Overview
overview
10Static
static
10Trojan/BlueScreen.exe
windows10-ltsc 2021-x64
5Trojan/Bolbi.vbs
windows10-ltsc 2021-x64
10Trojan/Carewmr.vbs
windows10-ltsc 2021-x64
4Trojan/Dud...an.bat
windows10-ltsc 2021-x64
1Trojan/Fra...n.docx
windows10-ltsc 2021-x64
1Trojan/Grave.apk
windows10-ltsc 2021-x64
3Trojan/L0Lz.bat
windows10-ltsc 2021-x64
8Trojan/Malum.apk
windows10-ltsc 2021-x64
3Trojan/Mis...st.exe
windows10-ltsc 2021-x64
8Trojan/Mis...er.exe
windows10-ltsc 2021-x64
8Trojan/Mis...RC.exe
windows10-ltsc 2021-x64
8Trojan/Mob...re.apk
windows10-ltsc 2021-x64
3Trojan/Mrs...or.exe
windows10-ltsc 2021-x64
MrsMajor2.0.exe
windows10-ltsc 2021-x64
Trojan/Mrs....0.exe
windows10-ltsc 2021-x64
10Trojan/Offiz.html
windows10-ltsc 2021-x64
4Trojan/Spa...rk.exe
windows10-ltsc 2021-x64
7Trojan/Spa...rk.exe
windows10-ltsc 2021-x64
9Trojan/XCS...f54ca6
windows10-ltsc 2021-x64
3Trojan/XCS...2aed41
windows10-ltsc 2021-x64
3Trojan/XCS...b54692
windows10-ltsc 2021-x64
3Trojan/XCS...00f6c1
windows10-ltsc 2021-x64
3Trojan/elite.apk
windows10-ltsc 2021-x64
3Trojan/mobelejen.apk
windows10-ltsc 2021-x64
3Trojan/vi4a.apk
windows10-ltsc 2021-x64
3Analysis
-
max time kernel
261s -
max time network
278s -
platform
windows10-ltsc 2021_x64 -
resource
win10ltsc2021-20241023-en -
resource tags
arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system -
submitted
06-12-2024 10:38
Behavioral task
behavioral1
Sample
Trojan/BlueScreen.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral2
Sample
Trojan/Bolbi.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral3
Sample
Trojan/Carewmr.vbs
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral4
Sample
Trojan/DudleyTrojan.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral5
Sample
Trojan/Frankenstein.docx
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral6
Sample
Trojan/Grave.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral7
Sample
Trojan/L0Lz.bat
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral8
Sample
Trojan/Malum.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral9
Sample
Trojan/Mist/MistInfected_newest.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral10
Sample
Trojan/Mist/MistInstaller.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral11
Sample
Trojan/Mist/MistInstallerRC.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral12
Sample
Trojan/Mobile_Legends_Adventure.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral13
Sample
Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral14
Sample
MrsMajor2.0.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral15
Sample
Trojan/MrsMajors/MrsMajor3.0.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral16
Sample
Trojan/Offiz.html
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral17
Sample
Trojan/Spark/NETFramework.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral18
Sample
Trojan/Spark/Spark.exe
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral19
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6614978ab256f922d7b6dbd7cc15c6136819f4bcfb5a0fead480561f0df54ca6
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral20
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.6fa938770e83ef2e177e8adf4a2ea3d2d5b26107c30f9d85c3d1a557db2aed41
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral21
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.ac3467a04eeb552d92651af1187bdc795100ea77a7a1ac755b4681c654b54692
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral22
Sample
Trojan/XCSSETMacMalware/TrojanSpy.MacOS.XCSSET.A.d11a549e6bc913c78673f4e142e577f372311404766be8a3153792de9f00f6c1
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral23
Sample
Trojan/elite.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral24
Sample
Trojan/mobelejen.apk
Resource
win10ltsc2021-20241023-en
Behavioral task
behavioral25
Sample
Trojan/vi4a.apk
Resource
win10ltsc2021-20241023-en
General
-
Target
Trojan/Carewmr.vbs
-
Size
3KB
-
MD5
b8ee793a9ab33e0d24ca757b384f6072
-
SHA1
a9a179c3e5ceb4c5b6208a97afcf1e4c9b5a8eab
-
SHA256
beccd7b2170bf034cce85c4e857107de8ba2e540ea5079fb3f3e7a8fedfc86dd
-
SHA512
2494a026e268971dd6e8f74d6835f8a8190a47b23d2473b29031982cccb56551fa41c9486401fa030ce762fb7863a61c9def69eb5fb17467bbc09d263b4b28b8
Malware Config
Signatures
-
Drops file in Program Files directory 2 IoCs
description ioc Process File created C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\e154d36a-1b79-45c8-b4d2-db04666be8b6.tmp setup.exe File opened for modification C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241206103903.pma setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\THE_HEURISTIC_OF_NORTON_IS_VERY_BAD_AND_PRODUCE:POSITIVES-FALSES WScript.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 3056 msedge.exe 3056 msedge.exe 4032 msedge.exe 4032 msedge.exe 2252 identity_helper.exe 2252 identity_helper.exe 4088 msedge.exe 4088 msedge.exe 4088 msedge.exe 4088 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
pid Process 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe 4032 msedge.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
pid Process 4032 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4536 wrote to memory of 4032 4536 WScript.exe 88 PID 4536 wrote to memory of 4032 4536 WScript.exe 88 PID 4032 wrote to memory of 3616 4032 msedge.exe 89 PID 4032 wrote to memory of 3616 4032 msedge.exe 89 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 4228 4032 msedge.exe 90 PID 4032 wrote to memory of 3056 4032 msedge.exe 91 PID 4032 wrote to memory of 3056 4032 msedge.exe 91 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92 PID 4032 wrote to memory of 2608 4032 msedge.exe 92
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Trojan\Carewmr.vbs"1⤵
- NTFS ADS
- Suspicious use of WriteProcessMemory
PID:4536 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.avp.ru/2⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4032 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffb7f8346f8,0x7ffb7f834708,0x7ffb7f8347183⤵PID:3616
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:23⤵PID:4228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:33⤵
- Suspicious behavior: EnumeratesProcesses
PID:3056
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:83⤵PID:2608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:13⤵PID:1808
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:13⤵PID:2316
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:13⤵PID:916
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:13⤵PID:984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:83⤵PID:3856
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings3⤵
- Drops file in Program Files directory
PID:1060 -
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff601d35460,0x7ff601d35470,0x7ff601d354804⤵PID:632
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5152 /prefetch:83⤵
- Suspicious behavior: EnumeratesProcesses
PID:2252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:13⤵PID:1028
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:13⤵PID:1584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4384 /prefetch:13⤵PID:3756
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:13⤵PID:1216
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1460 /prefetch:13⤵PID:2488
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1040 /prefetch:13⤵PID:4244
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,6106461050771428300,6652864566306941768,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2792 /prefetch:23⤵
- Suspicious behavior: EnumeratesProcesses
PID:4088
-
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:976
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4756
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5843402bd30bd238629acedf42a0dcb51
SHA1050e6aa6f2c5b862c224e5852cdfb84db9a79bbc
SHA256692f41363d887f712ab0862a8c317e4b62ba6a0294b238ea8c1ad4ac0fbcda7a
SHA512977ec0f2943ad3adb9cff7e964d73f3dadc53283329248994f8c6246dfafbf2af3b25818c54f94cc73cd99f01888e84254d5435e28961db40bccbbf24e966167
-
Filesize
152B
MD5557df060b24d910f788843324c70707a
SHA1e5d15be40f23484b3d9b77c19658adcb6e1da45c
SHA25683cb7d7b4f4a9b084202fef8723df5c5b78f2af1a60e5a4c25a8ed407b5bf53b
SHA51278df1a48eed7d2d297aa87b41540d64a94f5aa356b9fc5c97b32ab4d58a8bc3ba02ce829aed27d693f7ab01d31d5f2052c3ebf0129f27dd164416ea65edc911c
-
Filesize
70KB
MD5e5e3377341056643b0494b6842c0b544
SHA1d53fd8e256ec9d5cef8ef5387872e544a2df9108
SHA256e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25
SHA51283f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef
-
Filesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
Filesize
5KB
MD5d0fc6e8bf68be83187b35a0e45ca0caa
SHA1163ed461049ddea9b98b3e9abc9154793d3cce4c
SHA256baea78131a8c0ea41b4a2b4d15bd53ba17b750ad86fa9d1ebe9e251c92bc4729
SHA512e95d25220b0967c0470d3bfa41cffb0920010f1999f551a4f28ea932331c16222d98b2676d06755b1222714fdcccfea0c526d9b74c7e5ba17b29753c869f68fe
-
Filesize
5KB
MD561be969f146a86b3eab3a2b10d42a52e
SHA1f242444a4c17bf2b7e38d7be9cb015c8ef9f71ed
SHA256f255910d19f30ae19dd7cf8d6c55cdcd946afb01739e5796579a840a80ee1782
SHA5127204dc0ac7620af4edf657d715f420622b8f897dd86eefcdac65beea115db4c21d3c30a1bacd6a7971c6c3dc014787e4285000ad6d25faf1170725630d1290c7
-
Filesize
4KB
MD5a6284211926668f31bf3edd811055215
SHA155b70ce69b9aff9300ee561af0054d7b126acee3
SHA2563d2fb45f72f922eb88b6f410e60b0b047a2d5322643288b0285aa695f703e8ca
SHA5123f2e9e00d4bd3f42e95430486fe7fc252314353b2677e57cf44a4aa2e4e36ece6efe7b07258b08152dbc5aa4829420896bbe7e61ef4ca0369d6afdf4d1ee8bbf
-
Filesize
24KB
MD5952a6e3cbc50f011cf2f04c9470080ff
SHA1a0d6a2509af73e523c970f6e4351861bde63d6db
SHA256faa79ba7dfd140106187ab50f14aa7cca13650f94f796419bc0a44d7a2b79d5f
SHA5127955092a6086f05268e4b0f88648d9275020b6cad83f81c90eac5a7cd994cc243b8dfab579d4335db62f3577fd2d8a7fbefcad6cc615e2bcf1d014115056cde4
-
Filesize
24KB
MD574d9eb5260fef5b115bec73a0af9ac54
SHA118862574f0044f4591a2c3cf156db8f237787acf
SHA2567d7e7b38664d625a0bbffbcb7882b175709e92987bf9da113c4745fafbbc361d
SHA512b85917201b1d4b4542a4424ce40ddd083ddbd0e230e1931fe6f7cdd2aa3d8a0eec8daa743ddc5467f0a92da5594144c602081d941b216ca9cafdfd3c150d32d2
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
8KB
MD519e0bfeae54180f1d0a679949db32060
SHA17ce0e1b8286e16b2a4a005b3a2e32eb65b3282ec
SHA2565429e15ca05ffbdf832916b53200c2768208d11b6954426b7ba6b03e21a80789
SHA5129c8095d6b2a78952fcfcf31a0a8e0e82b0e050f8cef07d037f92d70a8f4a50ed846895a8b1e8a58f397b63f07f85cc275ee6c24b54a1e00e2889143aa8dec6af
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD5461eb34fae169900c95113230c0973a2
SHA10cf15e99a37ab606367d38d6dc34bf5c93646c30
SHA2560e42fb173b1c7c3c8c0503cfa42d3eb7685c75fdf5c063abb38990fafa5af093
SHA51284712834ac23d1d4d637bfe2b89aa6c4af9ae48c5b58b4936572b0d535d3e5663dd4852bfc607e5bbe427a09928af651aeb9b778dfd6ad644f938b9edbac3006
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize3KB
MD525cb346ae36e28624b764aa9ee0806e1
SHA139e6b77d32a234ca249ef3a7bd4a4e929393da61
SHA2563a797b5a9f4e1474595988c51f8bf6c5492a034b241fc103a0d2431511827568
SHA51297930e29222a7fea638f26ab91b926706f27aa6c78c3cc7670791af6d0cb8a6e5d311deda26f54b4e892b82c2afce85aaffcd5cf7f799394e6cb49be75269fa8