Analysis
-
max time kernel
327s -
max time network
325s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
12-08-2024 12:04
General
-
Target
https://www.roblox.com/home
Malware Config
Signatures
-
Browser Information Discovery 1 TTPs
Enumerate browser information.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.roblox.com/home1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff969c346f8,0x7ff969c34708,0x7ff969c347182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5784 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5800 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3088 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6116 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5756 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5948 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5724 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3884 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5284 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,7542560478078035517,12991451238798916704,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2032 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD59e3fc58a8fb86c93d19e1500b873ef6f
SHA1c6aae5f4e26f5570db5e14bba8d5061867a33b56
SHA256828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4
SHA512e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e
-
Filesize
152B
MD527304926d60324abe74d7a4b571c35ea
SHA178b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1
SHA2567039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de
SHA512f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd
-
Filesize
21KB
MD5a6d2a865e9f16ea305950181afef4fcf
SHA1082145d33593f3a47d29c552276c88cf51beae8e
SHA2562e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2
SHA5126aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9
-
Filesize
37KB
MD593acf02790e375a1148c9490557b3a1d
SHA178a367c8a8b672dd66a19eb823631e8990f78b48
SHA2564f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423
SHA512e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e
-
Filesize
37KB
MD5a2ade5db01e80467e87b512193e46838
SHA140b35ee60d5d0388a097f53a1d39261e4e94616d
SHA256154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15
SHA5121c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8
-
Filesize
20KB
MD5c4b8e9bc1769a58f5265bbe40f7785ef
SHA107ff14df16d4b882361e1a0be6c2f10711ddce50
SHA2562786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192
SHA512a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad
-
Filesize
18KB
MD52e23d6e099f830cf0b14356b3c3443ce
SHA1027db4ff48118566db039d6b5f574a8ac73002bc
SHA2567238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885
SHA512165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717
-
Filesize
17KB
MD5109a8cceba33695698297e575e56bfad
SHA12b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053
SHA256dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d
SHA5126d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3
-
Filesize
57KB
MD5919d13ecf08e3da7e9f337e7b60d6dec
SHA13d9bd4aa100f69cf46ad175259edd6ce9864830c
SHA2569d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0
SHA51298d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985
-
Filesize
19KB
MD5f5b631335f170065edf1b148e10b34d4
SHA1ca34f82af577fec763ed38f0436d20f1cf766f62
SHA25699be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846
SHA512c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7
-
Filesize
53KB
MD5cfff8fc00d16fc868cf319409948c243
SHA1b7e2e2a6656c77a19d9819a7d782a981d9e16d44
SHA25651266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a
SHA5129d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b
-
Filesize
73KB
MD587072383304763c71d16025d3a898612
SHA1f34f19e0a6d9b53326e7774399e7ff0e048fedcf
SHA256edabb95a5876af517ac9805b9b71f4fb77b83d6e34a56876788364156df1c1e3
SHA512fe266993cb04f43cd8216fba5fc5cf688500ec7cec40f2eea8cfed524503d0b2802e2682dcd860b7385d9e7087a3647cdd90c9e73d6b66fcafae07a5a11d2d7e
-
Filesize
137KB
MD5a336ad7a2818eb9c1d9b7d0f4cc7d456
SHA1d5280cb38af2010e0860b7884a23de0484d18f62
SHA25683bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3
SHA512fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327
-
Filesize
23KB
MD5bc715e42e60059c3ea36cd32bfb6ebc9
SHA1b8961b23c29b9769100116ba0da44f13a24a3dd4
SHA256110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745
SHA5125c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc
-
Filesize
4KB
MD5f3ed7785eea4af9b9d70573e44ae1915
SHA1522035c78a726e16779f0e3dd2886ff095fd0699
SHA25630dade960aa5d8ceb0074b143c9faba9d886a239631c4b2dca2aead37e312a4e
SHA512e3b10108eccf95518ade0fac62b8380e5b9756d315a535936473a54fb29335093bad1a46f690ae41beab9dfe698187f01871bea561352d1f6af97b71d04ab493
-
Filesize
1KB
MD5f2ba1569253b07964f294ee69d88a9a9
SHA198310eed5584df785619cf793e8db3f8cb1d9fd3
SHA2567a7dc2fad4c949ee587ee1045ca3c057ec7459dc7cfa498e823cc635a02f715a
SHA512eecdf35f3c63b561ef3b9ea5f0977397f5b378a683f2e7943b5a488c27f945a79eb4c9316d02be476d46a31d862b0cc551abf9fb96bafac99c93075f12acc9e8
-
Filesize
1KB
MD54ccc88d2ed002649aaee234479b50cb4
SHA18e15ed3f2df9c8f4b8867f53f3ab32eec4509e19
SHA256b2006a0d1bec43aa49f762e4affd74cd3247ba0842d419bfc87a3c8599c22343
SHA5121d6ad7eb7efc6df3ea406354b94b8ed027c36a9b5e9cfcfb8c16abffe5b0d3d02cae5152f5d8f656bab5232c0fb6666859b7c8a9075f9765dd8bc97d585368fd
-
Filesize
1KB
MD51db2cb96b990d8252d8a77d38f0ca7e5
SHA140f151180885eef8797b69e0b738d9629c657d9b
SHA2565e8a0a18c49b61a82f62752bb9b5496ab453e969ecb0713df02fe9a50e5f42cb
SHA512b58438e6e9a9e8b944190c08a55cef472c79caac67cc30adc9e325105a53ac7ed35be9f5739d92fc869570e461b141098db8e1c328c7e57b28a6d32ab8327d96
-
Filesize
6KB
MD5d0522d96ad760f2a08d4dda5e3e4d47d
SHA1d2a782e0074cd5ea058dfd188971b17b462f5193
SHA256b22876f210d5191762be38a88c4f28e8f518d212902105ee67c3e5908e7e8393
SHA5126216fe643e52cb80958a1c8d8d5a9d6ef5ef3bf79309ca6972bd3e49d311497a9717d1980615c23e89f823608552f12396699799418883c4e05234af5a922a51
-
Filesize
7KB
MD5767c7d5090d5fa9e23922a391c305fc7
SHA1a1e5905da293ac5e8a5cd9311e46b15512bc8f90
SHA256ef25e6e65e15ea86bc466b6df04591d47147e3455d52719d3cf766efedcedba9
SHA51221c77b0f15a3d54a38e0cd87f04a2b133888d6d75e6c0b0cfcc06f9690759ecc3780c7f6ccae41542ec7b6db3f9743f2dcca7c2f9f58da458c8edcc5d78e6ae4
-
Filesize
6KB
MD551462b44d2072dfaadc9c2a518d0e6fb
SHA1424798745fc92a42a3d4af5c5828d61ea928feb0
SHA256ed0104e21ed7f5e85850f6058482549c99f7785676be4b9f7ae5917b3d4d1e0e
SHA512748dcde9282a615eeba1ea9d6a5782eb68ccdb8d2800caec7969084225e00bcf92caa2d3784fb8e4c8158575570a4adf0767e15244e87cc55dfc8551d0696f89
-
Filesize
7KB
MD5978cbb6b3461173f09f941ec6d2e5e39
SHA13ebbdeda5bf71794d87a7949796bf7e1586b8132
SHA256a8bd4446961e3120e9b1c14e5ad7b2a1bae41da54626061c9eb9b23aebbac92e
SHA512a4a9c8247fbbf9e6a38ee61e94e00d1ff2eaf300f883c7c84e984ca68b8cca7dd7dd9e9a92f3429f9b60152e5ca0fb0112722949c81d912f3be328989f4de8bf
-
Filesize
7KB
MD59fd89a4c76b65a8dd24ae57b6245c3ec
SHA171cdc67bd0e4147ed2fa6508a43d2f19c82a50a2
SHA25636bda2b5bb047c91068fa726a462620c546cf648355dcdcd78a0668d03fa0420
SHA512c13bcd4ce9e97aea5cb61533d1a0f1709178c692f17db44c83ba6bd9c86a727e672d8d565f6684ff2bb772fb5706f0025e047257d154658f1b15e92c90954f9f
-
Filesize
7KB
MD53bbeeb44cdb288398790a5f68de75b82
SHA15698218e35268fc1cd2ef391a4248b3dc4e7f4a1
SHA256fa3e8a7379b3eda2fc71b1a65a03d845af1f4dfc599528b4323cb20c9a785e1c
SHA512bcddd2225f73e2da061d41cf88ccf5a4cded9c5296685ddf061609776df7fd6db0e7988fd4feeccd6513e8777da08bb47767a08260256dfc7160f489477f6fe9
-
Filesize
1KB
MD5dc34b0e44bd0c3bedb3c140b5848b145
SHA187a38925df64ce1d17b02f7f30e3ba8cedac6a71
SHA2567c43d7595b2e2231d456bc7741bda8786ece1fad1322f1d5a6a9e9cccd15748c
SHA512b6210e7eec8167f1e633710aad919d73ae9440c4a635d1317a3a4c5a763ac3146cc14bf64a4c4c043ee916a8e77060e8f9966c5bdaa3e1d9f7b253d324a38d0d
-
Filesize
1KB
MD5a68171123aacadb7c442aeaf1d24f50f
SHA18cdadd3d8df68b8d935a199c36cff64e9a1979e0
SHA2565a42da1683cc1c13287f21f79c803aa712d180130cd49f8d4021270857f11f0d
SHA51231e07eb0536b5a69fcab3f1e27ab32ab735e63f2a8b2cf729f2930c7c5f09a66cf67b05064fa2a00a20d4ec77e36c29bd3c59de9d59581652552338ab94629b5
-
Filesize
1KB
MD53e6a7b39269479a42f468e2721a6b570
SHA1a5bbd0cf8b50a0bcfeb230549b21297caf427d3d
SHA2565e9d55e59fc2d53590db0cd22f86601c089e42a56bd8649f3d1a8756389c5576
SHA512e08bcaa6d3188a71ad0fbba1ba074059512a528e1660faf09f5c14cc1f27fe18343fee64b3757ed445ed8fbf84465e30cb5fbdff243b96e8ed33f0f4f53ddba5
-
Filesize
1KB
MD59a7d0525b599d7e7f056454d4a018303
SHA1f25ef9307d22ccc1b06359d82f72f371eb15912e
SHA2566f28d9545d96ca241a981be3ee41bcad906b4d73a90454d0e0bc71489f812eba
SHA512eada408cfbec07a9f831b1be002246c80297f9ffb673057834a334a8caaf5eb92cafe3ec4025c51a8079af87cf840725183d9d7faebc3898e46b1c6d565fcfca
-
Filesize
867B
MD5a2a8ac17a8bf64ad22f957620d388019
SHA1af8aac87e6cc234ef0b46144652ed0ef51f26432
SHA25614e98eb3bccb49a0a677b6fb0e277426282f8b9b833d1fb1b9309ef76e6755e6
SHA512109bf0438b8e49e9e77b1032eca504581c8ee11714267b37014a0dc219073badb5b05f1a8d731b68b77be90ff84ae2e3bfa5613480745a40c36a58509102d53c
-
Filesize
1KB
MD5d70fe0fdeaa8196ccede9c436216ec87
SHA185180e6351cce3c9771485ee749c4bbdfd6ec947
SHA256f74605c9810357ee462b179ebbadbdf1fd0e8b8c5a97f68ba58fb677ce785fdb
SHA512dd388c1510bae5ca454a657562ed3c857225b2ce4f4bd4191c477dc3afd7f6a2a55476bb0cd9cbb62047bbf44c9037af6175bb563b457abc47460dfb9de54827
-
Filesize
1KB
MD54aca92a9cbaad35de18e533475fd193a
SHA1de6d8d78b7f9702beb60ff58249bf39f85a2559b
SHA256b46d046a71c2526491753efaa786faf7f3a3c1befac45db55d483afeef73bef6
SHA512149af514036d34421758efe121add89970fb054c2821c579a3058745b812bbe4e2f0f77aed2241c9ff1cef3f496dd9eedba01f475637148343ee70d1c52540aa
-
Filesize
1KB
MD56edd34c163d23cd10f3752cf821758f0
SHA1d7dd9676e86d28cb7429a3db576931f5bb540b22
SHA256c0894200689e5007dd167b5a44f7198dbad0b54e12fbe7394f96913b3facf3e6
SHA5124880a347e517b513fc2c4e3675aad31c92a874943fa46bf6c4dca4d60f41546713b80d4c26824a498dd19a77bb25ed3337f7911920182eccccb1b8aa94b3b84b
-
Filesize
367B
MD5ff6e5ef0987b3ea4b69148e122095ece
SHA1c3136d54534d654dc1770a0f9461b26928e9d595
SHA256e53f88215bcca91f80db70d6a5f79a8956092b2f07d15708a679a066e0df5c88
SHA512b5823c3ed8aa4aea9046bd05b01c28f1a9db4421b4de1eb43d0d257f8544c44bb6130f8b8a489f09ef2d350dc7929ce4d495ab916db86be9c5bf0a4050b0ee78
-
Filesize
7KB
MD5ed86d617a605095d18df353fb97024d5
SHA1583313d045dffd138c20cb26adba817564cfe920
SHA25626de3be6e6eb70e08d63fef159c73fb50fff5acc1a7b96397de6cc4eebbf78d3
SHA512f1b3c083c86bd7f0d785c5333cf57b048833651c0f9c67d80ff5d4dc89e6e094c36dab8f7df5de7fcab2a67e2d6ec4b4c6d0a9aeefefbe8f078bd49c0b7c16e9
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
12KB
MD5524974c08b6b448433b1bc081ccffd4b
SHA12a9f3c8fb6663449b1a7a3586ce9ff48e58405f5
SHA256a2c9b80dbd147531dd271a2e8d5cb01f2b8abd37f8a6c4fcf18b98f1c8e8c491
SHA512c9962a26713c8750258c358ca8749ca012f87b3a8f36db101c0b16a919582814b79078aa0c180c4f3718951ce09640fe5a44be57cde90f63cee41cdfe9ffb437
-
Filesize
11KB
MD5c667e2618173b4243d13925c239239c5
SHA12b521eda46df451e52fdf50e52a9c990674c9d6b
SHA25648c9c6620ddda901f1c58f3f9ad9c6aadf72c7605de4d80f3bbbcff5f3ea194c
SHA5125d039b7f5008a200c5ad0e1a120773ff57ab179d08d5902ea441828b45e43bb74f1c5a546b1183c262f7f23de9cfa6733ae46d051497ac0055eae2b5ce545103
-
Filesize
12KB
MD59c375c35f926419dfc5da3c41a94234b
SHA1db8837b28a54bc6c65988388297d6439163646a7
SHA256906a8c2e50eb2eba98097c6b4e8273a531eaa22e7f30f60bf65bbc3e5bd04564
SHA51270f0129bcddc0b254251695e6c5bb9ad80e3d9c8e0c5b074a676a6faa3cee578fc6fb1ed2e57861057ffa886b0b0a97d4c28c1769f64e45102e0a76aec599edd
-
Filesize
10KB
MD5d24c55404f90f690dad5e1074f485d09
SHA1807a715884fab086166be9de0a46717f69cdf8a2
SHA25610192d92981623e3e91c914265d94d4ac9950ff1ee940f4db9f0ecb16068a9e6
SHA512edc735f42c6a7b539b05c87bf76729017004eafdd5469fed61459a56ec8e1671bd75419d7f1b8809a1b19c832660be5d70073fa614427216bf2a874e1dd31391
-
Filesize
10KB
MD50aaa600a6d309c082f069688a48245d6
SHA11faed47f747913787fbfc98a46a0bdaa2a137b46
SHA2565b554abe563c9b5e13a670afec934e61fa1e7eaf76bfc93396ea86c5f53b9ba8
SHA512161e6c3cc70fdb329ac7e61c0b6ef0d692754c45c2f03a27bcb62eab5e778ad16e1b58ee8dbaba468ed34d7126e8ca6a4435c16c7a760fe4e9ebc9b641af154d
-
Filesize
1.9MB
MD5de709c6a7507012cb9f9d479178c014e
SHA1b0f3e3c64a123bdee87682e7e29173d57823f9be
SHA25612e5e0579388e0db6dfe2107302a73357b44d96b6997400506f528da10d6cf78
SHA512928e7e6218bb5a03f87e87c58713b8c82ce328e6e977b94c5c0b9952edc7105d9de0c051e248f560f110c87af794d3c85f2c7bb6f4f0c59e777d44262e9ef92d
-
Filesize
264KB
MD5826c0b485c0b15e96519dad948534d5c
SHA18a7391c939032184e7c7c4b0a2243a53fab677d9
SHA256bb5d563c7958492ce352e5b81b000ba17daf100ec61253d1ce43e50bf7ca840f
SHA512dc1a053169c7dede8853af3f1e85da8fa8599c7d64ca29d477850838cabda4f0ff70bb070b74f439920989fbae70b49c76b2840ca8d6093b48fec565dc069a3b