Analysis
-
max time kernel
597s -
max time network
594s -
platform
windows10-ltsc_2021_x64 -
resource
win10ltsc2021-20250314-en -
resource tags
-
submitted
25/03/2025, 10:54
General
-
Target
http://onedrive.live.com
Malware Config
Signatures
-
A potential corporate email address has been identified in the URL: [email protected]
-
Detected potential entity reuse from brand MICROSOFT. 1 IoCs
-
Drops file in Windows directory 64 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://onedrive.live.com1⤵
- Drops file in Windows directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x264,0x268,0x26c,0x260,0x28c,0x7ffeb952f208,0x7ffeb952f214,0x7ffeb952f2202⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1780,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:32⤵
- Detected potential entity reuse from brand MICROSOFT.
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=2284 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2576,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=2728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3524,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3536,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=3512,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4904,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=5244,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4316,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5476 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=5216,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=5392,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5236,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5912 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3796,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6288,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6296 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6416,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5584,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5632 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --always-read-main-dll --field-trial-handle=136,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6688 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --always-read-main-dll --field-trial-handle=5520,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=604,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=7016 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3768,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=7028 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6960,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5452,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7064,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6996 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6728,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=7136,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6992 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5928,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5700,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5892,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6356 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7140,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=788 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6792,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3468 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6152,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6936 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3452,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=6276 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6716,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=3400 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5872,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=4320 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5728,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5348 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7052,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=5900 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5360,i,2132876256279410342,1900528940891639149,262144 --variations-seed-version --mojo-platform-channel-handle=1656 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
280B
MD57da492a02c29529dc0ca538b502e3379
SHA1cee6a1b81936f6a20f1c9c4f35c29394338ff54b
SHA256553164a83cb91c4905a86373c61bd899bc1007e7719791878bb95290f1f27f36
SHA5123a1aaff3da507ce35c4e06ff9fd2516c65780849b24fab33417da2e799e20bda3594e5f2f32b1326dd1d3da560c76dbff1f626c147e99c7a990fe09ab0a2e89c
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
21KB
MD54de661259f9ab1210b721679f54abedf
SHA1f31fdf712f2a1da449254a2733c182464e826d5d
SHA256bdabf3141f6d3925f1129b64a3106435976c4faaad8f9bb3890675365e4da7f7
SHA512d6378cb0913ebeb2b035e568759f392923287472202f5bbcc3922524335dc19905d9f52b5506549439dd8e9a340f81590c2be7b4f2d0df7c2e139d8b03430828
-
Filesize
331B
MD54d0d37ecf436bd659c0a366ad16e1d70
SHA1b74bafdcdab23f94bf1ac2b9028aaf360384993e
SHA256bdf6320b50def845bab6c0572f69050cf84196e204acae5d6f19edde9235976d
SHA51215815deb6f1b3d4add0b3681accac140fe3c3b20223c7f256d501a94efa375ec7343619182d8d8ada895810c1cc5fd5861fcad332fae4af2faddf3a7f03d01f3
-
Filesize
334B
MD575cf05da885bb7d3ccf3199b854051ef
SHA133ba3adaf7357aeaecced77bd27da21ea889e799
SHA256fe6d167e0202761603eacfdaea019f9d78ba9b5b8fea5736c5cb62034de17030
SHA512ffac0c4c2b06f976083ae378818cb17a2144dea7032c484aa392d234f07936b87a533173a348cf240be34acf58fe1a08b6a3d718b081b08af4f12c3c9af9dd1a
-
Filesize
4KB
MD5f2419ec71398b9b6be6ebe52cfc2c254
SHA10488f9bbcd852850c64755836fbdb1e5e7248415
SHA2567505fb6449210ad49ac8f282b3d7dbd93c6e4b71a214508cadd6d6a36320750c
SHA512f66370dc8a9cd087848a7ad0ffa13b91218e1358f307f169a82c3ed1f3010704c0974e191af9d8d48ccd8a3b650b216ecc33130e3ca473b57c36b5a3fda8d546
-
Filesize
4KB
MD5ad6fd168738569faac0c98c74504b346
SHA1ba742d97499f1c18f1385af13bb239b126bf651b
SHA25654cc1dec5d5d8ece9f3e05749e101c435893a3448bc6ade3da71e08a684bfe33
SHA512bddf6667eb5e9b2ed52bded9834f996699879a84a9d63ffe461995bff9d206632470b9c7c72b495aad06c5f7af5339617bb9df18e0ad9e72ac52f4628d25e820
-
Filesize
4KB
MD5c62c47cee4042d8e4b8937719d22854b
SHA1793a73fe294f72cde57c6de8d450004dc1a854cd
SHA2562ec7c5e6a1c1dfed29b0e659ffec11ef0551bc971a196b439a571936b5c9a433
SHA512d3f73dd668494c180f6d59a5af9e13702c38270f742e369ab9deecfc9871d82348887758e177abc7ec68d8c8613920b681e3d93b1f22d45a9f057809425f5211
-
Filesize
3KB
MD59a35251a6c78995d78bb9a081bfe6bfd
SHA185c6ba0a7ce02cbb4c695c45d6e9ba6a26c9b3fa
SHA2569e32f842e38d39c590b5a27af59fe1bdfb46902da152894f2e80cc19408f96b0
SHA512e659a27f16b43c6eeb22e8eb28e6045221664dc12585f9b86e2139aa9dded2ff441f51b87abf51fee2c09c7a9e74890c6826356aaa945492d0693cca1cb48481
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
107KB
MD540e2018187b61af5be8caf035fb72882
SHA172a0b7bcb454b6b727bf90da35879b3e9a70621e
SHA256b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5
SHA512a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12
-
Filesize
6KB
MD503b34d7ebfaa27cbaadb93b5859e7c74
SHA15f7bbb01a822710179a13d1188c4031f95be8d47
SHA2560536e10e33bdcee0ba05a5522c885e41b3a792002322afc6d2fdb4c44e0cef1e
SHA512f4feb5a7bf2566ea8018d5493835deafba8054b0e1f42f55f5eb2f488fe359360ee252a30730add53106af10c2710e046124ff1042d938b07af4bd3fa89f253c
-
Filesize
6KB
MD5b403472c2a349bab5999d3541d545296
SHA15c8dd37ea57af8ca29a5af62dbd8499db03e70a5
SHA25620b3c96a58f542ff228acaa699d2836f37a547080cbcbea63b606d22fb4e9f33
SHA512838bb609ba0a0ba2efff7def009198b6e0fa5f2bd047dfe00bd8fefb36d98bc1c92194f1878c86445ea8f6ddcb9153bbd29b8e2ac5707124eb940aa2b8d17cf4
-
Filesize
6KB
MD5ad013c73ed95abb79b37627025910975
SHA12b6513e3f3916d1d90821f9f7c6aec0b1cf1cbaf
SHA25668fb777936c01f5761bdcc3b7659efb3677b421a7bf54cd88c42a64867f07420
SHA512dc15aa5bde5269cc0905f8c606115dc24c8defddff281b978bfb2204888900275f28c995f9a404ea4d88b44e1b662c1597bd3e88b2829b99e3ff0a326d984bc6
-
Filesize
6KB
MD586d28d1486cfc8fe411d0991bf122afa
SHA1fc43ce5cd0363c1e61fd23e77da02b4c36abb0f8
SHA25662b9fcd7c065af6c292068943c6ee48ed3a061fe4f29d8ef1f2cc5738bdb5d92
SHA512ef837afa847dcd93104b1381a98488877718e5e53cea4c528cb794e8134d439c6c7b209e75e1125cd862d2d302778b55b22facffdc274a2179d4ede359f26ec1
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
Filesize
17KB
MD5afb269b2c206869e13f0616187e2c86f
SHA1963d773fc966a75d48ddf46909b69779db2710ef
SHA2568c370a561d818679cfc9e3d75000d9bb437a5564058af7d48ca16bec6dc5fb39
SHA5129807739e64d673e2e5f18e801a1337eb0f5a823e05cf6542fc17b3e375f619667e0e442844467969e92d6b96da90e392841838bc1d97b92f2f425ee36271bc6d
-
Filesize
17KB
MD52e1142d2e956acdbdc8ebda3452c4b09
SHA1a17dfd5360e6b2d6aa7ff25779c286becb3814ad
SHA2561196ed78bc9d539c19093014512957fd5b984a61add737467da285730ce2d3f9
SHA512e5e272ee2bf156b2a1bf9467cdd0b6ad27b38a8bdacb886d18e9651f1ebbef166a535b84917e979aac1bf7bb50128f1ffee031daf3a09bf7b543df9e4812e5ff
-
Filesize
18KB
MD53411be9c6b89a743734c64f090f1f160
SHA1f0d8346b73a1e50a99ae203440c0161a4f06d897
SHA2568b414d87b0fae18aa70cc0782b9a781219d7be3a2bec0cceef8751574436b563
SHA512218829cd19dd1bc039fc1168542c13593421ad628053fd3e891a13b082fea1336d3b292f45067db49f413e62a85db6cc40e92d73c55fae4dad7bf66a15427f65
-
Filesize
18KB
MD5f86dc027bdb61e7e82803c91a39a58b8
SHA1c445bbec94339e9944ca9c7096319d0be3c231ac
SHA2562054417ac83028ead94216bc561fcfb0607b15546e6158cca4026e4896b57c9f
SHA5121fb57dcccd0410dabe0c7f172bc253ae8a390e8a43b970a901c06a9be74ca5590078cc78341ee24c7917c441aa9f277c2417e06134db11dbc71bbef2ca127970
-
Filesize
36KB
MD554961a4d72b4438bad9a5975c3a7a21b
SHA1902b41f59b7048e04d5bd68dedf72a8f22ea5027
SHA25634f18e218a705da26955289b5cd7f4253eb505d21144ab3ff23f57e75a8cb47d
SHA5121f71d545c3a407895de22661d8c66ad60beda539a067b9ea6dab5dc06392f9dee140d42087b666e6d195e1e837cf434ed2ef5cbf835b1e57cc6de83dcbbddbe7
-
Filesize
2KB
MD50ad5c75de640d9fb30769d80f70cdac8
SHA1809c11fce790b85b8a1b4b8f1bae7c33915c7cc2
SHA256e9892407f237164734daf8a7d25331515444303c9fb93a99dc892a813ec543a9
SHA51295629bebd963be72a2a83af74955ea36f3224f6dd429029b4a866948113d494a79c692ef0ecde236cbae34e26a7e55cba41ac1cd3f7ebe55bd6468bd7da33253
-
Filesize
2KB
MD5fdce6f05e9c101a5c91433def0a68ed3
SHA15fb6fa9137b2f506f4ba189e1576a0c6d7362d82
SHA256e3614dc121e7a77ea962ca2c3305da0f96e8ea4b08b3932b0b76966394a21b6d
SHA512de8f06590cb6cc4f268f8e98a9ad77241bc159fd3ee212f3e0ac57b0479ba2a9a737d85e0cefe67c148413a8e5ff522ad0883fff85f6b277862701b140639ddc
-
Filesize
253B
MD5e97372f71a269711fb36054ffdcc0d3f
SHA121ee5956acc342bf1f82d29cedd2e0b71bf2fbb5
SHA256701d61334ef5461b753f7e6ac53d360490a8821565ea226971002c4a8bec1570
SHA512eed5218c9b5f5cb1b5b8b051f2310c9361250a27bdd0135a47bc37444becf634d28e7c4eb30563fd329f2c0b0e99d1cc0cdf98e373f929d1f868eed192fd9c66
-
Filesize
22KB
MD552b7bd8000338e894f496aa30f1ac433
SHA1d98c28e11a9c9c5e80485161f645d71667e948d3
SHA2569b248c2ad3bda4668c6d01d3b708a88828f9ddeac1f44dbec466929493bf7216
SHA51216abeb5dcbbbc68d94fab41d30eb6a0d7015d66082d21c260cde298b2f69639998375108352c2708367d0e57910127e14099b79b04abad5088864f67ae19f14e
-
Filesize
23KB
MD59e8dbb8282b190ffd1378237c8663568
SHA1c620dc065f4fb27cd88f3dc917177463b6885af2
SHA256942b49023190babf959a5872dc303fd89621a0a38aaf55e886ae7f30e2d139b8
SHA5129c434f34cd6d6fa2ce182382b934272988608d36bf156101b42e5fd2812a000c0b3dec40d271e5ff98a9e5d9a3e0038eca228581cae33047cc317649d151c812
-
Filesize
469B
MD549cb5a0c752f30ef61ea26a57db91a6a
SHA1af798ecdca2f5b3d08c2b1baeda077479549d681
SHA25682e93a704d02c3629fc24b45aedd9e55c60e9b692204b786b3967390165883d7
SHA51282c55b74cfe8cb94ed352400ab0f4a26a52e479b6f39dc6a1666ce0a4a40d5f5c62ceeeb2424dbaf95e4d8142664117c3be9d4d4c1d568c5fc66dfa19a625628
-
Filesize
904B
MD5eea87befefa2cbbfb664e9fa35b2a976
SHA1963c57a714278e30fd64d1dc59444b6df05d1e5e
SHA256dd4d2abc027658f1aa0f602609b7c85ed425fdb69d6c6e4896fda86e7afdae26
SHA512768d66f19fef4a9a252e78a05c5c3dc9e824ba38c3881bfc6c6f164806a003a237316ee887e27655508f66d853d815620d7228183c0fd6a2a59a7533d5d7366b
-
Filesize
19KB
MD541c1930548d8b99ff1dbb64ba7fecb3d
SHA1d8acfeaf7c74e2b289be37687f886f50c01d4f2f
SHA25616cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502
SHA512a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75
-
Filesize
40KB
MD578900c6b08b743b5c88eee4687a62d21
SHA163a7b21d82735972410bac3a6b005f9fcd4f8942
SHA256d1fb2c999469ec0ffb49b16f1dc483222ab15b571a2c6a3ee529fcf5c3169506
SHA512422beb270a564ab1e364b3fa9a96f8bbc7892ce6678b019c78fc2e2f2cac930015a30ca4f385d85739308bb08cb410e0562ce9fedf8649eef2848a88e0f8ba31
-
Filesize
49KB
MD51247730ee965b0c761393346cde9302d
SHA1e48ce026b2307eb6583b45b468ea6f8be9ccdf64
SHA2564872f8a76fb55ff4302fe21878f9b2608da1a985a729b4a45ca70591ba046568
SHA5127fca196d7f9db22b0e4fb4aac6393b1e76c709422670c6ddd2fbca5f0f84dd7320c4b1517c7ae8c7b99bd94981ad6203c361d1a57ec889747e9235c76c77e394
-
Filesize
49KB
MD59ebf37967cdb9e222a462f3146756b5a
SHA1e01ad5355017b10315db009e1d289f336f9e6e48
SHA25688062d225477cf60c41add573f049c0d0bc870fef2e6ac3bba98751f12b8f689
SHA512a3745c809724ad2f74bbcc30df73b487e5b9062486ea9872e267d53dbcae7b732dcf523c34de928ecc15a404c66b73b4bbb50c1df6d5aed13661bceac2a1e8dd
-
Filesize
55KB
MD56f2b46ea01b0817cfd25875cf4e6e01d
SHA15265b38baf3d42b377a59a6fe9b98a853cd73486
SHA256ac2f4046850ced26804c3f18c91a2a72ccf81a7474ce6928c67508a81efc7181
SHA5125683d74690e9df7d25e3539f17d1b65052f7695c73b5c44fc9c5096375fe2bc5c5829a231533b16e8c07924ab1ac3622895188e95a194a93cd22e1d07e9db6e1
-
Filesize
392B
MD5e53191ed9e9ed156d1b66f6712056dd1
SHA1f06d51cab951ee0f2d20b24e2c72c42ef904b715
SHA2564602349f34869806ad343c688475a5a8eea6c1a772e6c9b56e3a76dfe8e5606a
SHA512aa0e0f49dabe296dd4c8f912c77450d4e8ef3953dc5154a6d9e24993b109b6d97dab2afd42a6f9f071a51464239427e00b6b1c82656c5bc4027e90fe95aedf98
-
Filesize
392B
MD5aa1f5fa45fd0770fd463bd6b6551eb4b
SHA14fbad6685620d79d6201bf33161e8f47b9b22905
SHA256de0f8a2f6fee7fb59c508c4db82d1b1db34d2f47664401530ef85034d518230d
SHA512ddcd7117ad35a7c21122634db62de6570191134ce279398b1f6576d1199380cff7e357d931199db3704d206e7d375b15ffeb67b905acfb28fac0db03fadd677e
-
Filesize
392B
MD56ffae0627bcf7533ae331569da2d6067
SHA1b2fd2f016cadb2228e7c4faac6ead1fe0759c530
SHA25656475d19b89a57bec30326ddfa6f629d337d6974f4c956cf064bab7926d7055d
SHA512500a7eca07c0e7504856d66671e45c60071a8d240a0f7b4b499cbc8b653dfa77c743c6c912042feb8e347a7c493e4f87e8c3de12fbbff16bb5fe19ce77cd961f
-
Filesize
392B
MD5f2a3e121d9eaeac58d309b161d69f117
SHA1575bce1949251ed00fe114fdb8c89985f4126bc0
SHA256dbdfa979f7ed8af31a5782cf8633e57ac82f64e9240a2bb99bb28c22c38cd6c7
SHA5121165c72507752fec5957a590822957d3ef67b4ac96d134d156d307503ae79414bdca119e3af2b82fd2766d0c7c8265b6585954b66806fab1f03ddf7b4a02d843
-
Filesize
392B
MD5d906295c256953ba9d2a49100c461dea
SHA11ca096465c79405ff52633cc25bd31d457ba159c
SHA2565cd4f3ff16ede80f53290f623d6f6fa86785916798545a449ce6cd407f3e4c77
SHA512ca6479189a3675459d7f03f06ba671fb74de1a1c2c1af9e468924c0802d84c49407f9dc5f25e53e6d1b4c03397574adca5cf7ca441ad5a115029475288cf0d09
-
Filesize
2KB
MD5a04ee814f63cb32bcd2f2bb4c070299a
SHA1e8ac4c357dc8eedf00707b6ef234bd5c0bc45a55
SHA2563537b9702ff010a11455e14099c9ab54cf7a96cde4918c2169f82e546783dab1
SHA512b86a5121e9c46a3830e294fb73aa570243de515366ad7b59ad7c03a79cf8b5da5ec118eb2d965ff7883a96bbeda2a3e782f0c2ae917fd74a85de9b1c294a289f
-
Filesize
1KB
MD5ee002cb9e51bb8dfa89640a406a1090a
SHA149ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2
SHA2563dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b
SHA512d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c
-
Filesize
703B
MD58961fdd3db036dd43002659a4e4a7365
SHA17b2fa321d50d5417e6c8d48145e86d15b7ff8321
SHA256c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe
SHA512531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92
-
Filesize
687B
MD50807cf29fc4c5d7d87c1689eb2e0baaa
SHA1d0914fb069469d47a36d339ca70164253fccf022
SHA256f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42
SHA5125324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3
-
Filesize
141KB
MD5f2d8fe158d5361fc1d4b794a7255835a
SHA16c8744fa70651f629ed887cb76b6bc1bed304af9
SHA2565bcbb58eaf65f13f6d039244d942f37c127344e3a0a2e6c32d08236945132809
SHA512946f4e41be624458b5e842a6241d43cd40369b2e0abc2cacf67d892b5f3d8a863a0e37e8120e11375b0bacb4651eedb8d324271d9a0c37527d4d54dd4905afab
-
Filesize
551B
MD57bf61e84e614585030a26b0b148f4d79
SHA1c4ffbc5c6aa599e578d3f5524a59a99228eea400
SHA25638ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179
SHA512ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3
-
Filesize
1KB
MD58595bdd96ab7d24cc60eb749ce1b8b82
SHA13b612cc3d05e372c5ac91124f3756bbf099b378d
SHA256363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831
SHA512555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5
-
Filesize
2KB
MD5cd247582beb274ca64f720aa588ffbc0
SHA14aaeef0905e67b490d4a9508ed5d4a406263ed9c
SHA256c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5
SHA512bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895