Overview
overview
6Static
static
3die_win64_...64.zip
windows7-x64
6die_win64_...64.zip
windows10-2004-x64
1db/Binary/...a.1.js
windows7-x64
1db/Binary/...a.1.js
windows10-2004-x64
1db/Binary/...s.1.js
windows7-x64
1db/Binary/...s.1.js
windows10-2004-x64
1db/Binary/audio.1.js
windows7-x64
1db/Binary/audio.1.js
windows10-2004-x64
1db/Binary/...B.1.js
windows7-x64
1db/Binary/...B.1.js
windows10-2004-x64
1db/Binary/...V.1.js
windows7-x64
1db/Binary/...V.1.js
windows10-2004-x64
1db/Binary/...3.2.js
windows7-x64
1db/Binary/...3.2.js
windows10-2004-x64
1db/Binary/...A.1.js
windows7-x64
1db/Binary/...A.1.js
windows10-2004-x64
1db/Binary/...L.1.js
windows7-x64
1db/Binary/...L.1.js
windows10-2004-x64
1db/Binary/...n.1.js
windows7-x64
1db/Binary/...n.1.js
windows10-2004-x64
1db/Binary/...e.1.js
windows7-x64
1db/Binary/...e.1.js
windows10-2004-x64
1db/Binary/...F.1.js
windows7-x64
1db/Binary/...F.1.js
windows10-2004-x64
1db/Binary/donut.1.js
windows7-x64
1db/Binary/donut.1.js
windows10-2004-x64
db/Binary/...E.1.js
windows7-x64
1db/Binary/...E.1.js
windows10-2004-x64
1db/Binary/...F.1.js
windows7-x64
1db/Binary/...F.1.js
windows10-2004-x64
1db/Binary/...A.1.js
windows7-x64
1db/Binary/...A.1.js
windows10-2004-x64
1Analysis
-
max time kernel
1230s -
max time network
1729s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
16-04-2024 23:13
Behavioral task
behavioral1
Sample
die_win64_portable_3.09_x64.zip
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
die_win64_portable_3.09_x64.zip
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
db/Binary/archive.btoa.1.js
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
db/Binary/archive.btoa.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
db/Binary/archives.1.js
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
db/Binary/archives.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
db/Binary/audio.1.js
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
db/Binary/audio.1.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
db/Binary/audio.FSB.1.js
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
db/Binary/audio.FSB.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
db/Binary/audio.WAV.1.js
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
db/Binary/audio.WAV.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
db/Binary/audio.mp3.2.js
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
db/Binary/audio.mp3.2.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
db/Binary/bin.IDA.1.js
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
db/Binary/bin.IDA.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
db/Binary/bin.JMDL.1.js
Resource
win7-20240319-en
Behavioral task
behavioral18
Sample
db/Binary/bin.JMDL.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
db/Binary/bin.Python.1.js
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
db/Binary/bin.Python.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
db/Binary/database.SQLite.1.js
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
db/Binary/database.SQLite.1.js
Resource
win10v2004-20240226-en
Behavioral task
behavioral23
Sample
db/Binary/doc.RTF.1.js
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
db/Binary/doc.RTF.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
db/Binary/donut.1.js
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
db/Binary/donut.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
db/Binary/font.ADOBE.1.js
Resource
win7-20231129-en
Behavioral task
behavioral28
Sample
db/Binary/font.ADOBE.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral29
Sample
db/Binary/font.BMF.1.js
Resource
win7-20240319-en
Behavioral task
behavioral30
Sample
db/Binary/font.BMF.1.js
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
db/Binary/format.MS-XNA.1.js
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
db/Binary/format.MS-XNA.1.js
Resource
win10v2004-20240412-en
General
-
Target
die_win64_portable_3.09_x64.zip
-
Size
19.7MB
-
MD5
9df37be5599da02c8080038bd2e24c6a
-
SHA1
de5720fc01731f449296dc56ce857a6d8bfa237f
-
SHA256
299ff9d91cead31c32926ecfb5f27d629d06997d259e70af8632044edaf27c9b
-
SHA512
a5970762a94370860806ed90c4ea73afedbd3a86144ed582a118f4b5dd1b1ae91c7b5a3034722229781c3cfc29ff80504096aa426baaee06cb6dc9701b7fea21
-
SSDEEP
393216:BwDruCvb94u36Y4aG8Mzu2UEq9Ee7JjHfOtMlLc9lfIRMz:Mv92aLHvZtL20Uz
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
Processes:
flow ioc 144 camo.githubusercontent.com 147 camo.githubusercontent.com 148 camo.githubusercontent.com 149 camo.githubusercontent.com 150 camo.githubusercontent.com 151 camo.githubusercontent.com 152 raw.githubusercontent.com 153 raw.githubusercontent.com -
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exepid process 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe Token: SeShutdownPrivilege 2584 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
Processes:
chrome.exepid process 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
Processes:
chrome.exepid process 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe 2584 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 2584 wrote to memory of 2604 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2604 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2604 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2460 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2476 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2476 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2476 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe PID 2584 wrote to memory of 2532 2584 chrome.exe chrome.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\die_win64_portable_3.09_x64.zip1⤵PID:2360
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6ea9758,0x7fef6ea9768,0x7fef6ea97782⤵PID:2604
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1208 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:22⤵PID:2460
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1556 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:2476
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1640 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:2532
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:2696
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=1532 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:2348
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1584 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:22⤵PID:268
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=1496 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:412
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:2364
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3720 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:2168
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3648 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:1576
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3936 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:2100
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2488 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:82⤵PID:2376
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3648 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:1852
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3584 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:452
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2728 --field-trial-handle=1388,i,13788652621865564465,8206320019155991662,131072 /prefetch:12⤵PID:1988
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2752
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
914B
MD5e4a68ac854ac5242460afd72481b2a44
SHA1df3c24f9bfd666761b268073fe06d1cc8d4f82a4
SHA256cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f
SHA5125622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5
-
Filesize
68KB
MD529f65ba8e88c063813cc50a4ea544e93
SHA105a7040d5c127e68c25d81cc51271ffb8bef3568
SHA2561ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184
SHA512e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa
-
Filesize
1KB
MD5a266bb7dcc38a562631361bbf61dd11b
SHA13b1efd3a66ea28b16697394703a72ca340a05bd5
SHA256df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e
SHA5120da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
Filesize252B
MD5cbca54f20edb211a8d8f865a7e1b18ac
SHA13d45fd9c7d9c7953da53beee65747a1bc27a8e91
SHA2562c224f4875d9633acbcf192ac322c4868aff8be8ff92b396d79f34f9bb66300a
SHA51216d94a0b6435ca78921710154037f9a083ea257c70f30191905b988b07e3d499b06acf097f88d6e6b5c915ee4c4f2e8779566e90c075d705a51ecff1eb6a069a
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5a31991b0802bbd665150a2e9189619e3
SHA1c852c20c633878ec8030b84c665eacc7108c2bbc
SHA256086f46285b41b6c0d0e166d9bd3c220b97ebc88817290caef44e67bcbd8de0ae
SHA5125b82a636d84bd41ab89ac7a39575dab8e857d5931d168d52130edded2257c995ea3c8331e205d346d17336a181930a3980d57f2686248f5cf0b33e34226e5f4c
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55d636af3def1daf3ff6ada5b03b1d2b8
SHA1c3b0b9b8cc5b6596ef6d1ac1fcba9b65de0b318b
SHA256549699dcbc6edf25f8afb0b13c348d403c20b74e210967ee06a16516f836ed34
SHA512c9535ea49f68ad39754fa5c910ae5e20f98f3ac99bad438fc7cf6cd1e30bc8bd36c1f0d1b80bac037e377fcc90270f873ac432a28c528be06ae9baf225964dc7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD562d20e224b0e636e13774bcb185ff577
SHA1e3032d879f5f2199fd3586715e6c3e77e0cc3997
SHA256a073e31f5cd43bc045b29445c43f983d8728c4b017870080fefe605a0ea53763
SHA512b91067265c3a135c08962db7010bde20a52364ad28e883df2b3ab102524977b15ab295b6ead3e91ff1024d77ed7375b27f9ae2ac6dfef3ec0ac01df3864eefe5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD5ad10c1e2e9d4a9d0a4b7d67e9713b9ae
SHA1eafae3ceffecdb33b8db1e36026cfa0f77d4ef10
SHA25628bf211e2ed3395920fe1c672a77f1db321ef3c746eca4fe139064f11ce8c75a
SHA5125cb7789289f750cae4bd832bfbbf33ecd01f0a4540cb047b59f81ec71984367a9a6b5855cfe51dff239fda6d31db8d5da24efd0678d34e548fe729c1c3a1d7f2
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize344B
MD55dcdcbeb95046db9c7d4db252b5e6bb8
SHA1d49abde7bf76800046d9e01e2948c2536852774a
SHA25633dcb08c1a2590d35fd06daa26948a11c18c42fdd06fe85f32f12086d006bbf8
SHA512afa6e99e01221116dadfa45f488384749e8eb778061f9b129c9bffa9a4b2f5b3def73add88db5729c188f8bc2e9793c79bbd754822131889aa3a4a67686ffabe
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize242B
MD504bc36a19e3ebc586915e4316640ea4c
SHA19669b9ae150b03c3b54e3f1359cec8e8670c6c22
SHA256b136f897a9ee2542d9cef42c4e8de84aa6d6227f51ee3588f7468b9eea8205d1
SHA5129dbc7ddd72af15daa54f6f3024747ddebb2827aa4b37ba79e42b94b940356a9604c080c0ffa8981075be65e45b8d96d2e38892581ed0d2eb3d89d99558aa68b7
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
2KB
MD5094335513aaeeed687beea4f25c2a6e8
SHA13411ee1d2171330fd3b611cdaedcb730190c2f57
SHA256e1b47461021bf554212433e68cb1363649c257358396e3d0e94ba9c1309675ed
SHA51283a55716b6a1deac4c0edccf98f1083f29873f0f49cc0f7ff82d09144734482705a1980ab39f6ba466e9ed3940e047d8abc17ff2766b5b732a0ff25e2220926e
-
Filesize
2KB
MD57aec972db843149bba0910c915a6c478
SHA16f07973f7af3afdec9dba5c1f432ef4d5ef146eb
SHA2561d14edc662e94a249aeceafefc4d82b0f33510236aa4620fb3645260d4f4bde3
SHA512dc600a2b4cf65ca3999168282bdaca14aa9b2d4feaf579396f67a46d1413350a8276dc8894b95c8d34d08fdef202c8d20fdd069a3244e2f159c72bb7b79b92c8
-
Filesize
1KB
MD5d470767f01816db3667d6548beb613ff
SHA1290bc4ae6337fe5a3fd7c09b2327fd1eb07a646e
SHA2566a7504f885535ec26388e5358b11373ef79b59985be96e8e38558f84e765ed46
SHA5126c29a675653a5cde7e4d831c5e58e714080c8ad55105fc1b9428b3bf03d0f19e0afb197eed6aae1a6691aa1bd40d11ca2771619ea34488a75b2c6f2a38e15b01
-
Filesize
6KB
MD5709b45d8c8662e22c2009e3234d22516
SHA1c0a2a1f377b836b8306236a3226cf9d9df4c8c67
SHA256702a9f915a07e3a0e18acf05d3ad04194bc684989792ed1e1ca0d3612b37940e
SHA51235fe16a3f4d66fdc88d021a89c62bc2bcbecbb011fc23bbac5aa78e2da2e9f980b27d986caebd96cb75dd96929ba655d51c2da63655dd7cad9b31deda1fea5e8
-
Filesize
5KB
MD58ca1aa585aad1d000619f9428b129e1e
SHA19718d330e48836a0fa9b9f3598ef4ce88e18a5ce
SHA256bd629916ce4d492a766ec694bc16f231adef97776cbdfe987c0cde54c98685e3
SHA51225f80e04ba622b82c7e8e51cda7507e4a7c2e27770b0c800f9a826a0477e958d063fb88f9900647e02562051c0fb56389045745a9e70a62001762cb05454f807
-
Filesize
6KB
MD5e3ff6570b753be832d3446aaaa776722
SHA1cd5634ec69e691947f6ecaf724c121343742aedd
SHA256859f1ff90dd8d3674604b2f6a7a2c0c70cab79545c32927d90257ebb5476ea90
SHA5122e308933706689f5dc301aa2cff7ce84118cea1d3b5dcb4a5eaea0b304a065bcd91e38ecf8b8078ed411a6b98753619bd09ea7a284e83b0042549df5b0989894
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
137KB
MD59764f812e8697e062a7d3b98e61ed844
SHA16a81f96b3f037fb73d0b5bd0319048a3ac0ee5f3
SHA2568364499f745e80f424735c37dea98ecd0bbcdee093b8e5cdde056d44cbaa4c22
SHA512c473c492397a6374a0562712d043d5953ef5c008b1bca108ddcad2a85e8cd7d383d34eac9fcc872a978417e2c2b5b5bdad37f644996094a00631f2d990420edd
-
Filesize
177KB
MD5435a9ac180383f9fa094131b173a2f7b
SHA176944ea657a9db94f9a4bef38f88c46ed4166983
SHA25667dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34
SHA5121a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e