Analysis
-
max time kernel
150s -
max time network
175s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
28/03/2025, 12:35
General
-
Target
Proxy Manager.exe
-
Size
152.4MB
-
MD5
79c381e5c588aaecc5a27376d2d793c5
-
SHA1
35a507343bbf844b396040b582e2043a32c940f3
-
SHA256
e27c19cf29a0137d87a197816f911b860d9bf4b619d5a3d94933f748a0a215b8
-
SHA512
b3bd0aa138c030dc0a23a5f7bac96801564ce39feb95b0902270c58bb0ef255d098f61524481b033e2a08ecc8d568d4bf14fdf79a1ac76eecce51daf44bd3384
-
SSDEEP
3145728:5AlI0l58YCVP1sItzMSliLdO2tIY4fHKDxJUA0IzYNBl3:cslNliLdO2tIY4fHKDxJUV+YNBR
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Drops file in Program Files directory 12 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1896,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=1888 /prefetch:22⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist /nh /fo csv2⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --field-trial-handle=2124,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:32⤵
- System Location Discovery: System Language Discovery
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exeC:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\cmd.execmd /s /c start "" /b "http://127.0.0.1:22999"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:22999/3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://127.0.0.1:22999/4⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x238,0x23c,0x240,0x234,0x264,0x7ffbb454f208,0x7ffbb454f214,0x7ffbb454f2205⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1752,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2212 /prefetch:35⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2176,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2536,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3348,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3524 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3588,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3600 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4248,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4284,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3548,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3576 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5332,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5340 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5352,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5320 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5372,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3564 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5324,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5924 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6032,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6204,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6228 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6040,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6244 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6488,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6148 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6520,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6480 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6648,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6808,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6684,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6652 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4944,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=560 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4312 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4920,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=4904 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1056,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5696,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=5488 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4936,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3704 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4984,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=6044 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=5484,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5596,i,15498028798820005678,17822911439580069500,262144 --variations-seed-version --mojo-platform-channel-handle=3452 /prefetch:85⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\@luminati-io/luminati-proxy" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=3112,i,14409683847728937106,3712288227110545247,262144 --disable-features=SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version --mojo-platform-channel-handle=3096 /prefetch:82⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
160B
MD5a24a1941bbb8d90784f5ef76712002f5
SHA15c2b6323c7ed8913b5d0d65a4d21062c96df24eb
SHA2562a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747
SHA512fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
89B
MD57239b0e4a8e7762add2f48f6a76d51ef
SHA16d387fee0514151c0a256b9a4750678717759501
SHA25655ea7ee7b1d8d9370cf78df0ff89bc536e9e0b4f1246dc96f5ceb5551ea666b3
SHA512e21c48c39fb49b29459cad402d62bd5d9fcf3db873fb533f1a8efb08ef2db41724a419b23bda77b13845247a480bac52c8458c992967c4cf7bd3f2076d21e890
-
Filesize
41B
MD5d96024eb5433892e4ec68afedee60185
SHA1ae3854eb21d8f72ffa8c11bceed8578e19ce13ae
SHA25681c790b4140a9643726de5c7b3c9f86e5300379659d76956dd82171ea5988cc0
SHA5129d5cec1cba31005a5ef6826162299d9317d3882aa918096b4e03be4030a98b353485ddf3229b9e60e07beeab1ed59eeeecb4038de00ab4bb38d41e76d42ef7b5
-
Filesize
157B
MD5c537de9e7790f7d5c0a542b15c4c6613
SHA1815ff81315a825e0a085b80e987934b1d002effc
SHA256cae2c8a66b285a2e5035a6e4a55a7f9245e1f15887fdd60de33b6dc481b482ab
SHA51258c0edf597e30f47c728e85518df0e6cab39b200c31329fb2d3d9d62d8a5ddad0bc927696849be4cabd599250d165e6af8cf0fe205d1f64ba91c283f86153a62
-
Filesize
138B
MD5b83630eab8c097482ecbb319d0dacf84
SHA1b15405078ff4504c6bd364556d0389b59c609ea6
SHA25635d1896a04e45bf8f441ffcdf1874b6d8c10c5bb832b0c1bce8efbf68b8aa3ef
SHA512251d0fb6224b105f576f10bf15f13655ec420511706583e6e72414f484daa273187c71e54af2ff4002dc0b06e611373ef5935abd42c5cb9583266c6cd046e05d
-
Filesize
284B
MD509f08720f581e59b7fe8b9a42c55e372
SHA1d29b9638b35bc555ccdbedaef422339f1bd7a50d
SHA256cae1b56d08d9b75bc048038f8a2d50279b74fe4fffb4cd192017fd4e39b19223
SHA512e37a4ff042d623e9a3c4b176a513d81d20f07802f44abd5c3ef7074a68ed2c024ecc8bb29a4100d0c4213e71d192b8be1bef82b6d0431da1ad3f3b0761f03060
-
Filesize
178B
MD52ff6964abdb43f037c6074025f7fbaab
SHA12fbff18117f485dd1e730e06d5499874a720c90b
SHA256e771070f6fc7aa15dbf8e8e2df76fa8b295195e7e30ff22e24372f2f9c17148f
SHA512b6a439af88d441aedf7a55c5dce012d6a479eca82712dd0aff6586fa1ccc61d036bc39d00eb53f5dbf3703876051250ce23e61b95e10eb8d386b924e0d64c0b6
-
Filesize
30KB
MD58d89fa602051df7578a844ec31853570
SHA180161334f0f2334bd5dfc5e3b49d8f7cc1c3800c
SHA2567e41763fff0f13d2231f02fa0e33d9407498c2b4256a6ff30e659689e91b15b2
SHA512e7b228a182443a3b6b834bc08dac1dbbe024b86b29ac1ef0a93c9464d077ae6aac92993a4a28d3179c35d187f12cb258cee004e06934100db8948afe929b723d
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5fed4ab68611c6ce720965bcb5dfbf546
SHA1af33fc71721625645993be6fcba5c5852e210864
SHA256c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4
SHA512f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee
-
Filesize
280B
MD54013ebc7b496bf70ecf9f6824832d4ae
SHA1cfdcdac5d8c939976c11525cf5e79c6a491c272a
SHA256fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a
SHA51296822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22
-
Filesize
3KB
MD5083f16cd1462c794024aa10073d649cb
SHA145fac747e3c36ffccabc64abc8cd532398d4a6d6
SHA256183a4c388a0b9f80483dae977fc8cede6483a55352ff3e93b9603e30ffd02de4
SHA5125a7ca38211b422f413ef7d2f2738724158ca172a68076e70d22946db863b55922f5b1d1b11b477f524627f3d654da5c3a95f8b85ea1d1e14c18845d5ebb161e2
-
Filesize
3KB
MD52cab53dd6c64395e0dddcbdc96a17eae
SHA1081776bf5ba83b3e814d5e0318fa4c356612bcb3
SHA256732224b1018e06a9262912cb105d682d9232f4b015fa17e9115b08a496273a03
SHA512d78b9f73ca03f8a45807b877d32227117aadd9f88952b3a5f0e82b596f32e6d06b77fddb8e04981d78ab263b52ab509c7b8c910efed9661d6833c4edab76cf50
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
2KB
MD5c0990db129907367a9ff885491776bf1
SHA187e7492898a131ad29f8ed62070c02d727281206
SHA2567443b91ce293979289b811afa3c989e999dae9edb90e68ba8cc95aba966eebf9
SHA512e7e05326ea17cea9d019aa269de84f50fec644872275335e60225ad147e7b1e84ce3a8c60ef13f4593b8897a94cba69aa0dafd58fd03b756de7e3635f5a7483f
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD52a69bf1853e38284cd05df03968b1fe3
SHA1c05bd091d592567f2594f607fe34d99381bb7bf2
SHA2561ca05141cbad95215ee45084df6a409172ad1ec69d64f006b8fbc52608fb08ef
SHA51230701ec95bc1cb67a3034b29b4ac71e66bb7cb4ea95c1d51df7227cc05e2e6aceb6c9d84b6245d82500b13bbf5e63938a59a68272771b44be4887138a1a6c29f
-
Filesize
14KB
MD59c27dd05e2ed13427b0b405a659ed454
SHA1ec5ce042675b343a7bb3a6109ad6c9d44757ff2f
SHA256a54858725a1437911a7aecb0cd89fd1dd3b6d3713cb9285fc13724527dab7195
SHA5129da8449d7967fc0309f91dfbf1f991cc3731c81c534312cb49707ff083fa948acd9821639d9f1bb1d1a9c6c3751dffbfdf89090a8dc5016f05c19a5ccc8c15c9
-
Filesize
36KB
MD5b3e126df7ef7fd84872fd02426143c90
SHA1fb65ab5fdfce02651c5a90253ce814ec0cf84a06
SHA256acfe60a9e3ab65b25478cbaf384cb6584ad8bf9570abe3bed104cee8da3cb0a4
SHA512a321f28eed113f6709089284dc754bd69db65d1bf128767cd2f6e56a7ded87749d195ba61d145db546ad11bd880eac5e4de99cfb1db7e68c37a597c07c990115
-
Filesize
4KB
MD50a5c4d6eb51512eb30c3908ccbf13e93
SHA1a05a13cd1197096db6ba64b0231901bbb83a0c2e
SHA2563b4bc17cbaecfe752aa238e524b5280099947f8ab62d4088f1554d7b70100d05
SHA51258c41ca659bd98fbaa66f4f5fd309849c14ddf64596c23440e660de0fe93ed26db06ec88a28a8fc07c25c1553d73c7fd59c6f4b2330df1ddd1ada4f85f91da53
-
Filesize
23KB
MD57ab3a37d35a67630ae48dde1475199af
SHA1d474ee4d6f826c04f1502a37b3977fd00e8e7cf1
SHA256b3193e3cca8b7150baee1367dcdbaa3ba0d13b058e620c2a2e38c6fa729ed05a
SHA512495abb0d801f35a15705d42ca1d86225bda7136c172ef9ae6b3f21b3fcd5eeafe8249cedd7174f9b90434746954bba14e77b88357264e8b5d137748b571ddde9
-
Filesize
880B
MD52e4c5664f00242c97229b2f87ad042d4
SHA1d86932d351cf6ce46a97539782e7bf0e08daa830
SHA256006fa9278343a1110c154ced1da8d64d6c1f3b7f3fcd5ea4b45f47691025e527
SHA5128864c48d718ebae5279bc115fddf1435d7c80c969e9e9df24b3c1f6d4df996a1bcaea66d81a11f42769836f7c1eec4c6d8c0c8949a17b62a99034930fc074f40
-
Filesize
469B
MD577a6e1db35bf01bab8b1e5dfe89934d4
SHA13e2b40d11aade53ed40da04bb413e09b9a44e72d
SHA2569e60d5c97797b302c067e5cc175273657776a93dce0c134fa606e8f46d83f2f0
SHA51210ccb844d7e503809a79368c3869c9a40baf961a1e54c4e0ba3d00458374a1a2f1b56f1e245570fe1cb17d1dd4393a6fd49dae3a0a3d7f64238cb86567e5b458
-
Filesize
22KB
MD556a63f182b2938fbe3e59fbf9681dc08
SHA1b76578ca24fb20b8bd5dafad4296e5a46735a5e1
SHA25636edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593
SHA512b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
3KB
MD594406cdd51b55c0f006cfea05745effb
SHA1a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9
SHA2568480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e
SHA512d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3
-
Filesize
6KB
MD59bf87795c8b4c67e5f5cac69b049afc9
SHA1897509fdc9d51fdaf15055eaea802edbc4acddf5
SHA25624b6f89788d3ae2a0dbe3dbd571bc1faa776ef378142b88d65f15dbdde7386eb
SHA512259f94107cc76b8e0672bdbcd5c3e95654544909ba2d310a136d4d14d6ff82ace9cb850dfbf81466e833c8b01b44e8d36e26cdea29c1ad1d87bb47e1ac41b45a
-
Filesize
7KB
MD5ef6955fd111054266f75caab565a8cf1
SHA1aba89162e66e9598ca5a778215438320138b77b2
SHA25665596942d4e9feb32ccde4123ab44b2c2c360930a1b4c61ddb62d51bb2ee7e86
SHA5120af286df58dd9470761b1be7aa4b12f5b67d129426d928f36608b7e9c7e592d8d42e3bcef4fa1dc197fef05aa00ed601b0360a5b61ac135a785cb7d8acffd0f0
-
Filesize
39KB
MD5ab2cdf093eff336040fa1b2ab3939664
SHA1c9d6733bc2dc3e89eb1fc561c36528cffb0e0ebf
SHA2565a7170c05a275e0240beca6041ffe7d00372a389c7478d658d55ebc645bdf1e6
SHA5125f72971d6291bdaf23c2bb7469246e05d328172297db987c5699c55af9a555efd4904eab349a97e2bdcab13c9b60209b8ea62f90c98c4c5c9ac13c5f984b1e04
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
2KB
MD52871ce1ecdafb2ba5537c6fad99cf4cc
SHA1502605ff2c52c480cf662e8e96ad7abe7fb8d7bb
SHA256674bb35ee5ea94af2e695ac23aff3d65106da2e8c5bcc60c77c4e813c43e0fd8
SHA512cad152d3c8a0d327483df407c6d25248efde72f60e3c8d21b35d9e5c98337a63f5dd0b38952ebe88c5d968635046d210ce6bc64daddae41ba7b8249840f31f42
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
48B
MD5510ecc6fc370fa56bd3e4a3335971e63
SHA1f4dc445e18dc10d3729e6efdcd91b8d666913ea6
SHA256ce22e9d12ca1120e49a34448e0e72aab8f2d57e31bddda651238ee0dcfd82a63
SHA512835f0b53537cb4e135ccee33656b3ba9a8e752244d432d930ddc448628095908ef2130f929ea955f43625333708fafe0258399928b0ce4df438086495fcb7505
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
41B
MD5a59e572c3f27ddfff18225a10e886cd0
SHA17be1742620090424515d34a9a8bf2e2b5f2ddc68
SHA256b583e3a395f6bc29019a01994cadf43da0c25a617d7817b9d25d4c0a564ae861
SHA5128fa19e144489232b77510f0999ddbcca5601cb43f81780eab6de3d856f86ff198c47b47c90364055c776fc2829776874ae65d9def19205d600d9777f572220e4
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB
-
Filesize
4KB