Overview
overview
8Static
static
3Kiwi X.rar
windows7-x64
3Kiwi X.rar
windows10-2004-x64
8Kiwi X/Kiw...config
windows7-x64
3Kiwi X/Kiw...config
windows10-2004-x64
3Kiwi X/Kiw...config
windows7-x64
3Kiwi X/Kiw...config
windows10-2004-x64
3Kiwi X/Mon...se.txt
windows7-x64
1Kiwi X/Mon...se.txt
windows10-2004-x64
1Kiwi X/Mon...nc.txt
windows7-x64
1Kiwi X/Mon...nc.txt
windows10-2004-x64
1Kiwi X/Mon...lf.txt
windows7-x64
1Kiwi X/Mon...lf.txt
windows10-2004-x64
1Kiwi X/Mon...ns.txt
windows7-x64
1Kiwi X/Mon...ns.txt
windows10-2004-x64
1Kiwi X/Mon...lv.txt
windows7-x64
1Kiwi X/Mon...lv.txt
windows10-2004-x64
1Kiwi X/Mon...6x.svg
windows7-x64
1Kiwi X/Mon...6x.svg
windows10-2004-x64
1Kiwi X/Mon...6x.svg
windows7-x64
1Kiwi X/Mon...6x.svg
windows10-2004-x64
1Kiwi X/Mon...in.css
windows7-x64
3Kiwi X/Mon...in.css
windows10-2004-x64
7Kiwi X/Mon...te.svg
windows7-x64
1Kiwi X/Mon...te.svg
windows10-2004-x64
1Kiwi X/WRD...F.json
windows7-x64
3Kiwi X/WRD...F.json
windows10-2004-x64
3Kiwi X/bin/settings
windows7-x64
1Kiwi X/bin/settings
windows10-2004-x64
1Kiwi X/bin/ver.txt
windows7-x64
1Kiwi X/bin/ver.txt
windows10-2004-x64
1Kiwi X/bin...rs.txt
windows7-x64
1Kiwi X/bin...rs.txt
windows10-2004-x64
1Analysis
-
max time kernel
300s -
max time network
268s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
20-03-2024 06:18
Static task
static1
Behavioral task
behavioral1
Sample
Kiwi X.rar
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Kiwi X.rar
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Kiwi X/Kiwi X WPF.exe.config
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Kiwi X/Kiwi X WPF.exe.config
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Kiwi X/Kiwi X.exe.config
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
Kiwi X/Kiwi X.exe.config
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Kiwi X/Monaco/base.txt
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral8
Sample
Kiwi X/Monaco/base.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Kiwi X/Monaco/classfunc.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
Kiwi X/Monaco/classfunc.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Kiwi X/Monaco/globalf.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Kiwi X/Monaco/globalf.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Kiwi X/Monaco/globalns.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Kiwi X/Monaco/globalns.txt
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Kiwi X/Monaco/globalv.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
Kiwi X/Monaco/globalv.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Kiwi X/Monaco/vs/editor/editor.main.css
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral22
Sample
Kiwi X/Monaco/vs/editor/editor.main.css
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Kiwi X/WRDAPICONF.json
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
Kiwi X/WRDAPICONF.json
Resource
win10v2004-20240319-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Kiwi X/bin/settings
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
Kiwi X/bin/settings
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Kiwi X/bin/ver.txt
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Kiwi X/bin/ver.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Empty Servers.txt
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral32
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Empty Servers.txt
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
-
Size
4KB
-
MD5
48e754cb54c78a85dcc9aaea9a27847e
-
SHA1
8d79b23037deb6586e4954305dcb4caee14afbd2
-
SHA256
d1aa361f33564e8f9d527a01a66c7ce35d73f23417432e80ddf51f562770ee79
-
SHA512
f6d902b5c73b59636cb71d4019ff45cb77532bf22aab28a8314697e24a62163a94140c97495ad5ce421c09c26e4bcbfe5a815eae27e945c51ccd80c2ba9c3a77
-
SSDEEP
48:CnN6wkEX+c9Vlt4AFCj93Z0hDC7hSBnukNyhDFtrJGuG2XvS+yZCahDC7hSBnhKm:zJWFCMcfkCFGE6+yZCacJImkArbbqrAm
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133553891306925014" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 4612 chrome.exe 4612 chrome.exe 1448 chrome.exe 1448 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 4612 chrome.exe 4612 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe Token: SeShutdownPrivilege 4612 chrome.exe Token: SeCreatePagefilePrivilege 4612 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
pid Process 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe 4612 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4612 wrote to memory of 2132 4612 chrome.exe 89 PID 4612 wrote to memory of 2132 4612 chrome.exe 89 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3464 4612 chrome.exe 93 PID 4612 wrote to memory of 3016 4612 chrome.exe 94 PID 4612 wrote to memory of 3016 4612 chrome.exe 94 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95 PID 4612 wrote to memory of 4900 4612 chrome.exe 95
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\vs\editor\contrib\suggest\media\String_16x.svg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4612 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9e0459758,0x7ff9e0459768,0x7ff9e04597782⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1620 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:22⤵PID:3464
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:82⤵PID:3016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2184 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:82⤵PID:4900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:12⤵PID:3604
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3092 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:12⤵PID:388
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:82⤵PID:1688
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4800 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:82⤵PID:4656
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 --field-trial-handle=1880,i,5855185715384018072,12635498679959548387,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:1448
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2740
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD509cc92cfcdc4efdd5a316238ecfe4297
SHA15067490e08b5e8ef182ebb0079217c5d56b276c4
SHA256486ef9ac3dd3fd3f0b042082c145193a98a2e372352d30e09b03858a0316e590
SHA512b3f11312ca0f9c55979c2a396e0ac243bc0cde21b3bff8ff3e873966726d523d5b34d3de5d4054c2cfdf27fdb5b8d9134398df7ed670326c7750bbf63e8df7d5
-
Filesize
1KB
MD5fedf1d650e31c11e6a40f9c2575fe5e5
SHA1786bcd5febd4115330862c1d4a68e4af3e40a94f
SHA256d7d67dfbe7be4cb162b248130f230b03e357ed64dd121072df728d1a202dd609
SHA5128eff31fb7cb436e5610a04f84c651e26c8c54b48ffe1cc28754d454bb5b69f9154d549bdd0a77ba3bad778564fbccc4f6410511a5bb3b1a296b9268ba160a7a5
-
Filesize
6KB
MD5e711e5dbc28d44e28b8561649eab736c
SHA17af4b9e7854f1761fe071e694fa6650009b4d761
SHA2568b1f8a3cec81cecaabd7d1a40059a6cc6102e53139ae821c992159e646db1475
SHA51209903df4d05438cea82f6ea210925786cc5f60364e6baebff52d2a5233a9cede3f0b4ea36ee6dd632e3e0e6289cc050e974827630cf3df1f34936d029c740619
-
Filesize
6KB
MD56be1d3efb2378e285a6b7eb6ddea42f0
SHA1e627d84bc209dfc03b7327ccb31a160a4382d372
SHA256bcc9320c32206aecbefc8f53496d339ba47e3e5bc58a6892c35b68fead382eb6
SHA5120cd519bb35b02d3522248d2a707069b9a7251f3917976b2936cc896f525cdc18e775dfe4b040af839002b9f159e621b7e41f02e510bd469e0572dd8344b3784b
-
Filesize
128KB
MD5493368d458537d0015b02c9421573ece
SHA1160e0ff45c5fb531533e00700d0b00abb29c3d4b
SHA25640b8f228328df66fbdb5bf2ca72fcbf2f55d00b1d6efdb9cd249369340d79e50
SHA5129895b0c70c69dd73a7e75f2d044c5502a303b438f2aa7abd6479a60ab83783ea7d777c1909208a655e0a51881d61df1e8c3e1d22660f5308365d938a02de4f08
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd