VyY2VfdXJsX2luZGV4PSIwIiBkb25lX2JlZm9yZV9vb2JlX2NvbXBsZXRlPSIwIi8-PGV2ZW50IGV2ZW50dHlwZT0iMTUiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIHN5c3RlbV91cHRpbWVfdGlja3M9IjU1NzI4MTI4OTMiIGRvbmVfYmVmb3JlX29vYmVfY29tcGxldGU9IjAiLz48cGluZyByPSIyNCIgcmQ9IjY2MjIiIHBpbmdfZnJlc2huZXNzPSJ7ODBERUU5QzgtQjcxQi00RDQyLUFFQkMtQTUyQzdBMTE2RDg5fSIvPjwvYXBwPjxhcHAgYXBwaWQ9Ins1NkVCMThGOC1CMDA4LTRDQkQtQjZEMi04Qzk3RkU3RTkwNjJ9IiB2ZXJzaW9uPSI5Mi4wLjkwMi42NyIgbmV4dHZlcnNpb249IiIgbGFuZz0iIiBicmFuZD0iSU5CWCIgY2xpZW50PSIiIGV4cGVyaW1lbnRzPSJjb25zZW50PWZhbHNlIiBpbnN0YWxsYWdlPSIyMyIgaXNfcGlubmVkX3N5c3RlbT0idHJ1ZSIgbGFzdF9sYXVuY2hfY291bnQ9IjEiIGxhc3RfbGF1bmNoX3RpbWU9IjEzMzg0MjgwODU5NjM4NTQ5MCI-PHVwZGF0ZWNoZWNrLz48cGluZyBhY3RpdmU9IjEiIGE9IjI0IiByPSIyNCIgYWQ9IjY2MjIiIHJkPSI2NjIyIiBwaW5nX2ZyZXNobmVzcz0ie0ZEREEwRDk2LUYxRTMtNDdEOS05QzhELTk2QjgyNjdFNzJBRX0iLz48L2FwcD48YXBwIGFwcGlkPSJ7RjMwMTcyMjYtRkUyQS00Mjk1LThCREYtMDBDM0E5QTdFNEM1fSIgdmVyc2lvbj0iMTMyLjAuMjk1Ny4xNDAiIG5leHR2ZXJzaW9uPSIiIGxhbmc9IiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyMyIgaW5zdGFsbGRhdGU9IjY2MjIiPjx1cGRhdGVjaGVjay8-PHBpbmcgcj0iMjQiIHJkPSI2NjIyIiBwaW5nX2ZyZXNobmVzcz0iezZGNEYyODYzLUM0RDgtNEYyNS1CNkUzLTMwMzdDODYyOTZBQX0iLz48L2FwcD48L3JlcXVlc3Q-
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\EdgeUpdate\Download\{F3C4FE00-EFD5-403B-9569-398A20F1BA4A}\1.3.195.45\MicrosoftEdgeUpdateSetup_X86_1.3.195.45.exe

Filesize
1.6MB

MD5
9ceb8cc3c15b50f92cc3bb84a6633228

SHA1
5ef4b8fdf841b5018b535c1a2eeb8c22377183a4

SHA256
700e5bb6a5a53998dc2a6489887959d4ceeae9b9de9d40519e5e339970800570

SHA512
6740ab16b728fd740ec0479d542cd405ef5006d0f70025963faff9568ba811a64b6ff4418f77fd578845b0495c53a24044b48f28fce10524f707531c85889028

Download Submit
C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe

Filesize
1.6MB

MD5
ee130d6729dd740af8efb385602ec190

SHA1
944216e21cec0097e154307f7581ffdf072308d3

SHA256
219d770af4f30a1e5b959f74e6ddc9a6266909473673381692d0714100bc4534

SHA512
615d1909c282fce45e0f48b38de4a78f1846c72378bdcda38de1d22173925745182179c217f6931219f9b743c0fcf421f30b6739da704eaffe4832520bf60b5a

Download Submit
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
6fe8e88f28f87db5e885d497fad92d91

SHA1
75fd8f9a694d539a68cc86ab87ea143b5cbc1dbd

SHA256
b745bbd76d23cbffebda6429c3351bfb0eb50958a57b2aa61047bb2288bf0f36

SHA512
07511fff7461f436610b889a18807e3c99c160aa096e3aef3ea74d70237bb8ca769cbfbe489d0d3849c416135224799169f655f7462b03c056ee215981c44c75

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.6MB

MD5
bcb91d309d78d3f320a40435b5789925

SHA1
e6f37c508742862d6fafc5a08249c7056e08a50c

SHA256
44371b47ddd394c54af1dddb39c867f2b869484ec50f9f0d8510f60a3f59cc06

SHA512
75dcb2b39d6249ea74e11137a3cd9ffe3af7cd848da3ea3dbbb75965e50b69d8a813470afc2f1ab837fe4d962958fa84e28f2836fa10098a32ad6eb3f14173db

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.9MB

MD5
008f2cec20611b06303e7b59e1655dff

SHA1
8a3c5190d43e94271754a458716932f466441e07

SHA256
f788aef184c96e36e85e7cefc166ccbdd93813fb5d197335c98db3b8c7153db3

SHA512
aa7e92dfb871f3ac72051bdc9edaf1921887a9d106c803c72942c04b3e35bcb9f3aef10b2d2d9ac42b0153cbd4d0ec49a68034f4ae35f3f3009ba791e30ce66f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
e388f4e63de9e39345298c054207c84b

SHA1
7e72fbeff303fb53236ee0b9bef77ff45f1e2849

SHA256
52a9960577f48b3afae4d03fec55643c3987a2ab4d75fb87ea811fc8439775e1

SHA512
b5f2699b187483f14cfa787e05891220e5fc3cb148f3c2fc39f618af7936bc85f1eac7c43f0ee30e01380c60ffbe1be0f63a3712299587502658130b4d4f9804

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
4680d47b2f71caf0691a7b6caef96422

SHA1
61f08c18c2e713cfd379d61f2b55d2adf7f62b86

SHA256
969731bff4b6f3ba5a2227e2e508c2adda9d7f18021564dfc06b1e57e9511ae9

SHA512
ffc9cbf1396066bd81d195722d3b09bfc6b55b3272c80c7fcaf64eb9a7c0bfe7ff9361836d2205e73b34aec68535b3a8d72a77613702c57bd262c196229d7b81

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
1.4MB

MD5
808264076a776424d4eb984592e7cfcd

SHA1
80c94ce0c2d70b5451fde9b7219a662cc1b21eec

SHA256
1d66d411d85c6bc01376d69ecae152578ce34ef8a5b3b9d6368f0065f0488e49

SHA512
121af4116d8af5649f59dfab217e2bd45a0e7e6810d048ccee52613d137377d231370cbc16f958bec1e3a93e3b9b3308644548afa6c7ad6b410d65882e78e8bf

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
1.7MB

MD5
6cbe2d596e2b2d112b9d7bda1743e43c

SHA1
171bb9d1239e81d08fdb0816b43fb11b938c3619

SHA256
104f4bc1988e2227b78f7b1a95e9a41d8d665b7c12f49bc25d630af091e99510

SHA512
a45c945161685d65ac3cfead76543d2e75ef120e4b05c402f1f642930fdf24b229c5104b4480224f53b72ae745a290f85c3ca99d0f72583ae0f29dea52a0de83

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
be04895adf80f4413c5c88ea6929869f

SHA1
efad07eedfc2c564e7e8ead9031c897eb4780fbf

SHA256
ab2b8a4e3fbcc8d62cfb4c0e8deffb95af09fa637a67efcb10e9d0cde0e617b3

SHA512
2c0d4ee5d62282435ec73c6c6c554b2898621be77b0dff492f8499682a97990414db7bfc097edb0de6c2f01feb92761f911c4891d3e8e13cb1e3102a03c566f5

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
1.7MB

MD5
1c499184ee9e55926c2dc58ef4ff431f

SHA1
4eb699c0cba3639aab87bf8734053747467407bd

SHA256
cc55917d091998ca5525565ac723d6170eac58fdfba84681961829bb18170436

SHA512
654b00117b34f0a4a34df4009de72fb9919a20da655de102a50d370a00f99235c31f05cb032f75e0ef21953972e0fb6ed625ef2599081e8da5b463a645eb6d2b

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
8d71e0afbb4f3785bd5231d958a22aae

SHA1
2446d2e2951cb4682094c176ed1463b3b680d0f2

SHA256
a44e739501feb179f37c37de7a739f310c13ffd98ae1ce1dc73b2f55e3856459

SHA512
816a4e585c80e6898a0e4e9186003bda4c9e877b7463e525f71291b313e61f348e2da0505ff31f0ad155ba9ae9c931430478f3456b3536dbecd4ea6fb7b615ca

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
bb87c481a8e15775ad75ad642503ff6a

SHA1
ffc9ab79377aae6af972c163ca5482b0cce6d927

SHA256
e3bebfeca4331bc1fadc0159c7dc1a9dcdc9817c91b5cc2d33518fafe6ddb39b

SHA512
6ed0b09a3ae7be0af3f8850aebcfef9100b181be23e40b67d8ab84de19e02a43262b560bc8f19ad2a3ef0691f2c9bd51cbc308115dd24812a22b79d68e99dd10

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
d15556a0d95cb2212ee9ed283de939f4

SHA1
277db785f89879fa789c2e4a664ca8e79f040255

SHA256
d1097a4caf49802b6f40a0012dc1956acc626eeff9ccc64fa6e53e5d0c4c5715

SHA512
5eaa14d1e4a22b1cf527107397abaf5c82c83f76c2cbf213e1f710ebf7fbd6d647cd303d99c6b4af7126f8e88260936616409f4bc6f5d029bc196471205464d4

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.6MB

MD5
6b5031799ead1bee08ec063fab907ccb

SHA1
55c7139035e817c81a6f02191d8603a8448ec5cd

SHA256
75ff288b03b0bb9ebfa9ddda4f95765af06dd2b922f56e27595ef9a7249520a3

SHA512
8c3743bf0ceeb38c6dae4825f9898a7276d97d0881397adcd36d89127e1ae81e0a206aed03db20003d194b2b3b8dc2ad75538b2b7a198d7f069a9087a5754e28

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
1.5MB

MD5
380acbd7e134490af26bcfe490bad286

SHA1
2d40d5d410cc894f78d25888d454ee4bcea38a3c

SHA256
4c8e73e16925938fc48dcf53c64f44d38b6ce6f57c59ee49da3bbe3871d9a23f

SHA512
764f489a80c364a15554c4a8bad9706b1137419bcc8537dc3ab7f97a69795f3e5b1dcea88e29d0c919828c7d85eb41257b8b90b15a1d0f3f4b00b65186f6f254

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

Filesize
4.6MB

MD5
0858c2450d00a21c9f23853ad4461517

SHA1
89b99ea063afc1a4dbfa301a0aa2d00d40f09c8c

SHA256
c8e098ff5733055215c5f68493ac21bc47e93e64fec9ae9844e107c6f5bf31e1

SHA512
8eb968f03acfa31b52a1b048513a37d25debeaf5472da5d4d0ed1d5e127087806929a0fb0c213d8dda486da9ee304246d784792a8f9a6fb3d4a57746836edcdb

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

Filesize
4.6MB

MD5
e73ea61de7a6466760d19cad25e4e52d

SHA1
4e440946e9efd5b34437540899976cbfa8c9e4dc

SHA256
f07d70dff88896c8bd392a82d387d6c0de7ce41a41dbb15f330157d94035be71

SHA512
60c2873a4bc0d4975e5ce9fbc6878cb793d3a15d63a2caf7162c15912c72c54a43f07ef0920ef60df1ade234b3e30577f6f3fe4c550ef4ff2a0b8acef5df435e

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
54653f6ccef15be5261c2777648fc262

SHA1
be2b4567807895def67d4630e29742219c7f74e5

SHA256
41769a22471d23f2328656bdd0ac68aba3f1fea7f049d12eb0b90044767f7196

SHA512
a223a78ae50eb9f67abbdf7c0afb6e5d717ccefd6d7328c0995abf20d461b480405f17a4ce7e7a3e044fe2e1ba01851b3efaab35d5f6c6c873e64c62673160ec

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

Filesize
2.1MB

MD5
051d8679bd83250a69117e55a4e53f96

SHA1
f95e2b3fee432059e94defafd866182858bb2965

SHA256
ee37fa5b8ac31bd2fd6c686b36e50cac5c56fa81db3908cd29a8a1e03b8d8146

SHA512
ebd1872e019cc81210de45fa79ad00734a196feea127b6ba38ed10ee7e4bc1c6e7cc9b7b3eb055c34c29713c29e0cefe06b03e494b76aa4305300ac5490edc87

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

Filesize
1.8MB

MD5
e8cb79c29bb49b83bbca893cbcc2c7c0

SHA1
77466eb3b3ffcb65faecbd6718c7b15f4521fedd

SHA256
e1615dc7e819b16226aa1b583100c31af9a8f52badb44f3a58fbfb02553aa74d

SHA512
34abfbb5e91781c12cd785ab358005d0d42107e082295d125937409224299d024636c16022d12981bb307cc1aab46c471af285a22a18b0063a9d4c5652556c49

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
6cd87dc95ee92ae2bb5a7d52d0f88b42

SHA1
ea768f1cda4f440dfd26c55209aa0a6b3fd963e8

SHA256
4dfa8627fe20db3761d4d011241bf81ff4a02c9880a48bc6894cf26e1821897c

SHA512
41404bca4c2b9c42ab5a3908ce53e1995cbe9531370a5ffff932da0688c7960ed41a501590e2cd63558a4046188d3c480f6ac666601c8326cb401c609897bcea

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
1.4MB

MD5
594fe3df51f99801fb28126be3fb022f

SHA1
cbb48df74b1292493d9bc3d54ef8ad281f8f315a

SHA256
fd109dd497a014eeaa1bbce620df0c2f3956d60f1a7f15d330c4ab5903df5dd4

SHA512
77420f108a2e1314554b00a505e5fde5ae3ad8cbc397b180113a580f9245c7bc667db7c579662cc1480ea7b64b0116d15fc0ddaf5c2584f12b2b524ddf3b2dc8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
1.4MB

MD5
bb03643848981cdbea5f45bac0899686

SHA1
ef8ef98eb54650bd28d02135f052a237923b539c

SHA256
5bb29630a502b8a2a39788f107c526a5e0ee25b4c5ad11b32d470b8a6c157296

SHA512
8ee4e7b7ef0010966b6cfeef458eae627521be890bfd8934f031bceece9f52297aedfcf25314bfb4ada904b4bb7cee3ce7d4b997ed71c8f4fcbd82462d443426

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.5MB

MD5
a308302b63c49d46802db771ace29e0f

SHA1
0e3b178c638d01f3775e561ba10bcb74994039cd

SHA256
399ef359648c09417acfa4cbbec2cc2ee9694042c74132217ae21c3a8a5c0108

SHA512
0642e05d45e4461d9f558aa793f2e045b64c8b22a96642fbf68c153a6dfb2ce6b91b2dd6dfd3da4823128c3ea9c57c7fceabdab1af6bb1c7477ec1276d87e6d4

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
1.5MB

MD5
264fd7c85f27ca08cdfccca9ad2ec853

SHA1
9cd5d0d455f6dd7962b576a1793d4123da275ec6

SHA256
b47842f612c6b5639ef468a44b4790f324b173effc3e6ad5de77270ad5c0c5b6

SHA512
cc384a2cc2d57a22953338da99ccf779d8d09b023a4d82692632f2d261e460dfcd3b93f630a7dffe0eec8c397de5e7e348a84b4d88979e1cc7d88cae168a6769

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
370KB

MD5
d717292702fa68adb793146fcaf43dd0

SHA1
6d6838c00beae22ed6cb0bfbb9992ffe11f596ad

SHA256
1dd288b5727d1d112428a291674e4bb888cd4b473e7baa01637f2c62f0b37592

SHA512
4c2d72709a0ce5bd429b1586d3fee50fe756f1983a79272b1f2c40a89ac57e46eb7e82f5635e93e43f19d2949bf184bb3fe9158a70ec2a30689fee56c2f4f36e

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
378KB

MD5
10fe1a95349708b768f34182a2dee2ae

SHA1
6154a8efa3dd3d03fefef1226dc7c1dffce94bf3

SHA256
3597fbd7a0f031a273ecb343c652794c7f9ca9f310c7e25a92b8889656f8484a

SHA512
c285873a47a3e2285bf29e1d9f8250f42c6df3ad42252045d61cc639ff64d3439330dcdee3ac666f6ab3fd32b8a9b5f7004f6570d226b6f3ae959f78ce731835

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
398KB

MD5
37a01d8787c32d0dcaed19a940f4397e

SHA1
e6543ae3374f5e7d0b91e00c49cc27676e915039

SHA256
26d509f8fac5e03ea170acb5bb18343aca6a5c71d7ad0f3863633c59c225418f

SHA512
a92355f4c48f5d73c39d5dfebb4a7c0255769cd16fdfaa204f6a37d753ce0744e30684db42e36d29817e364d02ef6efc32836b5bb51a030a556975baea8cda6d

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
385KB

MD5
366c1b136f63cf3958ded72c2899d558

SHA1
dcf3ceb91cfc86eaec2c9bd250aa20f0e59da736

SHA256
cb7b0c93cfa9e036d651f43d82454ec51d039b2b12670d5ca8501a42feaa966f

SHA512
01959ef68d36289de2ea7fe4d3c850cb0bc701b98a3b7c0b2f88e5ed960b4e545713cf643995f73ad2e42ba077d2408a3cb3d6bf4e570d6e28600d9db9f7fb3e

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
463KB

MD5
359812380339125be59cc6cee8a98ea9

SHA1
fe000715b4639079a1e81f993f3184007613e049

SHA256
d6cedc4098aa4d9e7f7ff0bb840729bd4b294c5bce7c4ab4012af294e37768d8

SHA512
77e1af27ae5fb033dc9428b61620133bc4fe97f4eef6a583c1dbf73b0213ba157b5c42451593d4960b3b71faeb13c77c292e22b0865af68d688b3812074a8f8b

Download Submit
C:\ProgramData\Microsoft\EdgeUpdate\Log\MicrosoftEdgeUpdate.log

Filesize
366KB

MD5
8fe35595cbe6d4e7c45ec987871a94fd

SHA1
575cfd1f3f94e55f9e09010c87e0d83e1b6cd3c3

SHA256
b4315ff0a020dd573751ac243d56330a0ec1ea3e1fdaf33b062fbe2ba10d9cf0

SHA512
7c4f4bcc987c0ae9205767cf41068bc66d8a67f39775742d13ff98f7afb7aae514382863e9d145f50c871b442e75a691ebc7445a698e64670090b2e030a89339

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
1.4MB

MD5
1ff151bb9fdcc1fa0cd8bc84ccad47be

SHA1
a6ed67fc8b71e4acf51cbd0a3ecc0f1ca443d9d1

SHA256
042c2c05da08422429edde6549fd76db745fb7367fb01098b8a60985ea9a8a16

SHA512
5b861e975d649dcf490836eba5c220dc667b10a93851008e436d4a29ceffd44b24ce7b4a95ac484a4990620b108abcb1d49198a673893267156ed4e76a4be12c

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
5ac33839d6912968b92a33e49cb115ac

SHA1
f059efd62ec00bef9561c9edbc3171081e867021

SHA256
ec5b753906bc3551ab9776d2d0596d312afbb8ebebb9c2347c0ae66701f034c0

SHA512
12d5c367437cf01b5e158c327458616aba787043394a5efbf9b1186d69cf1221e5bee7f8217c9ca50b8d65e9689baadd61ee4df085ef05d8b47e32f6997c00f5

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.5MB

MD5
ceb9fd03b7219a85ccf39f5b377f6703

SHA1
94b25bcd03a4b779b770dae0eac82d8af84ff27e

SHA256
45a1f50a0854abdd6f037816ee7fe230c9e825d3fd60e49297e76e21178aa8bf

SHA512
8c055631d5d8ef40eea3fda6cb0fd8a569fe01373a5bff5a76a24ec70f99635331c468d370ef9de4554702302d25cc3408d359c1e65b6d6331103099893518cd

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
e2fa6c8f2e8efb937ce801d3f7aacde8

SHA1
2d33c269cfa8b8a0cda8f7f5ab4cdd51b279842b

SHA256
08073ebfef6327c07526b56cdb4f9b3f219b233b489709d77d6b441f09ebc39b

SHA512
43f3c27b6fbb085857fab8870323242704a5d311771ad419e2f865e30010998556e510850e34b9de35199bfb545c7211f36b25329cc41d39a3951ea739d97f1e

Download Submit
C:\Windows\System32\Locator.exe

Filesize
1.4MB

MD5
a4bd8235a67289328d8a4808a549f77c

SHA1
5299122fa9e55c7889856af1e88ae5a07123e257

SHA256
022f553bc41105dca0c535619aaf0badb7196fdb96fa0e8b1b998c26e0a891c3

SHA512
b428bb7e9f659bc5191fdc55d729fc8ee4a2feb966c6a9da03da586dba376cd916e9bff63fbb73b693a123250aa03beea97e9176098897d56dec1a96548106e6

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
1.8MB

MD5
0d69b8ae80ae61012f0603a947a3490a

SHA1
ae621ac2030538115afd0e75933b54ddd059c935

SHA256
d5eda5c061469672160fd39e6e036dbf13a8a2b4f2a94a817b8f9f09d0761139

SHA512
e30749ddc49efcbbba07048ebe0904133d96641684eb7ef3c6ccfd4001717fa7d4f79f03dbc65730809608198e5105de03df51adac0352cdde5f72666f359ef8

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
1.5MB

MD5
81e3609b65c5e12f55d7421bf0713719

SHA1
a337c7a19351da4e6356116ea982bc6c92fc1779

SHA256
48a996875801325ca5e3e676ae8e048d3a2d2bf24678a9325af882a255ba3251

SHA512
e0c3574be150a06d72259e42f456cb9499ca9ea627bc6b1ee9f89bd945a9bf01a0c1613ebd1ee80ee3a2540ff7e1287df45557c86bde2ef05ef94b399dce1d00

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
996f34c0644097d8ad8acb54686cfa21

SHA1
71a2a9dc0c95218f8936ee64e3047f908e79caeb

SHA256
5579c1e1e62431ea72b41b2e1df423b8a93e50f6de6ea4c252d8be828f6bc754

SHA512
e5f35d01a0a56ade379420fe70b924fba64bec81ba38fec0e3b796d5b5822f4a127889a66a0a22c07f5a219a482e8fb2b34984b05c2463164c0a79046f28e491

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
7173f6184611dbbff3eae0657e774f42

SHA1
b93211f05cf15c0156f0381964dd3c461c19cdbe

SHA256
762b0dc6e041c5484a9c06aead2ae6b84fd41ccba23ee83e64f4738faf4a494e

SHA512
0c34ebc9467b901f9a12ef3012438ad1a6f8a65caa30c179cdad1e348285c9630379e629a09d4526fbaf15c68c6ca91853a3ab0c5268f7245deafac9e2bd9c45

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
0feb57bcaee70883485efdcbb724e21c

SHA1
55c0950ca43a3f64cbc64aa062ab27f20281ab68

SHA256
49e938985320f864e48be8094c6024d885e03ff3a7ced3247a34c429b2fdebd0

SHA512
cf955d9925b939aa2b7abc6e1054c919f3ecd7956860ec8563cc410902fb1aa1d10e752ca08333cc13548d07cdf9d8ff44d9dd359b3cfdad676c812cae163eac

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
1.7MB

MD5
f891c7705b4db71f07edeebb530389ce

SHA1
0c47e624d8748b0e56e02f8e188c2e8a9e2faa8c

SHA256
194f5ee6438fa8deecec1d46abebb28dbe8915abbd6ba125c6e5bb48b73bb5d8

SHA512
97553361c6e029239720dcb4cd56e8871770a1834e641781ca616941bb470e5470a4cff00ff30100fd80ee40346f4ac03b653cadba668140ab9aa5b6a419f071

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
6c70cc2892330b41054df6d80c185089

SHA1
cd4c13ed8e0e40a3f2bfe76427e40aa0bccc189d

SHA256
f050bcc9519e1b559377391882c553f992deb4546adcd212e9cf0fa8b2ec6c15

SHA512
d028a65b037251f7099b8466c98acb97eb7a8ffca92402409af7b09afd6c1b24a7d777a13c8bc33e20ad5ffb839e8a310cbc54726e2909781e1d324a0091d0c0

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.5MB

MD5
6cb9d5fbfb8dfe8e9b6808b4b6bcdc10

SHA1
23dcb805a656e42f5a729bca366aa891d1bd9d0f

SHA256
56c6aa29be1aaa7095589a175c1b70e935533fbd8e213e32fe2954f22ae81273

SHA512
6b56aca15889bbf15c79eac3df4f66012b8266cacb89d77598e807bfb7b42e1bbc69ea636260734b2cb6ba2914dc47387d9e37296b61394515a22d9dc59275d5

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
1.5MB

MD5
91ba8479332e26424cc1ed8034d7f820

SHA1
d62f573fd044fcd6f22f282ae76befb8f27bfdfa

SHA256
9ecd3409bdba57cb6b8da324b267cfc1f2a2596c0e6562b9fd7d5c89decaac63

SHA512
a29b2ad2ed8a47465e1b898ddd71e8f6ad8f46f9682e8d7874ad0e30556c3096e9f6940e62ff3856812e09ceaaf386bfb8bb3023ad2def939a0f27afd4491aa5

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
1.4MB

MD5
81c1de978694f22651e8f3e2296b23df

SHA1
37a86ada65fe819b3a2069878c78c9cceed7670f

SHA256
a9a4ad95e9de34cd9f067c0ec180eeeb2b3c0792175a9850667bb8f4781abfa4

SHA512
f59924ee9670809823616e04002603cb5b7de9cd7d3fbc1c48c6ef3c6ff230de15663b4586318b5266ef80d089abc945fb62d6ae1dd87742f19d548f9ea807f3

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
051b8737b4ad4f6a6f243682d368704a

SHA1
a2c252bdad0c162bd5b6528aa764d4793d6c9e23

SHA256
2b69019f1295b15194d83c585b09b78908fe2205b0f437b4430a1f4aa99eb4a4

SHA512
770bd79381b25723df65dea43ed93e8a9e4c2fab3afeb2e93e9420a0a24a58e08e1b73dc803c2fb0f75ab9aa3103f4c341f9c9027eac7fe9b372d0c4e5f9e8cc

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
1.6MB

MD5
b43c1b22f998b7575a091985bb0af8f5

SHA1
ea592cb890f7a4814f3c032e4b56965617d34d89

SHA256
e76af58418c95df7a3a6b525dfe6e3457c14b8249424b3ef3dc8de13a0557134

SHA512
15eaaa0757b0f9db8096547740da53e437540a27fdc5ecc534e6f97c4e384a8a3d4b3151f66615e04b99c912779537a8ce1d7fd16ec2de95523f7066e043557a

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
2400fca1071d893658f6aec109c3abd8

SHA1
5b694728d868427cdc1c247a1758de0f81274ba5

SHA256
dee57e5e2508a2229a3936efcf26c399256da821d9e5dec3a184030494b0cf0c

SHA512
81176dcdeb8befd4b24c0f3d21315b7c5dbc79585a630b7f013f71d7cf7474bb2e6c5fde08f41c06d2d807602f98ea6b08cff19443611616cadd307393d42194

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
7dd8465ac23d0e8707a92e32433aabbb

SHA1
c6364ccbf8ea68188faae49d32c3ea145b801732

SHA256
e3428b95790f541bc740a9b317f5ba13eb77b9520c7ecdc3ecf0f3d5d6b605f2

SHA512
5938db2007d3303399301ecfe4400b5540bdf7365f56060e387dcc7f27312628faced84d5591bd022e95a4acf70ff6cf8b7086942add1342b486786469f2b768

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
1.7MB

MD5
ebc3d25d5bddc3943dcd5d08e6126b46

SHA1
6ec3a5e0ec5a6213e4cf2fc87193036ea02e11c8

SHA256
114916add110888634e0b8fd67f3428ef410b09aea5ca5ce620d7ea5885d06ff

SHA512
e521821ef935ba59f6dda4ef4f5a6a717666aeefaf9ad8164adaa379c5f65db9a8a1b9c501a73adb262c5cb15563c4e62edfb85f4a9e3269d5b2f7c7a9a7e8d4

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
1.5MB

MD5
4b5c17c073e0c9c7cc5af71af1a97a5f

SHA1
6b5a04e7c01798a8224288a29722045561cbbd2d

SHA256
18b3b9fa9b54a8a8565b47238779c6b602e049a94ae9f3a3b49da7a21d877fe7

SHA512
3aaac0445a10d118fbb5081ac0512c60c1c854e8fb4abd67acc229b59fb3bcee4c3da0db1c8355e6b63567c0be9c780cfbeb630d97cbbe378d2c1bad720efc40

Download Submit
memory/796-115-0x0000000140000000-0x000000014027A000-memory.dmp

Filesize
2.5MB

Download
memory/796-112-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/796-107-0x0000000140000000-0x000000014027A000-memory.dmp

Filesize
2.5MB

Download
memory/796-96-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/796-90-0x00000000015E0000-0x0000000001640000-memory.dmp

Filesize
384KB

Download
memory/920-270-0x0000000140000000-0x0000000140271000-memory.dmp

Filesize
2.4MB

Download
memory/920-473-0x0000000140000000-0x0000000140271000-memory.dmp

Filesize
2.4MB

Download
memory/1084-474-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1084-272-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1144-31-0x0000000140000000-0x0000000140255000-memory.dmp

Filesize
2.3MB

Download
memory/1392-274-0x0000000140000000-0x0000000140264000-memory.dmp

Filesize
2.4MB

Download
memory/1732-24-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1732-39-0x0000000140000000-0x0000000140254000-memory.dmp

Filesize
2.3MB

Download
memory/1732-18-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/1976-268-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/2408-204-0x0000000140000000-0x000000014027A000-memory.dmp

Filesize
2.5MB

Download
memory/2576-245-0x0000000140000000-0x0000000140241000-memory.dmp

Filesize
2.3MB

Download
memory/2588-254-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/2592-116-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2592-63-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/2728-672-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/2728-56-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/2728-437-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/2728-54-0x0000000000780000-0x00000000007E6000-memory.dmp

Filesize
408KB

Download
memory/2728-49-0x0000000000780000-0x00000000007E6000-memory.dmp

Filesize
408KB

Download
memory/2868-253-0x0000000140000000-0x000000014028D000-memory.dmp

Filesize
2.6MB

Download
memory/3100-0-0x0000000002010000-0x0000000002070000-memory.dmp

Filesize
384KB

Download
memory/3100-111-0x0000000021110000-0x000000002111E000-memory.dmp

Filesize
56KB

Download
memory/3100-45-0x000000001B310000-0x000000001B320000-memory.dmp

Filesize
64KB

Download
memory/3100-87-0x000000001D2F0000-0x000000001D2F8000-memory.dmp

Filesize
32KB

Download
memory/3100-417-0x000000001B310000-0x000000001B320000-memory.dmp

Filesize
64KB

Download
memory/3100-9-0x0000000002010000-0x0000000002070000-memory.dmp

Filesize
384KB

Download
memory/3100-436-0x000000001B310000-0x000000001B320000-memory.dmp

Filesize
64KB

Download
memory/3100-13-0x0000000002A80000-0x0000000002AB4000-memory.dmp

Filesize
208KB

Download
memory/3100-411-0x00007FFEA0013000-0x00007FFEA0015000-memory.dmp

Filesize
8KB

Download
memory/3100-12-0x00007FFEA0013000-0x00007FFEA0015000-memory.dmp

Filesize
8KB

Download
memory/3100-30-0x00007FFEA0010000-0x00007FFEA0AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3100-26-0x00007FFEA0010000-0x00007FFEA0AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3100-8-0x0000000140000000-0x0000000140272000-memory.dmp

Filesize
2.4MB

Download
memory/3100-412-0x00007FFEA0010000-0x00007FFEA0AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3100-110-0x00000000210D0000-0x0000000021108000-memory.dmp

Filesize
224KB

Download
memory/3100-46-0x000000001B310000-0x000000001B320000-memory.dmp

Filesize
64KB

Download
memory/3100-201-0x0000000140000000-0x0000000140272000-memory.dmp

Filesize
2.4MB

Download
memory/3100-384-0x00007FFEA0010000-0x00007FFEA0AD1000-memory.dmp

Filesize
10.8MB

Download
memory/3192-209-0x0000000000400000-0x0000000000642000-memory.dmp

Filesize
2.3MB

Download
memory/3436-471-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3436-86-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3436-77-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3436-83-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3444-48-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/3444-32-0x0000000000F30000-0x0000000000F96000-memory.dmp

Filesize
408KB

Download
memory/3444-37-0x0000000000F30000-0x0000000000F96000-memory.dmp

Filesize
408KB

Download
memory/3444-60-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/3456-212-0x0000000140000000-0x0000000140240000-memory.dmp

Filesize
2.2MB

Download
memory/3760-234-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/3760-472-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/4280-247-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4300-711-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/4388-250-0x0000000140000000-0x00000001402AD000-memory.dmp

Filesize
2.7MB

Download
memory/4580-207-0x0000000140000000-0x0000000140256000-memory.dmp

Filesize
2.3MB

Download
memory/4640-184-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/4644-683-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/4712-557-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/4712-101-0x00000000007B0000-0x0000000000816000-memory.dmp

Filesize
408KB

Download
memory/4712-108-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/4712-105-0x00000000007B0000-0x0000000000816000-memory.dmp

Filesize
408KB

Download
memory/4904-260-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4952-470-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/4952-66-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/4952-72-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/4952-74-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/5316-496-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/5316-508-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/5332-482-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/5332-602-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/5332-510-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/5444-700-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/6024-545-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/6024-596-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads