Analysis
-
max time kernel
151s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
04/04/2024, 17:48
Static task
static1
Behavioral task
behavioral1
Sample
bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe
Resource
win10v2004-20240226-en
General
-
Target
bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe
-
Size
233KB
-
MD5
bec10af9cf14c64c346e094782c62251
-
SHA1
462bbbee006a3075306a99e01d650961d8f7ee09
-
SHA256
81150558d7ec49f939fe7712adde551e902811835edf16fbdde9a4ad535c81b2
-
SHA512
df8f1238367a715fb75e30e71da7b80e44b0e8fd27d321c6ea26b68287c3fad8c53d85b4c58590911bcf5ef031345202420d8a905c7b03d6d1c5d49e8314c052
-
SSDEEP
6144:AajdMJb6SqIqOq2eJCdlCgyVQr1kXZonNtqq:92JbM2yYl9yqkXaNoq
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
pid Process 2108 bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp 3876 bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm 3916 GOG.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe" bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe" bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunServices\GOG = "C:\\Windows\\GOG.exe" GOG.exe Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\GOG = "C:\\Windows\\GOG.exe" GOG.exe -
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened (read-only) \??\B: bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe -
Drops file in Program Files directory 64 IoCs
description ioc Process File opened for modification C:\Program Files\Java\jdk-1.8\bin\jar.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jmap.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstatd.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Internet Explorer\ielowutil.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jcmd.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaw.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\dotnet.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstat.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\kinit.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\mip.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javadoc.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javapackager.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jjs.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\keytool.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javah.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\7zFM.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\7zG.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javaws.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Internet Explorer\iediagcmd.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javap.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jconsole.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\extcheck.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdeps.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jstack.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Internet Explorer\ExtExport.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jdb.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Internet Explorer\iexplore.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\idlj.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jps.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jhat.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\klist.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\7z.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\7-Zip\Uninstall.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jinfo.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe File opened for modification C:\Program Files\Google\Chrome\Application\chrome_proxy.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe -
Drops file in Windows directory 3 IoCs
description ioc Process File created C:\Windows\GOG.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm File opened for modification C:\Windows\GOG.exe bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm File created C:\Windows\GOG.exe GOG.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Modifies registry class 3 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2 GOG.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\WinX = "1" GOG.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\legend of mir2\NowCount = "0" GOG.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe 3916 GOG.exe -
Suspicious use of WriteProcessMemory 13 IoCs
description pid Process procid_target PID 1964 wrote to memory of 2108 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 95 PID 1964 wrote to memory of 2108 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 95 PID 1964 wrote to memory of 2108 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 95 PID 1964 wrote to memory of 3876 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 96 PID 1964 wrote to memory of 3876 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 96 PID 1964 wrote to memory of 3876 1964 bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe 96 PID 3876 wrote to memory of 3916 3876 bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm 97 PID 3876 wrote to memory of 3916 3876 bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm 97 PID 3876 wrote to memory of 3916 3876 bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm 97 PID 2108 wrote to memory of 4308 2108 bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp 99 PID 2108 wrote to memory of 4308 2108 bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp 99 PID 2108 wrote to memory of 4396 2108 bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp 105 PID 2108 wrote to memory of 4396 2108 bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.exe"1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmpC:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp&platform=0009&osver=6&isServer=0&shimver=4.0.30319.03⤵PID:4308
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=bec10af9cf14c64c346e094782c62251_JaffaCakes118.tmp&platform=0009&osver=6&isServer=0&shimver=4.0.30319.03⤵PID:4396
-
-
-
C:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.mmC:\Users\Admin\AppData\Local\Temp\bec10af9cf14c64c346e094782c62251_JaffaCakes118.mm /zhj2⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:3876 -
C:\Windows\GOG.exeC:\Windows\GOG.exe /zhj3⤵
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:3916
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=5652 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:4572
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5752 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:884
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4876 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:2356
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5428 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:1368
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5444 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:208
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=3696 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:4540
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=5904 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:11⤵PID:4076
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=5416 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:2352
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=5412 --field-trial-handle=2248,i,10247514684337323751,15511974759131734137,262144 --variations-seed-version /prefetch:81⤵PID:3548
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
213KB
MD5ea69828d8cca072d646f4a385dff148f
SHA1bfa199be58f8b9e97661a6e7145e65b7be469716
SHA256fec24c8906b484e09da7f704250a8b7a4ad60b42e0ce1fcfe115bd3a852b2346
SHA51276f829790a986a7b8c2ad95a9480322220228509f770e8a620b9562b26a043e376f80df2b00581233fe11f78ce4a9d331ceb15342d162034bd46843e7f4533e6
-
Filesize
19KB
MD5b5cffc5aa0a876d606e0bb8714bc32d4
SHA1d14ea2881031ac3fffead469451a342108af86f0
SHA256497f26fa64618bc336716fbf39378bcb63631c389276dd678b28e1e1359f3814
SHA512a5d9143b14405ddcac1dc9d8a16e3aa3fa65fb57ba193c7a27f6b51bb77995e0ca8c8f6d7a66da43b426d5dbfbf96e0454448774ce33f4f7c1e39b325006d26b