Overview
overview
3Static
static
3sym - Copy...52.dll
windows7-x64
1sym - Copy...52.dll
windows10-2004-x64
1sym - Copy...ox.dll
windows7-x64
1sym - Copy...ox.dll
windows10-2004-x64
1sym - Copy...PI.dll
windows7-x64
1sym - Copy...PI.dll
windows10-2004-x64
1sym - Copy...no.dll
windows7-x64
1sym - Copy...no.dll
windows10-2004-x64
1sym - Copy...64.dll
windows7-x64
1sym - Copy...64.dll
windows10-2004-x64
1sym - Copy...64.dll
windows7-x64
1sym - Copy...64.dll
windows10-2004-x64
1sym - Copy...sh.dll
windows7-x64
1sym - Copy...sh.dll
windows10-2004-x64
1sym - Copy...td.dll
windows7-x64
3sym - Copy...td.dll
windows10-2004-x64
1sym - Copy/cxapis.dll
windows7-x64
1sym - Copy/cxapis.dll
windows10-2004-x64
1sym - Copy... m.exe
windows7-x64
1sym - Copy... m.exe
windows10-2004-x64
1sym - Copy...che.js
windows7-x64
3sym - Copy...che.js
windows10-2004-x64
3Analysis
-
max time kernel
52s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
01/12/2024, 04:04
Static task
static1
Behavioral task
behavioral1
Sample
sym - Copy/Bunifu_UI_v1.52.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
sym - Copy/Bunifu_UI_v1.52.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
sym - Copy/FastColoredTextBox.dll
Resource
win7-20241023-en
Behavioral task
behavioral4
Sample
sym - Copy/FastColoredTextBox.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
sym - Copy/SynapseZAPI.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
sym - Copy/SynapseZAPI.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
sym - Copy/bin/Xeno.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
sym - Copy/bin/Xeno.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
sym - Copy/bin/libcrypto-3-x64.dll
Resource
win7-20241010-en
Behavioral task
behavioral10
Sample
sym - Copy/bin/libcrypto-3-x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
sym - Copy/bin/libssl-3-x64.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
sym - Copy/bin/libssl-3-x64.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
sym - Copy/bin/xxhash.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
sym - Copy/bin/xxhash.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
sym - Copy/bin/zstd.dll
Resource
win7-20241023-en
Behavioral task
behavioral16
Sample
sym - Copy/bin/zstd.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
sym - Copy/cxapis.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
sym - Copy/cxapis.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
sym - Copy/synapse m.exe
Resource
win7-20240903-en
Behavioral task
behavioral20
Sample
sym - Copy/synapse m.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
sym - Copy/workspace/002c19202c9946e6047b0c6e0ad51f84-cache.js
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
sym - Copy/workspace/002c19202c9946e6047b0c6e0ad51f84-cache.js
Resource
win10v2004-20241007-en
General
-
Target
sym - Copy/bin/zstd.dll
-
Size
638KB
-
MD5
5b96fb0d4e6453680da278f5b7e51a29
-
SHA1
3c96a29248fa3644de2c653a5d97c1e21b13a769
-
SHA256
1374391dafd6262795243a58f9fb234be859d940683fe756c64692ca807f0478
-
SHA512
27d06b7182aa48a81cce18f8f7b1bee054f3a862ccebd77d273a67c6a15e5d0ef5ba8fd7430976f445eb8bff51d290f2bb50061ac7ef448255ba8a18b8baf193
-
SSDEEP
6144:fbauYl+rrR8uT4uB5uWYfO16oMynnjDHMkYHbpk5tRCEybNFZemMBLx4uQ16aSG:fbauYGT5BYMxjDHMk0petRCEyb9emHO
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2340 chrome.exe 2340 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe Token: SeShutdownPrivilege 2340 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe 2340 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1040 wrote to memory of 2312 1040 rundll32.exe 30 PID 1040 wrote to memory of 2312 1040 rundll32.exe 30 PID 1040 wrote to memory of 2312 1040 rundll32.exe 30 PID 2340 wrote to memory of 292 2340 chrome.exe 33 PID 2340 wrote to memory of 292 2340 chrome.exe 33 PID 2340 wrote to memory of 292 2340 chrome.exe 33 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2772 2340 chrome.exe 35 PID 2340 wrote to memory of 2756 2340 chrome.exe 36 PID 2340 wrote to memory of 2756 2340 chrome.exe 36 PID 2340 wrote to memory of 2756 2340 chrome.exe 36 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37 PID 2340 wrote to memory of 2792 2340 chrome.exe 37
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\sym - Copy\bin\zstd.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:1040 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 1040 -s 802⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2340 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6b39758,0x7fef6b39768,0x7fef6b397782⤵PID:292
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:22⤵PID:2772
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1520 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:82⤵PID:2756
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1600 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:82⤵PID:2792
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2328 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2352 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:1512
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1372 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:22⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2968 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:1124
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3656 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:82⤵PID:1496
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3740 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:1996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3464 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:2236
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3484 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:2192
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2468 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:2632
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3688 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:548
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=1776 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1928 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:3068
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2512 --field-trial-handle=1380,i,13263117234775933260,18042678442778635045,131072 /prefetch:12⤵PID:2056
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2848
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
215KB
MD52be38925751dc3580e84c3af3a87f98d
SHA18a390d24e6588bef5da1d3db713784c11ca58921
SHA2561412046f2516b688d644ff26b6c7ef2275b6c8f132eb809bd32e118208a4ec1b
SHA5121341ffc84f16c1247eb0e9baacd26a70c6b9ee904bc2861e55b092263613c0f09072efd174b3e649a347ef3192ae92d7807cc4f5782f8fd07389703d75c4c4e2
-
Filesize
41KB
MD5e319c7af7370ac080fbc66374603ed3a
SHA14f0cd3c48c2e82a167384d967c210bdacc6904f9
SHA2565ad4c276af3ac5349ee9280f8a8144a30d33217542e065864c8b424a08365132
SHA5124681a68a428e15d09010e2b2edba61e22808da1b77856f3ff842ebd022a1b801dfbb7cbb2eb8c1b6c39ae397d20892a3b7af054650f2899d0d16fc12d3d1a011
-
Filesize
19KB
MD5d4b62d73545a6ca017f1e84d9ff5ab1d
SHA165d701abe76860f53b77224980963a943684e7d6
SHA25684f07a1e57dfa7e7c4e9db71595e512331983d2cf8037dce4bd49b8f8f6b870c
SHA51243a3c8e4d18df0adb83709b12112b4022f9b11d1c4fc0181496e9f897cc16cee87e093005dabc644e8624dcd8f3ade61442c37be336f0de819d3d7a4f6a77ed1
-
Filesize
280B
MD5eb8fec62def1758dbf13a2db5fccadad
SHA15f52ca783dead289fae2fd06864e3df6ded93916
SHA256fdf40ad1b9898aa31ac6f5b5ab44b28116599e3032a008b15754cf7bc6aec86b
SHA512c80ec1c801174bbcbe192330a14031c917c556a4dbd8a656a042357f04c758a649a392a0a306125f1578a3e433501e019a5f00f7ec8467b50edffa3f4752d66e
-
Filesize
168B
MD5c278c2bd2016551dab24c9749f379958
SHA13d5b8ee9b5b1a970bedc844ce4863d6d5c09ba85
SHA256f79be3a8a29632e62f3688fc6874c1a5d215113121ac1d2217099d28d26968fc
SHA51269702ebe2e0b517d4000ca7e2c7cd605f458860c8091ac973f3d70b834c663d87672091bf5a7d6aeae473d2aae3cc84743f7cc86c002bd1ebdacfc1376ebf047
-
Filesize
168B
MD57d8b48b5bc191ede499d50433e248fa2
SHA1b0d2ae1ac98f2ed8c3e642190698eef650da8b74
SHA2560ff6ddfe627ebd7ac752c54b90199358c09b618aab0c0af7c7ac347d19ca2bc4
SHA5126c1a95271f00f61ad83f47a58bc206a7cf188aee5130ec8e1d4bac1b9dd196d1d61e40d300fe7ee7159dec385f52ba5af875c3365a07fdcafc9ab495d7bbc31e
-
Filesize
168B
MD552cd3375e360575ce1ebb109a6fe6f37
SHA11d33f542524c452e1b440ff9375a6fd829c7d6f8
SHA256aea72150cc7be5318776bb5a2a8b22a32161e5c52931f1835f7a088a4af3054c
SHA512598d7f032d9450502ae65574aac2bcf70ce86a485100a256008ab6cceeb8896fa97a8e808d8c51e5fea07ed45d73c5143090fd8db860277e5da090ed81d9ff85
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
1KB
MD5e7938bc193b6cba9dd57491d7ac662c0
SHA1f723487a9a21e4cb25573c9a2f0f05bdfe28e92f
SHA2566ee63151a20c17572e87fa6a30c632d3a459ef3d2868c73c6910a69c2fec6d60
SHA512c7bbc7116f291e721ea46759ee2d2e8d2a0066c696d25faab96c2cfe53e486baf1cfec91a7cf8aa2a5e9df3d15ed69f485b675a5ad0cfc8609641e755e585527
-
Filesize
363B
MD59f76a2bc4f751153902417654992e906
SHA188744d21c3f678cdff15e2da7b5c1d35878efbc0
SHA2567c934274fd4983803da068a8b465f0dba4fe8ddc298d2979f26d575724184fa8
SHA51236d6c20577afef9e6f66e9b1e65f309df86d3fc39be7903c60d093228eb5b350b80b0f6a8cf001964706454a09cc55a0d073e0b891cababa56cac9cbfec6b9f5
-
Filesize
363B
MD551df8f4d173489c340f49805b5cebbf1
SHA1a3248582e87cad7715a364e3c8014496a351d56f
SHA256fb4b51c2aa6cdbfbb506a9fe47df88520a697cda881eae4f4f981cff3994de02
SHA51222e84e822b225933d5b4aadfa6eb00c396b137d164e1c3eea981707904813ba0069f9efa753dde1deb3a1bee70dba4fefef3a6cf16079864b03b634d15a744a3
-
Filesize
6KB
MD5776b80bbf9861258392e6d18d32c190f
SHA1161963f7f07becec39c62260d8729692ec0c4c36
SHA25658819efbf62ed34edb7ee8b98bcece173bb62104504654a591a963f33aabc944
SHA512005a0ccf1ebd5270685cb10c671a351ef2b2d8fde9cef74ffe90ebb99943bdf159602ba6fc02db7e6a69f7c1b6f11b2a1c6d8b901db9e79064be798eb72a5dcc
-
Filesize
6KB
MD5af905451ff0a6be84e23af3a02000e33
SHA1215bd5175c77ffb8362a06645d6323aad1f5f10d
SHA2564ae586aaeac75f6e8788e26b566b7f30ff08dc8ae3bd51079c1334039f4df203
SHA512761ce893d734846bdf5749b2e66c94a11677705fc79c5b4be65f7b618676dd24e690e3108b0e1684cd5654fd37976b11d8e39df7f06e1b80a8fbed90d1755256
-
Filesize
6KB
MD5fbaeb997f51824560b9dd810690e9a73
SHA1f904292d8c21328ebf89475138f5b1dcdf6745a6
SHA256e03551185ce34f02baf493f42ba127b3158fc417810c2808ce7e3aaa8ff9104f
SHA512889fcc095bf45bea5c5040b7dfcb03b031a836993ea6edb390bf00c1765dafd8ec40cf9f986ef3ea3ee7ca71f5c50303973a302904f4da4948095dd78eaf93d5
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
358KB
MD56d7d5c132b22bfae6f26660fe9f014cb
SHA1108d9424826291fad7cd4ea229a127c64321fc8f
SHA256de41a87ea8f25693081dfda5888e7330f0aa12dbf74419e9804aea9a0007fd21
SHA512e4bcb5a42dcf0cd7bd7bc93ce84b503ea5f822756e2b831db5914fed258c369bc2169499f17bb960a7fc8e5ef2c0b93e3b15d3672eeab87a4226c22151d6afb7
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b