Analysis
-
max time kernel
146s -
max time network
182s -
platform
windows10-2004_x64 -
resource
win10v2004-20250314-en -
resource tags
-
submitted
28/03/2025, 13:17
General
-
Target
Proxy Manager.exe
-
Size
108.4MB
-
MD5
4a2fb12eb37791fd76e7fd8ab3578632
-
SHA1
107035c99fb584a123a01161b98e93f73aedb3bb
-
SHA256
cc1b4d769b1df73b4f0b1af9f6e7cfa18c39cc674fbfea75c5cb918c205b4273
-
SHA512
b09c46e0f39ff08595508b1352048e63346a9161a9b2a58e5331d6770c9e494c468ac64bbf991ed4d71a918fafe951aa5f99a61dc9dde559e66a60b1a867ace1
-
SSDEEP
1572864:Fl3+8ndkdcGsiccaEZBg0HAmbfkfgvl1sqBDs11JFOhesOBUr57XY6NBzUQVbmT8:L3+8Seok3DqThc6EYv
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Drops file in Program Files directory 8 IoCs
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 7 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Checks processor information in registry 2 TTPs 9 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 10 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Checks processor information in registry
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --field-trial-handle=1704,16955707124734532532,15609199212910831878,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1708 /prefetch:22⤵
- System Location Discovery: System Language Discovery
-
-
C:\Windows\SysWOW64\tasklist.exetasklist /nh /fo csv2⤵
- Enumerates processes with tasklist
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1704,16955707124734532532,15609199212910831878,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2112 /prefetch:82⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exeC:\Users\Admin\AppData\Local\Temp\resources\app\node_modules\ps-list\fastlist.exe2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\SysWOW64\cmd.execmd /s /c start "" /b "http://127.0.0.1:22999"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:22999/3⤵
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://127.0.0.1:22999/4⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x20c,0x7ffa398cf208,0x7ffa398cf214,0x7ffa398cf2205⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1896,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=2240 /prefetch:35⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2208,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=2200 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2556,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=2708 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3524,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=3552 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3556,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4244,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4280 /prefetch:15⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --extension-process --renderer-sub-type=extension --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4264,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4288 /prefetch:25⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5240,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5036 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3564,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5408 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5160,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5176,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5580 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5356,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5372 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5320,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5316 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3436,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5260 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6376,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=6364 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5256,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5264 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6564,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=6528 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6720,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=6736 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6712,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=6884 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7040,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=564,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4428 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4640,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4588 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4628,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5804,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5412,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=4624 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=7088,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:85⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4956,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=768 /prefetch:85⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6048,i,11832079390947323383,8035236601542689642,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:85⤵
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe"C:\Users\Admin\AppData\Local\Temp\Proxy Manager.exe" --type=gpu-process --field-trial-handle=1704,16955707124734532532,15609199212910831878,131072 --enable-features=WebComponentsV0Enabled --disable-features=CertVerifierService,CookiesWithoutSameSiteMustBeSecure,SameSiteByDefaultCookies,SpareRendererForSitePerProcess --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2164 /prefetch:22⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160B
MD5c3911ceb35539db42e5654bdd60ac956
SHA171be0751e5fc583b119730dbceb2c723f2389f6c
SHA25631952875f8bb2e71f49231c95349945ffc0c1dd975f06309a0d138f002cfd23d
SHA512d8b2c7c5b7105a6f0c4bc9c79c05b1202bc8deb90e60a037fec59429c04fc688a745ee1a0d06a8311466b4d14e2921dfb4476104432178c01df1e99deb48b331
-
Filesize
43B
MD5af3a9104ca46f35bb5f6123d89c25966
SHA11ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8
SHA25681bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea
SHA5126a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1
-
Filesize
134B
MD5049c307f30407da557545d34db8ced16
SHA1f10b86ebfe8d30d0dc36210939ca7fa7a819d494
SHA256c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54
SHA51214f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780
-
Filesize
3KB
MD5f9fd82b572ef4ce41a3d1075acc52d22
SHA1fdded5eef95391be440cc15f84ded0480c0141e3
SHA2565f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6
SHA51217084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339
-
Filesize
280B
MD5fed4ab68611c6ce720965bcb5dfbf546
SHA1af33fc71721625645993be6fcba5c5852e210864
SHA256c41acdf5d0a01d5e9720ef9f6d503099950791b6f975ba698ccd013c4defa8c4
SHA512f9ab23b3b4052f7fda6c9a3e8cd68056f21da5d0fcf28061331900cac6f31ef081705804d9a9d4103ee7d9c9bdb6aa4237987b7e821d2d96cd52da24219e55ee
-
Filesize
280B
MD54013ebc7b496bf70ecf9f6824832d4ae
SHA1cfdcdac5d8c939976c11525cf5e79c6a491c272a
SHA256fb1a67bdc2761f1f9e72bbc41b6fc0bf89c068205ffd0689e4f7e2c34264b22a
SHA51296822252f121fb358aa43d490bb5f5ce3a81c65c8de773c170f1d0e91da1e6beb83cb1fb9d4d656230344cd31c3dca51a6c421fda8e55598c364092232e0ad22
-
Filesize
3KB
MD5a5a5c5bc6ee31b17db26d81dbed283c6
SHA16ab10c194157c540ba2cb3f7c02b9542f5e3233f
SHA256edccd5e0f45eb91f0ad971ad6ddf333a8196dbcfd85d4f13e9e6caa1885f83b7
SHA512c34faa6b53b1fa47199076e83429f84b95a376f45366db57475daef279cd880256d8c16311793258af09d19909cb96100a757155278cdfeb2b26847e5ebbb023
-
Filesize
3KB
MD577b05d6978ed44ef56ad887bde61e395
SHA14289391635507493f609256d6e7ded97c3739ba1
SHA256ff77b658520df0cb00ac3ba1c3a4c8def24de4593a89d2bbd99b9fca7938a623
SHA512fac3d54f7d1e44c87f5baf1d3e47a1aaa6960732a618e9c94f918d6269fde9f26043ba393054979134a98a71c49129bc96122fa91f2d6fd4b9424624407272e3
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
69KB
MD5164a788f50529fc93a6077e50675c617
SHA1c53f6cd0531fd98d6abbd2a9e5fbb4319b221f48
SHA256b305e470fb9f8b69a8cd53b5a8ffb88538c9f6a9c7c2c194a226e8f6c9b53c17
SHA512ec7d173b55283f3e59a468a0037921dc4e1bf3fab1c693330b9d8e5826273c917b374c4b802f3234bbb5e5e210d55e52351426867e0eb8c9f6fba1a053cb05d4
-
Filesize
9KB
MD53d20584f7f6c8eac79e17cca4207fb79
SHA13c16dcc27ae52431c8cdd92fbaab0341524d3092
SHA2560d40a5153cb66b5bde64906ca3ae750494098f68ad0b4d091256939eea243643
SHA512315d1b4cc2e70c72d7eb7d51e0f304f6e64ac13ae301fd2e46d585243a6c936b2ad35a0964745d291ae9b317c316a29760b9b9782c88cc6a68599db531f87d59
-
Filesize
2KB
MD59ede2742307066d8e2db6d309ba2eb0e
SHA18d45c1a9865dac32191c9a530c91e3dbac321b23
SHA256ff70a048fdd5f0c89de23afbf3408a8dd78b6dfa499b2c185cdd7b22fb5c36b8
SHA5129c319aad9e6bd3122ab2415d3b2a119b8f2db979df67b4fe821a92bcb3638d8741be0009798d349ebe928675b1309e44f0bd78b862dff6b9271e06822505fb8a
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
14KB
MD5035015664942b5c2d571cbd24211f8a3
SHA14b9dffca797be66c5b1ee0dca7d0b34ed0d236f3
SHA2561ce20131652504bec6b1927eddd4e3241ef61bacb28e277f2ddf7cb810240173
SHA512d828facaf8f8729e0b9d6d6d06183735c4d14d885ee7dbadb74cd598954ae6cde872cef7429a06df9ec4d290514cbb4aea6f11fe752794b568e84a5c43949c82
-
Filesize
14KB
MD54e963045cf22817484d9f57620a200fb
SHA1b9af22a1e782eae219c782eb1a310293c95145e6
SHA256e9daba67a392560ec1ff04e76ea6b0e6bd20980b5d117a8ada415d357fc036ec
SHA512313a6f276a539c79c1779849db58f83e238facbde754f1f35096b83e449014746bb18412c6e2be242a15451952bba23c4a7268d7e682675f7ab5287d6cd34ab2
-
Filesize
14KB
MD59467aeec189cdb3e5f2480ed7d5a2117
SHA1f70c7071b2934ccaede7e12e3fee5a6135de642f
SHA25610b5082d4651e5ee7ad77160ef3457e2dc6145c54afc73ecc7f3861bdcf94699
SHA51297f15134a9e360e200289f706aae8ec4c493fafbc57f13d7465552490be7ae678607458169f85e6146bf83afc1b4bdd8a5359423fa68ac87b65e74d0e70c9b32
-
Filesize
36KB
MD56c9b1a6587c4b95a5a355197c56427dc
SHA1460e636033a0ab28aec86d0483cfc807824ff63b
SHA2565aac4c163dea1490dd56dd98610e6ac1a828c884323462efaabb17fadcae8330
SHA51204c6766d946a284d9a5d08c1adc6599baf95a623f0df737118dc1bd3bd88e4a4fcf77533efcc1568f98d3c039fe16c22ace41b5b9ebf3c7ffe69fb103b705bc8
-
Filesize
4KB
MD533dc617d585444683857618989dc2fe5
SHA10f5b36630ec4fabe6d91531aa7e21803c61066a5
SHA256a44fa763ffdd4b34600a5eea3238b2a391bf80da48d2413e08cd3ef782e11a15
SHA512abe8bdd5390472a681362fe8d2bdc4018adc41654b7fd0eafb27cafe565aa92b5212b92ddf7fe85d987ed9a2f98cef505957fe258ff42b66f3f3b7a0d90a82b5
-
Filesize
880B
MD5d7310b88fa5923536318013ce07cbbc1
SHA12fa374e8c18f920c7764031179127f372e7c43f9
SHA2562969ac0926164099c988e4d463ba58f49cf29790abc47cee77cbe8e23c8436ff
SHA51261c48d435f6dca2b0d53f9a79866f23524ad966be05d6f941c303352ec6e1b9be9146dc0eb8d98deffa792052f5d402789c7c0cb976ec23ccd55f3c3fafbce5f
-
Filesize
23KB
MD5f52575295098b93dda91dff226d3d69d
SHA14e3df1e4981f61985b479e26dc6d3bce56b6667c
SHA25635328b077d657bba3a7cfbcef40914880e88a510eed1253dca7485a90ab75ba4
SHA5129f8d468df6b472f4291f930908dadcc5f4e8f6dfad26ffe8b5875ed729d40654946f435a91dd9f3dbc3e217860b60acca680fa1209c27ffbe4e0f0f07af56c8e
-
Filesize
469B
MD54947005ad2bc4b1cffc743f89c4f263c
SHA1f5a8ea524a8e135c0752c4a9d213c444ef086ddd
SHA256d2cf74547cd2a87afaef7a83e2859e9e0162a26a8a3602ae2dd45a24c5d5a730
SHA512fded6e87afdfb29bcfd032c3be12d4c5d181862a007ef19e4716d67d77b0b1faa1333eec8ba2dbe01ba5e4f3bd0dcc52a6e8c16f97bd7cc5e89b3b189c4b3bb9
-
Filesize
22KB
MD556a63f182b2938fbe3e59fbf9681dc08
SHA1b76578ca24fb20b8bd5dafad4296e5a46735a5e1
SHA25636edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593
SHA512b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8
-
Filesize
3KB
MD5c7569efb2fa9fe93c0ea2f0896f54036
SHA1e231c700b778b624f6065b035e5803fdd8b4db4b
SHA2562422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f
SHA512c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f
-
Filesize
30KB
MD51f5ba56388a3f78593e445c5bc804526
SHA19fd3b09b7111e98f7832bb6f7d2de3df5ba9647c
SHA2567368e28ba84ef7b9297002dddf91dba1a3cc1331a1ff43cce2a5e0a5d99c3736
SHA512efe9ad25aa2f18f998078c84371f468efa0a70db99a16de6f82541da115092f91f19817a5560fe5e0446cad76057e669c24ffb3c6fba36eb70e35e61e58facbb
-
Filesize
6KB
MD512074af1bd251b914f76e6948f6d408e
SHA1563de44a093398a73e0988fd4e54e0c72a408a20
SHA25611c61a8774a6cf5b545efad24aec2c3e3473e8fc60bb41ec2d7b7db5f321e665
SHA51214a299ecf5cb8356aaf78225dbd576c594109a9a61bae3975fee2ee53a0d06340f923ab26466bba521473350995093c0b3da4692a4476e73b4b513f54991a079
-
Filesize
39KB
MD586733e4aaa6ddde5d0affc3b4a11e72f
SHA1f099f44fefefb5aec6a29c7554fe15060173ce36
SHA256779df871576d47becc2a47f05a59976e406c27f957b8944aaf9edafb2612b242
SHA512808b1c922f1a64f4f73108739c9888c1a97822415d04ae122702c94f2422b0252ea9da522ce4f9f39b2d82b822758537d209330d5b072391371e4ffc787df63a
-
Filesize
7KB
MD5e69aa1a33510b8c77bfa4ce3193e2ec9
SHA158510c8edbf875f3ef0623cc5d114cbe56e4d6e6
SHA2563422ae9b656eab0e7fd9a57764c7757a1d7cc59cc40839e21ee1353bdd1d8e8c
SHA5120e2b510da25f2f585e23434e8fb07a35f44b9b7f4a356d75519c21e12a086579049c9052c2aa70f25497bdfb9d53aba0b6563f82295dbe9e3835f404a2164d16
-
Filesize
2KB
MD5499d9e568b96e759959dc69635470211
SHA12462a315342e0c09fd6c5fbd7f1e7ff6914c17e6
SHA25698252dc9f9e81167e893f2c32f08ee60e9a6c43fadb454400ed3bff3a68fbf0d
SHA5123a5922697b5356fd29ccf8dcc2e5e0e8c1fd955046a5bacf11b8ac5b7c147625d31ade6ff17be86e79c2c613104b2d2aebb11557399084d422e304f287d8b905
-
Filesize
152KB
MD5dd9bf8448d3ddcfd067967f01e8bf6d7
SHA1d7829475b2bd6a3baa8fabfaf39af57c6439b35e
SHA256fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72
SHA51265347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
10KB
MD578e47dda17341bed7be45dccfd89ac87
SHA11afde30e46997452d11e4a2adbbf35cce7a1404f
SHA25667d161098be68cd24febc0c7b48f515f199dda72f20ae3bbb97fcf2542bb0550
SHA5129574a66d3756540479dc955c4057144283e09cae11ce11ebce801053bb48e536e67dc823b91895a9e3ee8d3cb27c065d5e9030c39a26cbf3f201348385b418a5
-
Filesize
41B
MD5a59e572c3f27ddfff18225a10e886cd0
SHA17be1742620090424515d34a9a8bf2e2b5f2ddc68
SHA256b583e3a395f6bc29019a01994cadf43da0c25a617d7817b9d25d4c0a564ae861
SHA5128fa19e144489232b77510f0999ddbcca5601cb43f81780eab6de3d856f86ff198c47b47c90364055c776fc2829776874ae65d9def19205d600d9777f572220e4
-
Filesize
57B
MD558127c59cb9e1da127904c341d15372b
SHA162445484661d8036ce9788baeaba31d204e9a5fc
SHA256be4b8924ab38e8acf350e6e3b9f1f63a1a94952d8002759acd6946c4d5d0b5de
SHA5128d1815b277a93ad590ff79b6f52c576cf920c38c4353c24193f707d66884c942f39ff3989530055d2fade540ade243b41b6eb03cd0cc361c3b5d514cca28b50a
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84