Overview
overview
4Static
static
4McDonnell ...al.pdf
windows7-x64
1McDonnell ...al.pdf
windows10-2004-x64
1McDonnell ...IT.dds
windows7-x64
3McDonnell ...IT.dds
windows10-2004-x64
3McDonnell ...gs.dds
windows7-x64
3McDonnell ...gs.dds
windows10-2004-x64
3McDonnell ...as.png
windows7-x64
1McDonnell ...as.png
windows10-2004-x64
3McDonnell ...er.png
windows7-x64
1McDonnell ...er.png
windows10-2004-x64
3McDonnell ...zq.png
windows7-x64
1McDonnell ...zq.png
windows10-2004-x64
3McDonnell ...RM.png
windows7-x64
1McDonnell ...RM.png
windows10-2004-x64
3McDonnell ...RM.png
windows7-x64
1McDonnell ...RM.png
windows10-2004-x64
3McDonnell ...RM.png
windows7-x64
1McDonnell ...RM.png
windows10-2004-x64
3McDonnell ...ll.obj
windows7-x64
3McDonnell ...ll.obj
windows10-2004-x64
3McDonnell ...ts.obj
windows7-x64
3McDonnell ...ts.obj
windows10-2004-x64
3McDonnell ...in.xpl
ubuntu-20.04-amd64
1McDonnell ...in.dll
windows7-x64
1McDonnell ...in.dll
windows10-2004-x64
1McDonnell ...nit.js
windows7-x64
3McDonnell ...nit.js
windows10-2004-x64
3McDonnell ...rds.js
windows7-x64
3McDonnell ...rds.js
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
05/05/2024, 17:37
Behavioral task
behavioral1
Sample
McDonnell Douglas MD-80/X-Plane MD-82 Pilot Operating Manual.pdf
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
McDonnell Douglas MD-80/X-Plane MD-82 Pilot Operating Manual.pdf
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
McDonnell Douglas MD-80/liveries/Alaska Airlines/objects/tail_LIT.dds
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
McDonnell Douglas MD-80/liveries/Alaska Airlines/objects/tail_LIT.dds
Resource
win10v2004-20240419-en
Behavioral task
behavioral5
Sample
McDonnell Douglas MD-80/liveries/Alaska Airlines/objects/wings.dds
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
McDonnell Douglas MD-80/liveries/Alaska Airlines/objects/wings.dds
Resource
win10v2004-20240419-en
Behavioral task
behavioral7
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_alas.png
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_alas.png
Resource
win10v2004-20240419-en
Behavioral task
behavioral9
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_cola_der.png
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_cola_der.png
Resource
win10v2004-20240419-en
Behavioral task
behavioral11
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_cola_izq.png
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
McDonnell Douglas MD-80/liveries/Northwest/objects/md80_cola_izq.png
Resource
win10v2004-20240419-en
Behavioral task
behavioral13
Sample
McDonnell Douglas MD-80/objects/cockpit_instr_NRM.png
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
McDonnell Douglas MD-80/objects/cockpit_instr_NRM.png
Resource
win10v2004-20240419-en
Behavioral task
behavioral15
Sample
McDonnell Douglas MD-80/objects/cockpit_overhead_NRM.png
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
McDonnell Douglas MD-80/objects/cockpit_overhead_NRM.png
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
McDonnell Douglas MD-80/objects/cockpit_panel_NRM.png
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
McDonnell Douglas MD-80/objects/cockpit_panel_NRM.png
Resource
win10v2004-20240419-en
Behavioral task
behavioral19
Sample
McDonnell Douglas MD-80/objects/prefill.obj
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
McDonnell Douglas MD-80/objects/prefill.obj
Resource
win10v2004-20240419-en
Behavioral task
behavioral21
Sample
McDonnell Douglas MD-80/objects/seats.obj
Resource
win7-20240215-en
Behavioral task
behavioral22
Sample
McDonnell Douglas MD-80/objects/seats.obj
Resource
win10v2004-20240419-en
Behavioral task
behavioral23
Sample
McDonnell Douglas MD-80/plugins/xlua/64/lin.xpl
Resource
ubuntu2004-amd64-20240221-en
Behavioral task
behavioral24
Sample
McDonnell Douglas MD-80/plugins/xlua/64/win.dll
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
McDonnell Douglas MD-80/plugins/xlua/64/win.dll
Resource
win10v2004-20240419-en
Behavioral task
behavioral26
Sample
McDonnell Douglas MD-80/plugins/xlua/init.js
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
McDonnell Douglas MD-80/plugins/xlua/init.js
Resource
win10v2004-20240419-en
Behavioral task
behavioral28
Sample
McDonnell Douglas MD-80/plugins/xlua/scripts/md80_safeguards/md80_safeguards.js
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
McDonnell Douglas MD-80/plugins/xlua/scripts/md80_safeguards/md80_safeguards.js
Resource
win10v2004-20240226-en
General
-
Target
McDonnell Douglas MD-80/X-Plane MD-82 Pilot Operating Manual.pdf
-
Size
10.7MB
-
MD5
f2c327db933222b3c8e39cc577e86274
-
SHA1
fbb8e8f6425c12e04e3b331179eebfaac2b6b2b7
-
SHA256
7d02a3b417be6e8c4157659cdec45a20fedd44cab05ead91bbb819be7a696120
-
SHA512
8c894eb00513c4c7a1b7ecd9f93b8edfc4b2d0f2053e54124bbf63f5cd66eec6196561d3700277d82437bbf57d1719f3e751bdd5d0dd9c6c5c163f41baab4f7b
-
SSDEEP
196608:/IXRjmAndmTnF/uttQqJ2tw+WIoWF4MRGQQJbhVI7Ig4CG7hMP9KevW:gXRjmAd/bmxHZq9+vW
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 AcroRd32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz AcroRd32.exe -
description ioc Process Key created \REGISTRY\USER\S-1-5-21-877519540-908060166-1852957295-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION AcroRd32.exe -
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4564 AcroRd32.exe -
Suspicious use of SetWindowsHookEx 6 IoCs
pid Process 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe 4564 AcroRd32.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4564 wrote to memory of 1516 4564 AcroRd32.exe 94 PID 4564 wrote to memory of 1516 4564 AcroRd32.exe 94 PID 4564 wrote to memory of 1516 4564 AcroRd32.exe 94 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 512 1516 RdrCEF.exe 95 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96 PID 1516 wrote to memory of 4480 1516 RdrCEF.exe 96
Processes
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\McDonnell Douglas MD-80\X-Plane MD-82 Pilot Operating Manual.pdf"1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4564 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=165140432⤵
- Suspicious use of WriteProcessMemory
PID:1516 -
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=16BB547CD62DB970E694B5499CF3F0D6 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:512
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=296E45E2899EC43BA4F67DF823F60449 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=296E45E2899EC43BA4F67DF823F60449 --renderer-client-id=2 --mojo-platform-channel-handle=1752 --allow-no-sandbox-job /prefetch:13⤵PID:4480
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=0DC65CCD3B108E8296ABAA89340EADE2 --mojo-platform-channel-handle=2292 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4008
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F4E6CE4C83208E75E03DE7EDF82D23ED --mojo-platform-channel-handle=2432 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4028
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AEDA37D67A66DDC193F88D1879F30270 --mojo-platform-channel-handle=2536 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:23⤵PID:4988
-
-
C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=659BB538DB8D622DE852B4A0EFD342B4 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=659BB538DB8D622DE852B4A0EFD342B4 --renderer-client-id=7 --mojo-platform-channel-handle=2372 --allow-no-sandbox-job /prefetch:13⤵PID:2800
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3124
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64KB
MD59a34911278fa515209d1636ce25d8323
SHA169689dfc2f910e91192961396a64ec29835422c8
SHA256690988fd2ac757433aa04cd1e94bb84a85146d5a3ad59176ef24dc94112d634f
SHA512ae5616fce210e5415cf9f81e92055a28e31c9eb38a46b9d763028a64276caaf6ca566b6b3fd69bd0f34b8a8c5f2385710892f6de3f0653df4a12731a4f5bad03
-
Filesize
36KB
MD5b30d3becc8731792523d599d949e63f5
SHA119350257e42d7aee17fb3bf139a9d3adb330fad4
SHA256b1b77e96279ead2b460de3de70e2ea4f5ad1b853598a4e27a5caf3f1a32cc4f3
SHA512523f54895fb07f62b9a5f72c8b62e83d4d9506bda57b183818615f6eb7286e3b9c5a50409bc5c5164867c3ccdeae88aa395ecca6bc7e36d991552f857510792e
-
Filesize
56KB
MD5752a1f26b18748311b691c7d8fc20633
SHA1c1f8e83eebc1cc1e9b88c773338eb09ff82ab862
SHA256111dac2948e4cecb10b0d2e10d8afaa663d78d643826b592d6414a1fd77cc131
SHA512a2f5f262faf2c3e9756da94b2c47787ce3a9391b5bd53581578aa9a764449e114836704d6dec4aadc097fed4c818831baa11affa1eb25be2bfad9349bb090fe5
-
Filesize
12KB
MD5ad438d80bfd77c9e0d37f62e01be4ffc
SHA1b761cba0c24a61596aadf60cef65441160553f1b
SHA256ffad5b0d864f41652daff920448ae16c511eb48a6ed7d2c1c01c50d2974b1e6d
SHA5124d9616b1b0d88a6ac85c43bf09eb0d542c0bb6914712642fcd8b91e62637972b64457c6493eca8d26f2f99a307c9b01288ce2e4abfe455716789531c54be1f12