Resubmissions
16-06-2024 09:27
240616-le39psyaqa 316-06-2024 09:23
240616-lcyw7syajb 316-06-2024 09:18
240616-k9pt5axhjh 316-06-2024 09:08
240616-k397gs1frq 816-06-2024 09:08
240616-k3ytfs1frj 116-06-2024 09:07
240616-k3mq7axfkd 116-06-2024 09:06
240616-k27d7s1fpk 116-06-2024 08:56
240616-kvz2jsxdla 416-06-2024 08:53
240616-ktts5sxcrd 316-06-2024 08:53
240616-ktgtks1ejn 1Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2024 09:27
Static task
static1
Behavioral task
behavioral1
Sample
jfxrt.pack
Resource
win10v2004-20240508-en
General
-
Target
jfxrt.pack
-
Size
4.8MB
-
MD5
8dfebf0b78c6e3bf5aa5002ca9a6da1a
-
SHA1
1edee53b9e0af5d767d0051c2beccc474035024f
-
SHA256
0840d659560e62fcc41cd42dec9d7aedb8359f606097b540806452ca8ad05e21
-
SHA512
f9bf6e9558b52969ec152fbfebc239c1bcb7e4343b3dc58da5e7cac015d1fe75f255bd9ceb3fdeb86b2c05be62c62b552a25c94aba4091df3eaf163cf91da444
-
SSDEEP
49152:uCTbVLrqgbejNIJqcdTok/EWCdomwkX/YmYybyROodO0rW:1nTB/EmmwkX/YL2yRdS
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133630037270235329" chrome.exe -
Modifies registry class 2 IoCs
Processes:
OpenWith.execmd.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings OpenWith.exe Key created \REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings cmd.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
Processes:
chrome.exemsedge.exepid process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 5196 msedge.exe 5196 msedge.exe -
Suspicious behavior: LoadsDriver 14 IoCs
Processes:
pid 4 4 4 4 4 656 4 4 4 4 4 4 4 4 -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe Token: SeShutdownPrivilege 4120 chrome.exe Token: SeCreatePagefilePrivilege 4120 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
Processes:
chrome.exepid process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe 4120 chrome.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
OpenWith.exepid process 1256 OpenWith.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 4120 wrote to memory of 1612 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1612 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 532 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 8 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 8 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe PID 4120 wrote to memory of 1036 4120 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\jfxrt.pack1⤵
- Modifies registry class
PID:4440
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1256
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4120 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc9aeeab58,0x7ffc9aeeab68,0x7ffc9aeeab782⤵PID:1612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1740 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:22⤵PID:532
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2280 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:1036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:3988
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:4452
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:1752
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4660 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:4428
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:5036
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4496 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:3180
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4940 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:3140
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:1004
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4444 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:1356
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:82⤵PID:2772
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5096 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:448
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1700 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:3884
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4372 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:4308
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3992 --field-trial-handle=1920,i,9234125444364140308,846392827617896146,131072 /prefetch:12⤵PID:5740
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2852
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault787f4f24he734h4e7dha839hbd92c82c77d11⤵PID:2800
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x104,0x12c,0x7ffc9c3a46f8,0x7ffc9c3a4708,0x7ffc9c3a47182⤵PID:3804
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:22⤵PID:5188
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:5196 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,12614834626360918207,7530284261295684835,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:82⤵PID:5268
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5472
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5608
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\PreferencesFilesize
7KB
MD52883263e1cefac34a12308e289548381
SHA1ba0f123131000853605214c5711bcc876dd715ec
SHA2565908381d92342b665a775c9eae8463cb2e3be18f19297cfcb97721405d80cb1b
SHA5124801ad3838ce3d2d47ccb32ec7c356ea0f4d39b9b7bfbb60cfb7f446cfa21f82301081cc3869b0317fde10919b2d488f918e3bbc3fbf01a9e0afd7eae947170c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5a5685176689e5490293d92573f780e4f
SHA19a133c6c9569ccb3fe7de71708e63506051a6afc
SHA25660032f58fae23de41ef4407a612db65d73f84a604d5875e17012b2bb492002c3
SHA5129cda2da99987bf63890f225bfe0a29a8e0a949b4f12b28d964ab90f057a3e6b5ba8fad2c227feafdec44d40ffd9f9af8b5d742fa989ad184adaab98824ee1806
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local StateFilesize
257KB
MD5bb3b0a89cc6dde5d0941c43d28f10398
SHA110fd7bc6906556470374c61857d1c8fc696b8bce
SHA256fd08fb386a34757658eda09f6cc8f38716a6d9e8da9e6f70f16e8443ce63e41a
SHA512ac44c34187520294119c3079ce805ce3f5dfea3f6542e9fc0c55065fef43a006ac3560ca0fa4ccd082e5503cf4f4f937890857dbef39af9045572cdf9d02493c
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info CacheFilesize
92KB
MD5b1e7350378d87f1ae173e466346c7e3a
SHA1733b21dc194190945f31b0c1099d8e56fbf71b76
SHA256613a542b0a0357d3fc65bcad971e759d0f7d8fe0fc45331e86d4ceffcff7b3d4
SHA5129cfa676c71ad91c01597beeb273fa715008ae0ed8f44a5e5454b3f5f64a08a0ac9434b989049f00de501afaa173f3c26e19b1f172436eb744eb19be115faf172
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5898ef.TMPFilesize
89KB
MD5087bc06b695288bd6a61f8b640f5c636
SHA1616dd9810e04e470289719fef0f66dbccc27c70e
SHA256550a159cac837a3ded20ef28463b79c5599a20278c3d5a851b335d58ef8804f9
SHA51210b15107a74c7ac3898e8e37b1a04a339a2d9360ce528c80a075bed51665b14046db11b484253df2b39533b4a5c2258040da1f16429664b5245004e2b46a1162
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD54158365912175436289496136e7912c2
SHA1813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA51274b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
61B
MD54df4574bfbb7e0b0bc56c2c9b12b6c47
SHA181efcbd3e3da8221444a21f45305af6fa4b71907
SHA256e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377
SHA51278b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD591d4f68c57a54d09aa032220f3058d66
SHA1d0c5c72148fe5cb618d1a3059f125c2e67907154
SHA256b889b529755ad66ca3520698a9e50ba0b6a2dd4538c7167bbbaec61281d6a681
SHA5128586a7c5e246861ed20cf03306cd16f71e68dc29f23a219a6ee2489796635319a68d4fd6a228ecce645e77112a344d35d3044a8418fbf262403b9c78f3521256
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
8KB
MD5d472b079d9f7f8f848b5cc2d25e3d466
SHA170c6d04206f1686907a6230495ad223f2042e49f
SHA25632f642540294f0081f424d5d604901d158c361734e35de03dcc407250f68ff95
SHA5122a1736b48adecd4cb6d9c3c277bee578166a84efbdb6ddf6346d77aacf897cbebc8f63f1216d7d5e84c991da51b4e46e173172e9fcbca3a83b74248bf4d6aa10
-
C:\Users\Admin\Desktop\ApproveUpdate.jtxFilesize
609KB
MD54deb0003801cb20dbeb2614024ca8a2f
SHA19b2f7f2b249cedea26b65f03839f1d1d091c01d7
SHA256f266f5dd7649ec150c0bfa8f2a2d59cf2ad25a133d6fa608b2847c612b1d04d5
SHA5126a4921be3b190b3b34e5d09daf02d9891f47b6466ec60984f53fa7f0a769c39e3047a709622cf2aa455b791ff4ebc826dede8b4a2d216e900c8f27dd6c1344ba
-
C:\Users\Admin\Desktop\CompleteResize.wmxFilesize
470KB
MD53cb1164936f2a7f63293a90a30ff013c
SHA1d0ac2a2d309760c2491f78ff9e19dcea86fad9da
SHA2561df99625e8b16c81d95704a91eec692257a6fe2777c896809836f2e229fa1086
SHA512cfac4aaab74187e322c44cf1f27e5112c582786ff6ac2e0ac19b25c73230a553a2abe3e6435822c8549845c017f09bad5081af5f2dfdda843b6e98b75e9e1ef4
-
C:\Users\Admin\Desktop\ConnectPop.dotmFilesize
992KB
MD5c901f56fd67cd74237f6cf6f148a65fd
SHA1a1ad3207b754698725210ae9c105508c270aa140
SHA256629232938c319679210732b99a2944a6886fd914a5124f21e11c92707f5d84df
SHA512b1258e7b71e1a70d360b2a79f4be85a48ab51ecb54ef3152445b87882e6f939436f5ed6f41c6719bd975e516be5392a46410d858a8a30e2a70b1e5703dfcf250
-
C:\Users\Admin\Desktop\CopySave.vssxFilesize
888KB
MD5b16e58ffe89b1e92ab7ff17e6fc55f7f
SHA16f4c83d08b345aeae1f6c9c9d5f5216b808d3812
SHA256e699c7c47c2a10c7b8d0b544aa9757a58057dc04adf588805c921aa64822eb3f
SHA512dacf40f9838ef85be3bcd024958c77c1634c2d0b56442770a4b7003d0aa505d1c7bcfa0ce34e3a715b6bbfffab5347b7ef4bb4917d1f9639ce420cdebd6ea58d
-
C:\Users\Admin\Desktop\DisconnectMount.emfFilesize
365KB
MD58d776fbd9fb81c86bffc7db239f446e2
SHA11c5ae67761d6bf1f400fd4b389e55db8f4142d4a
SHA256f2287fda69694058c3f44dac89cf6478984c0c7e987d90a6a828486c1d3cadf8
SHA5123effd16ede8659a71c25c72a3adcd65bd4ae6676e5756464f857524c1ff737c3491bb4cce182fb2254d14db2b1b22f4300abd0b044493b3d576280319bc75950
-
C:\Users\Admin\Desktop\EditInstall.gifFilesize
539KB
MD5f521be148938c6c0956771bf68e9a53b
SHA1fc6a552c0adf696dfb4edd60d519c7b112aae29a
SHA2566b79818efdd8c7b3fc1f74c028488656dfba05061ba17513637f07c75b2f040c
SHA51222b0146829ce3c7128d041d13900d43acd9f5ff207171fe119abb2251314d91af5c0bdb2b523bdb0c48f3c62b19b50887aad701da69c281f110c2065f805278d
-
C:\Users\Admin\Desktop\EnterSend.zipFilesize
505KB
MD5ff04175b1cc572dd1b4cd7682fc2f445
SHA185f98ff5316401c27f0b91de59d9cba26538dd44
SHA25683f472b9116585b79f6b4bb1d3f6a2c59cbaf3e62ddeae9505c9de186b01b9c7
SHA512be3b5e4d7e7a8075ecb30f99c3013db2e0227765798b0acb2ffaff5403b1c0cfba5200e28b77de57f40ee129842f9e432b2d680e54a2614f35f97595c3033b18
-
C:\Users\Admin\Desktop\ExportSelect.m4vFilesize
922KB
MD51ce62e49ae99ddd3cc98226d239f91b8
SHA1535e5fb4f6e2cc9676811b08877593ff8a2667eb
SHA256adf6259d1cafff65fefb4138975a075aca364a85b0a41ad92697951075078701
SHA512a0ae7c16efc5419e363b2446cd7f80129051be3ccf9acb05a17d0ff7a2db721118fec1ab8a9443a3c365a4f0d60b7d61d9944533e45254c4882e7e0caed5072d
-
C:\Users\Admin\Desktop\GrantResolve.rmiFilesize
957KB
MD55b971b43199bc97885308220511ac2aa
SHA155b639e9cbae01a92a0e81abebfbd333701d8c0e
SHA2564a52d69c1b220cdbda075be145abf14ff02dfa36b62c86f5d8cb6c91b920ddfe
SHA512869a0ceafe08fcf3ec35e75562785a3832cb313c32693bef792b74f9ea305ff8761f241fdca59fcf6a0b1cc41572881f6d1ec43409e4d14af6b072a1eb6710d9
-
C:\Users\Admin\Desktop\RedoFormat.exeFilesize
818KB
MD51d174021c811080d75ac9cc87e209eb4
SHA18ab2b9269c13f9d08ff8bd754761b183de54db31
SHA256da3f4bc000df1a90e8e5de20c8b7ed34649b04ce9b3bafe1489680c7de799f5e
SHA512708263ad1ca98f48946a02cf67efd8656ccc6dc3b2e307d8dff26edfdfb450ef24f5b5a99f58827bf265e946dc63d3fa5a2b75bb7f1473aa57c83e2c65d2d6b2
-
C:\Users\Admin\Desktop\RedoSwitch.wmvFilesize
853KB
MD58aa811416942052342fe3ddc323233b7
SHA166227428649d396506a4bcbfa97228c063acba18
SHA256d01ebf9f74a2c74b245d772d28fe093d056a49024d43cbd33fa4af10d0d1bab3
SHA51248791276dd8f3e40e35dbad1ce77fac9f39d46926a28f9e448f488ad957d43fbb4d74f5c85886e73657b1e7bbfb20b315a2726c82c49592875045b8f081639dd
-
C:\Users\Admin\Desktop\RepairEnable.mpaFilesize
714KB
MD5f1b7fba6b9a8103eaca989d7aa14ac98
SHA1bca7ed7ea448e0673baee9bea72de5f840f39fff
SHA256789bf4ad1bbe93e5e00d6e47ce0d8990f9867b852c85318d5ff3e11406b4baad
SHA5122356c402b2c689d0ed83f6d496b23d16e8332b9b1926a39f6edea9077f45c854528be84df0f40b3873b8fa8ec71eb936aa442c91bb34245921f22b66d15d4d5f
-
C:\Users\Admin\Desktop\RevokeApprove.emfFilesize
679KB
MD584492c8d3d92038736286a27695f108c
SHA1366453d19eeda8610cf54eea2e833fc65e5d158c
SHA256e985baabb3da52f156a4a51490240b64cf743449f144650762172e83f9b63ba5
SHA512a00776ef388a3c42539e7a9a5e2a8fb538b51b732ea7b08d96f072a07e0f4c6d58246293aa6c4f2ce9a98b3c7b4971958b94a8d140e6fd21a4f968a940ef71c9
-
C:\Users\Admin\Desktop\SplitPublish.bmpFilesize
400KB
MD57565ee3fe10758ef70a88a45c3ab79d7
SHA1d8a7a04d511f18bcf59e8c8287a337c57ec47f07
SHA2564a062c4d43e7d73d892a0eaf85004b417ee061ed46ff106b66ddfe85de89a718
SHA512d6a34adec27aeaea417f901c0242d2d8e42226bdf3231f20e18c7e5b9f34f7e916ce57ee8b69553a942ebef31919518ca229b58f52e5b7d60caa58eaff3b194e
-
C:\Users\Admin\Desktop\SuspendCompare.tifFilesize
1.4MB
MD552550c2f92421d5fadff5f02721c0f5d
SHA18971101297062db4bb243c2cff051328e0c6bb45
SHA25667d32b60d92b3d66424ca70fffecea9a9121ff372aaec0de0b39a45c8232295e
SHA5127687a94f5f9a3474ef5ce8f77c79b5f563634df8414e1069414f621fe7bde4815ea8dafbb94a8d10eaf0f71ea284133eeb95095d84ef8fea558d5b2b8dc30259
-
C:\Users\Admin\Desktop\SyncOptimize.oggFilesize
574KB
MD5d34af3aeb784b4e2d96855940c10baef
SHA1e11fa76499b87121d25818a8784ae318b99ba299
SHA2563b6142086abad48e675abebb23b301e1d6c98f4099c82235630b04946320912e
SHA5128e785e87d47f26f61a77f3d64c48139ffd64e4bf112dd4b4556a87bc401fde3ff2f50678886574b5343d2318e2ccaa2d9d8da1763311c5f557ae642256268cb2
-
C:\Users\Admin\Desktop\UnprotectFormat.dxfFilesize
748KB
MD53d07e29e80335df371710b0c574fb787
SHA1ed8806f43480665aea3bc3f279b4edb44f9144be
SHA25631d737af6b8a2c514e5bf9eeb5023005f39b5b9d5ee05bda43a4c297bbb1af3c
SHA512c89c4a04924d7e2c8a8561447e633f39a33a2d0d85dae6e0914a93a5078ed09acefdc68606cc9620cc9dedf05e8fd934dea6547b73a11a3a893832484f89af22
-
C:\Users\Admin\Desktop\UnpublishFormat.vssxFilesize
1.0MB
MD5de57c4ab3eeee5441b09c572969bd582
SHA1d932a986237b8b1b10cf4810e9a5fc96d0c0fcf9
SHA256942885d289f7c9461fa75e64312a786a1157e5e631d427b35abeb42419a0228f
SHA51232d26853b42fd84d4c6b85dc653d3ad0f9b7af07751ee91dc6dd950b246016b81f5e024ef3fb4e3cea347e91d6dbd7650116b09ba5715b53d2284e4972091329
-
C:\Users\Admin\Desktop\UnregisterStop.tiffFilesize
644KB
MD55518b9c6ece0ee3a23a8aac24d79f5bf
SHA19f1179a021e8698b1ce3b665754cddab7a16fcc3
SHA25644ab8823383e337682b5075f6698034fd54a496a61a4cd8f80c1a6786e957f7d
SHA5120611553e125af1ba9d881c0be30fe017c8d389dd4ac04f885b168977ae83bbcd5c8b81a6d9de0e9ada07fa8515a1f53f8f182e53b7d4e028b2e1548d86fb703b
-
C:\Users\Admin\Desktop\WatchAdd.dotmFilesize
783KB
MD528bb33836847dd3cc4527dade2c3b1be
SHA1a2ff0e4ba5d534df208ce92b8b1220cb41079933
SHA2564ca4cb4674e9cb65631908955665b3c4a578c62b44f9e1d3ca0af59b7635fce7
SHA512962d4aeca8f31d9920d48fb6a4238c786adc2864ebe7b096e2eb0e689ab63d067bdbc5e25ca99343b58de092c30fc27bb90e72c1e90f80fe9385125fa73f7c46
-
C:\Users\Admin\Desktop\WatchConvertTo.odtFilesize
435KB
MD51c6343b84a03f13e28aaf08a5d59afce
SHA121ad2995d2eb2566f39f5417c35871d68c408fca
SHA2567ec071e38d3f81c3e75284c934f36f8a335761c6a5a5135e82ae61be088e3c4d
SHA51217654d9e7d7d59cd5dc059fbaba0ef88c8c63dd2637da1886580a5c925be4959604b5f4c74f2b0223c0340b79de0b8e2ecc4373b680bc5fde5fc7406ebff535e
-
C:\Users\Public\Desktop\Acrobat Reader DC.lnkFilesize
2KB
MD5a62f85ded507d9e3b6201ce2026832d2
SHA1e56e290431ab577db73c9d92da8463c765ed274c
SHA25697cf7e3b3e9ba6f2606cea6f879576497b96224eebbc9506906f6507f91650e0
SHA512387b648828c1619ec2063ba14df67b3197b382e9139b75cf05919301f1a3742c84c72cb39679f3cf41f604811ee87947f3c18ece47230b01fa41e3bd82b96987
-
C:\Users\Public\Desktop\VLC media player.lnkFilesize
923B
MD56f7965131b5e962a9635819f96160aa1
SHA1aa2a5ec1bb2339db835982980aaa5373be687359
SHA256e7f9942bdf76a6e7c4c4b1b5ad49ab1b8f597a2a00dbd0661cf1f87facecbea4
SHA5127b9f49699eb98382256c6585ab8a00faa567c5d9abdd1f9c7869716a5081a6ef7c49b527451be05f1c05586a861cfb983b869d055341b780d5890b7389dcace2
-
\??\pipe\crashpad_4120_PYCWTBLCMMYKHMZLMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e