Analysis
-
max time kernel
150s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-ja -
resource tags
-
submitted
07/03/2024, 09:05
General
-
Target
https://glarity.app
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies data under HKEY_USERS 2 IoCs
-
Modifies registry class 2 IoCs
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 51 IoCs
-
Suspicious use of SendNotifyMessage 48 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://glarity.app1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd099758,0x7ff8fd099768,0x7ff8fd0997782⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1768 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:22⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3056 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3604 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3856 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
- Modifies registry class
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:82⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5912 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5696 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:12⤵
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2576 --field-trial-handle=1864,i,15174625519448377772,10200372366008906177,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff8f96b46f8,0x7ff8f96b4708,0x7ff8f96b47182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=none --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=audio --mojo-platform-channel-handle=4728 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --service-sandbox-type=video_capture --mojo-platform-channel-handle=5496 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=244 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --lang=ja --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,6125330465772186339,231587055044017516,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6540 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
899KB
MD5c3153693d433c18c4f8a98879e3864fd
SHA148f64ee4f5cc8b92a344043bd7b41fcff50d60d4
SHA2567ba3592fd0158c91cf24764cc354253b70fa9fab6ca38a209aa02645e99a441f
SHA5121ccba9ecbc5de3be3bd3dcc5ce263480704e2ae1173b20d1c70602d703e235b4e5b8847adacbfadcc2ad8723d3e0098ea384a9858cea6d1b60609f44e2b2ae4d
-
Filesize
27KB
MD5ce0b8d11a00256be872539d386e3f8e5
SHA164658a28b3b3a52c5332c9e1fdb8875411a4f9d2
SHA2563a009c2e78435c0b5f5454d3a39090a76111f8dcdb35ae665332afacb6f2d83e
SHA51206fd4d8b19f485e8fafabaebef5f48217d86ff8d59a1889e3a47bc28eaafb23892fe0f85d4e2165cdfbe70761fc006c0650e7304b2534960ee8962fdcef8cb4a
-
Filesize
1KB
MD548e7e03483609d411b08d05fe716d404
SHA1c2ec33bcc2800390e57d2b6b622281ff7d197e26
SHA256d9f959741271ba475014b495bbaccbc0b11a320b6e7b6f21fe4a62622103fa9d
SHA512e6a1c42141bb98bf1323a9288c537bb6c38e781459798206dfaaf35de71c870ae6453d37ae873cf38c1f31edffa1a0667bfb8646b1a4173d30e08c154cc2a453
-
Filesize
6KB
MD51a6a5620be902b552115a131575311fb
SHA1a109ab82e20fdc699a27522d3449c3472407eacb
SHA2567d73fee2ba0f82feefe3511dbc3bae6d39ae180c8fe7dc7516c85828dad40aeb
SHA512dc017cc46bc2ae9a6a87a472de146221de9ef3a98653aea53e18521ed2bdd4fb0e2cfe323612c481ffd2624bf43800c565deeeedb9640eb383d9cb02d5933b2b
-
Filesize
5KB
MD5a74491b95b6745511072142d52936860
SHA1996b9628c278e8967065dd92300f53efb63d52c2
SHA2561afa10095e8c0b3c0592a76e91f07ca606d047740d72ccbb782ff76098dda595
SHA5128ea013450aad396c3e30adacdc0862b2b23265fc5b9ff176f07df44941ec3391418f15b651aad80c8ac3456d0a12208232f4d98295952de20c6aa88f4b8eab27
-
Filesize
704B
MD5d68ff1122d6b48e19fbdf9044657237b
SHA1ea8abe14f31ad999b03982f11eaf23ea33a9428f
SHA256ad93383b95cc9e70d549dd9f966ffe21019c8bc85587f3d8d422f7d8faceeacc
SHA512aaa89b296a45cd678cd6de209ec145a0023d2d72ceffd1db6ebebe77467812cecdf93f0d28bb1ab2e835009e562fec2d5ae4323e00c8e8d82ae4cbb44b184ae9
-
Filesize
1KB
MD588a39ad94733cecb1c12d3b2b602b631
SHA1fa8b42779660cc4bc4971b45e0fe88ac2635a820
SHA256902a10fa161381048f788d38347451f7299bd11b274836d647d6dcf4fe9456a6
SHA512bc48bdc7f8d93199b686520b59418fe04971588ff26060c7cc1730f0f5ea7f3b26a336bc34128fb7a2f82fe83e47ea355879e1729cb02aee63d0602952fd5d71
-
Filesize
6KB
MD5bf0221f94f8bdc4912a7d07d53a43561
SHA15d90b3456009bb3c57e5ee9f1bc52903a96e5d9e
SHA256d993bdaef8a8a5b13bd17ffe8ae5c0272819cd74da3aea8b407fb64565e7a206
SHA5124cba9051085a87032712fe263aade20bc306240cf6f566364155aac2e66ffdaf32031348e7bf9a3b4ab7932ebd4359aa5d0a7c31272044fa0a98437ae405faf7
-
Filesize
6KB
MD5c286d5b20ef8b79d40782277a33fcaad
SHA16acb37b3abd754639910f8d2a5752dd897fa84fa
SHA2563ba97a3efa2ca0b874bdf36b68751238c352f537db70225633e2f37cccb47e4e
SHA512d1381cf9033f33b2fdee3472b4de1ec9d7b386802814679766024f9c5b1531f075e7fcdc5a890bd59136145053edda76c48b82ff635cba5780175c780e90e4f2
-
Filesize
56B
MD5ae1bccd6831ebfe5ad03b482ee266e4f
SHA101f4179f48f1af383b275d7ee338dd160b6f558a
SHA2561b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649
SHA512baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038
-
Filesize
120B
MD54f4e39a8b6d8e7c61ffcc13d647cee2a
SHA14bb4ce2a5b4d31d6e56a0ff88e855b37d05d6bd1
SHA2562628fbb3ffaa34e89492e12bce6616aec8d97e7d703aead980fb3da0c58859e4
SHA51207cf585a059c1a6453e9d2c15d4b850be8e80a5ce89c21dbd1521d3be034c5a260bc749ab237fbe9fe617b9e1c5b960f645de22187473e65459a18ed1e50197b
-
Filesize
128KB
MD528fc9b754b620269f490a3d5d8019b8a
SHA1766c56a23de59ad2b38a097a41c6f04126bd8e63
SHA25652a0acd4fa3e59ddfa9d804de2f0c386f1241121677340a04b90e93c6a5a1465
SHA512a19f07fca8d5455796d2a23b088e4f2ba9718eba4f1b327252406f67ba5387755450e2981f532f9eceec1c465c3da7f9f3fb3b4faf610c020af4c126fd599abd
-
Filesize
128KB
MD5ae03cf5bfe9f7557dc1555fa6f588dd8
SHA1fc7ece202c79fff9eb50d85fb8c9dde0fc90de3b
SHA2569ef21ddeefc019463f6047f739a4f7ec3b793ee737dff05dc3c1dc85c71fae45
SHA512eb721a42068fc40ed32c6e8453e4fbe8a22b5a18279b9deecbf1568fa6c95b95b64878df6bd7ea45fe265b6820a8ca626bfbcb67225bb741f85f333d72cea6ec
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
152B
MD54b206e54d55dcb61072236144d1f90f8
SHA1c2600831112447369e5b557e249f86611b05287d
SHA25687bf9a4c3564eb3d8bef70450da843ae6003271222734c4d28d9961c52782e0b
SHA512c9e8d2452368873e0622b002a0c2f8a2714b5897a09475738a9f9740122d716a9f0d3841725230d58e039564c820d32a6f3a675a7bb04bd163bab53dcb4e22f2
-
Filesize
64KB
MD5d6b36c7d4b06f140f860ddc91a4c659c
SHA1ccf16571637b8d3e4c9423688c5bd06167bfb9e9
SHA25634013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92
SHA5122a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487
-
Filesize
67KB
MD588a552e6be1ac3978c49143983276b3a
SHA1dbf4f4dc62a3da564b1a87b5191dc9a72a9b9423
SHA256927121d8118a41fa3460b9ad84daeae59ea60dc9607e462b7e1341bea60da8d5
SHA512125b13be3d209ff5cc12d8f9f12d01d271cd50c2800059241ebb419167c21adfa9d979ff6b8d88052f5d302e98090b7c8ceff4894b397168d8ba6d8a6204fb9a
-
Filesize
31KB
MD5bece038422ccc92d498cdb88950ed3cc
SHA1743ef43ca2a84ec9d7a3aafd7550c3e6b0b48798
SHA256c8f101aaa8ced4bf4d49828c264536ce42759e1dbf926c0628377b4939eabfd2
SHA512b11014d24aec1f37ddc3160a5e15c8d17a365ee603e267405d38dd1afeb7e1df357b7ada92559ddec72df7d6e291dfce3f2b792320ae2a4f14e34dc2815933da
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
19KB
MD52e86a72f4e82614cd4842950d2e0a716
SHA1d7b4ee0c9af735d098bff474632fc2c0113e0b9c
SHA256c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f
SHA5127a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.1MB
MD5c16e0a11f55e205f4743d14c4720d9cc
SHA10f9d479274a52ff9bc3e058e12ae79cccdada2a6
SHA256e0397312126ef871ed1f1fecc36015082f5108b358dfc1b94abc9f18659e7ad3
SHA512935ced76c409f736497eb004d79fd1be5d2231a82a87fc8d06f4fc372efef720a77104079390da4b099d173d86641484b1533b2e4cb2656d26c01bb5130d8313
-
Filesize
28KB
MD51681f7b45b3da0054a4f2ec7a77e25b2
SHA16c5ed34c6fa8dee971f32338b882acb214200d4a
SHA2566f3de4a3ff2452f6c2b6ca5e9c287813885a34b999874870c5786a90f7e7ae96
SHA5127747bc94e2851ffb1da7e33fc5f54af3f73d20a5b288e04f3b3279ec9e251017aec74745f1c7ac4846a77832e61f16057dda8a514fe5eecad379baf27149dae8
-
Filesize
847KB
MD5856f7d12445b1cb8f9e58347496dd069
SHA1717fdbe58ed9a2bc12113e9bb8e66be511f3a834
SHA256bbd2eba2952c222b951d67beadd32f1d13ba19843641815aa3a460bf4d56fdef
SHA5122614e3f397c08907994f26ca03c2117312118aeb74b19538303d4e37a1a7208e880c429650cd3903b18f082affe348ebf805215b91198cdbc184b000da68bcef
-
Filesize
981KB
MD5c3f0e69c9a91eb85ecc80b13f5304d8e
SHA10f04585b065c64463edf6a142c32121903f17448
SHA2561bc0aa51211706c0843bd0d808a4ea6189dfea69da1f3fef771ca634bc1340d3
SHA512e6fc7a52218767c680149651666293f0a0389d832f0521683ae1f9e936b346ce11cbe8f0e96a72c3363208477db4c7dd0f3ba472b39a4b854ef9c56a8b6d3a64
-
Filesize
4KB
MD59b98d4e60dc53518f7090881067f8012
SHA14dbf19090a11d6c7d5a8f895fcd4c4ff8aa09dd8
SHA256356e191882f15ae794a60aff73e57e83b649cee8aa31950efd86781ad53db456
SHA512203ddb0e49ac30fea0f13cd99984fc3a173c62a182f446d3a6eea1a0e887dcc64296438bc574847e1654f6efee650dd979be27e96ad2c3edbbc06cb480585cb3
-
Filesize
2KB
MD56626e4277d0cae107b69ce39857447ba
SHA1114d7f806473913da5f9ba2c3892ad8e9795b9b8
SHA2567c7cd236357c20f0c8ab9f0352611e7df77cc19622610825c3bd40f6f1af8341
SHA512e48b369486f215c17845921da44b45bcdbf82ed2514d66d02e6bb7c4073092b1309228341dfaa14e437a7eade546a3fc454124f5f73b189a924584739e820948
-
Filesize
4KB
MD5a713410b262225458379824bc4f40de6
SHA1068d93e7ce71e120591c1e7377df71a4fd4d52db
SHA256451f4320e78c3c93083e1cee4d5295c0eabb159d8393ef7b86d30a57e26ed28e
SHA51260dab4c02c8e416ede28cdd397b4d59fb3c31fd177db2335f2d441fe02d905184c166107e3166766249f64eb1db6fa4e7bba553504185a2c7c060a379e2779e3
-
Filesize
6KB
MD5ffd342167956196eb8973e873ed2553d
SHA12ac9db3b2c9c693b2e1a11d0fcd630f7d8997233
SHA256b22c418fe2ca6b51fb445638c5bea2ef5cc690e7c2c761c1abeaf9baee1b510b
SHA512f52534deb6437374b404bba8ed8190572e99012199a482979ca9d51fac88439d2218073b6051898e85f7b86efc3f1c26b2931f86807167325696fb5eb1f24ec8
-
Filesize
6KB
MD5abbc6ad50ced9a5ca61f31451858ae41
SHA18b017d21413b42f4ecbc04fe1d917868759db303
SHA256dc61733d5628113e8da99c82634441d11282833940517198946d3c20dadcdf41
SHA5127839b1f267b4e8f9613b3f7de631ccb19121f5b4bb82e4dba3761cc52087d86e4388307fcb5d112e310409968140479536bbaf4c6169a01d110b28c398298b85
-
Filesize
7KB
MD578bda0f36d51003fe5e519b16527e429
SHA1d1cdf086dfd5e2e32cfd7fc9f7be5fecbc6a6a3c
SHA256a5c56119b230b8ac0ac344dc59a27fc2c614309c9fc4427114dddb20827ad372
SHA5124f72aac3a7593a605c7944db493247395b056d680cea19b278dcd4477263cf2c2cc0ec6f703b4200ffee6dd1ffa42374e0acfdb36ccea7da16d49ac2536de390
-
Filesize
9KB
MD5422d89d0e0694426b85d9847a8724e7f
SHA12757cb5c5d5cf2df7ddb237e129d5b3c6052af66
SHA256cc025fbf29de7d836735f440a9f1b02249f613f197948022e630e3b34e2d6327
SHA5127d07f7777e4416e2e47a77f36d9ae5cfbaf703d6bcf9422f5c975c94c984eff662af96204f411123b37e83ba0021424d88ddb3eca2379d646a237eefc6867f8c
-
Filesize
7KB
MD5acf27d7b5648d8103665674edecb9590
SHA11c20ec5fd96346fa532b4c70b05eac8c5f3ce2f5
SHA2568b4f771d26d01c695c1b512a4de244a027561092426741dce3f41803a7bdff4c
SHA5121f3164ddb6fff5ed269f880d9105053c62f6bce48d20c1da568aaf5050912b3262d81cd811b5b7221d74ca8a648e3c12c89d09e7a12d2ac0da2e94478bbba47e
-
Filesize
10KB
MD51f282f9e9c77b50bdbcc26a5a3476295
SHA1316bef634eb1365fdae84c98a1bc894d7b250aa1
SHA25637b998baa6deafc00035ea167a992d7605e128e6ee555fabb00178ddfcd6df0c
SHA512f99d91c427b04f9b309b018839965bdd8787233d183f46eb27544ae8c6cda73e224fb8279bb6b61bbbfdb742b453a87544e45e6dc622ac488d4145169d65d290
-
Filesize
9KB
MD5f56db7230f9fb27c280aa1336b1c3d74
SHA13afe602d1af716e082880ff7a59296881c88981b
SHA2564d4acfde9b9b46c8ee61421fa12db952834d35d708f8a2812006fc15e2292535
SHA512a533cbdbeddb1ff6636ecf382d39a2215a7de60363efb64c40a5cf31123275c8bd4a5a2a83f4458425d2980ec03453038cbafab16126bdc80c2093c794faf9fc
-
Filesize
1KB
MD548ac7096ad9e12039c49b183371b6eff
SHA1534188d1e20f32932f0492e63c42ea20263e0792
SHA25629d3045d8dc4229289fb2ef2b2ad5ff1c8024fb1c8bb49ae62c661aa3e610581
SHA5123c37986d60540c3feb2575aa1f7a9bc60af381613494cd5846334faf7f067c1d14321a5209a7a066da8f6308e2e3b5939a01460c824739e8f1718debe886ef28
-
Filesize
1KB
MD59cdbf6a16b7a5b1d52002f7362b9e603
SHA150e1b25ea18970e51b20187c8cb8f8e2dd6e7dca
SHA25667fc1afb5a7c82edf2c8a8de438d8428d80fb7b079adf59dda5e55a1c210d934
SHA51227ecf6b7d37967f7df8f026c9ee8a37d292a250377b762963671c4408e497a215c4de1558db4c07e59fc9ae9bbda955eb1b2fde3be4aeaccb156c5ef22762be0
-
Filesize
1KB
MD5548bc4cc1c820441e2b827ad181beec4
SHA1b7f94f5e1ef600d95546f65613d6a12888309182
SHA256e2b63c36afb3ddb80b0d6eab30ceaeffabec071e30231069985c29ebe32e8100
SHA5120f7e9769a4c455160f65e8bb2a516aa94cd7f744b0f88fd9b3c691e8e3cfa04a0d1cb8052e20226eb28fa5148dcf5d1927599acba81816b2252ceb3f96385e29
-
Filesize
1KB
MD5df5ca873ddc98d644d1cc00be8d1a47e
SHA1c3f563df0035c40a5ff0114b80360260aae52f9a
SHA25606a7e0494e3f45f028b46b6897695a1c5abef362009e2956919482d00f23430c
SHA5123ea6caf380342013ea47d1c9dfbbf5fb970b15273ec14f50f136bb25ea38a709851e7b5bd06e39d7af2a0454ac847a880fdea814beeccce6f446a5da4dc7a234
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5ee44e2623144c6c0b52fdab477383c2b
SHA13e396e05775d336eb75eb6dd3636bfe822778384
SHA2562011e90fdb7f51a7c8b97d19fa7f5213b8edb8de42d3afb35915dab6ccb252ca
SHA512115126615c46cbff55ebe3b74d0ae831510ca6d0809b60643576bb61c74e4c3d2e47551c0d4878e45912d790f253fa6e753364da836eb901fcd8f98166ec5471