Overview
overview
10Static
static
10Xworm-V5.6/NAudio.dll
windows10-1703-x64
6Xworm-V5.6...on.dll
windows10-1703-x64
1Xworm-V5.6...ws.dll
windows10-1703-x64
1Xworm-V5.6...at.dll
windows10-1703-x64
1Xworm-V5.6...um.dll
windows10-1703-x64
1Xworm-V5.6...rd.dll
windows10-1703-x64
1Xworm-V5.6...ss.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...DP.dll
windows10-1703-x64
1Xworm-V5.6...NC.dll
windows10-1703-x64
1Xworm-V5.6...ry.dll
windows10-1703-x64
1Xworm-V5.6...ps.dll
windows10-1703-x64
1Xworm-V5.6...ns.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...ps.dll
windows10-1703-x64
1Xworm-V5.6...ox.dll
windows10-1703-x64
1Xworm-V5.6...ne.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...ns.dll
windows10-1703-x64
1Xworm-V5.6...me.dll
windows10-1703-x64
1Xworm-V5.6...ce.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Xworm-V5.6...ms.dll
windows10-1703-x64
1Xworm-V5.6...re.dll
windows10-1703-x64
1Xworm-V5.6...ry.dll
windows10-1703-x64
1Xworm-V5.6...it.dll
windows10-1703-x64
1Xworm-V5.6...op.dll
windows10-1703-x64
1Xworm-V5.6...xy.dll
windows10-1703-x64
1Xworm-V5.6...PE.dll
windows10-1703-x64
1Xworm-V5.6...er.dll
windows10-1703-x64
1Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-1703_x64 -
resource
win10-20240221-en -
resource tags
arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system -
submitted
21-03-2024 17:35
Behavioral task
behavioral1
Sample
Xworm-V5.6/NAudio.dll
Resource
win10-20240221-en
Behavioral task
behavioral2
Sample
Xworm-V5.6/Newtonsoft.Json.dll
Resource
win10-20240221-en
Behavioral task
behavioral3
Sample
Xworm-V5.6/Plugins/ActiveWindows.dll
Resource
win10-20240221-en
Behavioral task
behavioral4
Sample
Xworm-V5.6/Plugins/Chat.dll
Resource
win10-20240221-en
Behavioral task
behavioral5
Sample
Xworm-V5.6/Plugins/Chromium.dll
Resource
win10-20240221-en
Behavioral task
behavioral6
Sample
Xworm-V5.6/Plugins/Clipboard.dll
Resource
win10-20240221-en
Behavioral task
behavioral7
Sample
Xworm-V5.6/Plugins/Cmstp-Bypass.dll
Resource
win10-20240214-en
Behavioral task
behavioral8
Sample
Xworm-V5.6/Plugins/FileManager.dll
Resource
win10-20240221-en
Behavioral task
behavioral9
Sample
Xworm-V5.6/Plugins/FilesSearcher.dll
Resource
win10-20240221-en
Behavioral task
behavioral10
Sample
Xworm-V5.6/Plugins/HBrowser.dll
Resource
win10-20240221-en
Behavioral task
behavioral11
Sample
Xworm-V5.6/Plugins/HRDP.dll
Resource
win10-20240221-en
Behavioral task
behavioral12
Sample
Xworm-V5.6/Plugins/HVNC.dll
Resource
win10-20240214-en
Behavioral task
behavioral13
Sample
Xworm-V5.6/Plugins/HVNCMemory.dll
Resource
win10-20240221-en
Behavioral task
behavioral14
Sample
Xworm-V5.6/Plugins/HiddenApps.dll
Resource
win10-20240221-en
Behavioral task
behavioral15
Sample
Xworm-V5.6/Plugins/Informations.dll
Resource
win10-20240221-en
Behavioral task
behavioral16
Sample
Xworm-V5.6/Plugins/Keylogger.dll
Resource
win10-20240221-en
Behavioral task
behavioral17
Sample
Xworm-V5.6/Plugins/Maps.dll
Resource
win10-20240221-en
Behavioral task
behavioral18
Sample
Xworm-V5.6/Plugins/MessageBox.dll
Resource
win10-20240221-en
Behavioral task
behavioral19
Sample
Xworm-V5.6/Plugins/Microphone.dll
Resource
win10-20240221-en
Behavioral task
behavioral20
Sample
Xworm-V5.6/Plugins/Ngrok-Installer.dll
Resource
win10-20240319-en
Behavioral task
behavioral21
Sample
Xworm-V5.6/Plugins/Options.dll
Resource
win10-20240221-en
Behavioral task
behavioral22
Sample
Xworm-V5.6/Plugins/Pastime.dll
Resource
win10-20240221-en
Behavioral task
behavioral23
Sample
Xworm-V5.6/Plugins/Performance.dll
Resource
win10-20240221-en
Behavioral task
behavioral24
Sample
Xworm-V5.6/Plugins/ProcessManager.dll
Resource
win10-20240221-en
Behavioral task
behavioral25
Sample
Xworm-V5.6/Plugins/Programs.dll
Resource
win10-20240221-en
Behavioral task
behavioral26
Sample
Xworm-V5.6/Plugins/Ransomware.dll
Resource
win10-20240221-en
Behavioral task
behavioral27
Sample
Xworm-V5.6/Plugins/Recovery.dll
Resource
win10-20240221-en
Behavioral task
behavioral28
Sample
Xworm-V5.6/Plugins/Regedit.dll
Resource
win10-20240214-en
Behavioral task
behavioral29
Sample
Xworm-V5.6/Plugins/RemoteDesktop.dll
Resource
win10-20240221-en
Behavioral task
behavioral30
Sample
Xworm-V5.6/Plugins/ReverseProxy.dll
Resource
win10-20240221-en
Behavioral task
behavioral31
Sample
Xworm-V5.6/Plugins/RunPE.dll
Resource
win10-20240214-en
Behavioral task
behavioral32
Sample
Xworm-V5.6/Plugins/ServiceManager.dll
Resource
win10-20240221-en
General
-
Target
Xworm-V5.6/NAudio.dll
-
Size
502KB
-
MD5
3b87d1363a45ce9368e9baec32c69466
-
SHA1
70a9f4df01d17060ec17df9528fca7026cc42935
-
SHA256
81b3f1dc3f1eac9762b8a292751a44b64b87d0d4c3982debfdd2621012186451
-
SHA512
1f07d3b041763b4bc31f6bd7b181deb8d34ff66ec666193932ffc460371adbcd4451483a99009b9b0b71f3864ed5c15c6c3b3777fabeb76f9918c726c35eb7d7
-
SSDEEP
6144:96/i10SZtfzWctj98vZcE0wmLlaIZs5eku2sX2hrjAzvgmXa6W9FwsT9idwktQZG:9yrSKMJR9aGs55T1X9Fwspi2tGpmS
Malware Config
Signatures
-
Downloads MZ/PE file
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
chrome.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
Processes:
chrome.exedescription ioc process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133555162062459595" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
chrome.exechrome.exepid process 396 chrome.exe 396 chrome.exe 2092 chrome.exe 2092 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
Processes:
chrome.exepid process 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
chrome.exedescription pid process Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe Token: SeShutdownPrivilege 396 chrome.exe Token: SeCreatePagefilePrivilege 396 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
Processes:
chrome.exepid process 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
chrome.exepid process 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe 396 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
chrome.exedescription pid process target process PID 396 wrote to memory of 1500 396 chrome.exe chrome.exe PID 396 wrote to memory of 1500 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 4368 396 chrome.exe chrome.exe PID 396 wrote to memory of 1888 396 chrome.exe chrome.exe PID 396 wrote to memory of 1888 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe PID 396 wrote to memory of 1944 396 chrome.exe chrome.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Xworm-V5.6\NAudio.dll,#11⤵PID:2212
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:3304
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:396 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa6eac9758,0x7ffa6eac9768,0x7ffa6eac97782⤵PID:1500
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1596 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:22⤵PID:4368
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:1888
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:1944
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2960 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:4480
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2976 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:1512
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3608 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:2760
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4936 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:2148
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:1136
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:3436
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level2⤵PID:4880
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff6c78f7688,0x7ff6c78f7698,0x7ff6c78f76a83⤵PID:1288
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4876 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:4380
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=1648 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:2460
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5584 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:1836
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5696 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:3292
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=6060 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:4612
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5732 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:4308
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:1196
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=1064 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:12⤵PID:2768
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:4656
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3184 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:1784
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3224 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:4052
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3944 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:828
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:344
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5332 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:2092 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3508 --field-trial-handle=1804,i,3107140741759074405,5625961832366300839,131072 /prefetch:82⤵PID:2392
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:4788
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
196KB
MD5813c1b41e435242e7365a4bcd7adcf23
SHA12d25e1564eaf93455640413b95646b3f88f9075b
SHA25670cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542
SHA512268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e
-
Filesize
168B
MD5c5098ee01fe5205545e2f33937815393
SHA18782140e907216cc7416c3578fa9cd40a62c6733
SHA256dccb65bf76019e747b2255010cb21340955de3d02a176965f01076a3f42903c1
SHA512f692cce1cb17c6688d4f0777c0f46e90d47dd8a9bb28d43928e4b656744bdd7f1c587366a7271b40744749f00b991c5280095c9ade9f7f45ee75cf2367cbb04d
-
Filesize
912B
MD5c89e982f9d05a8956404a6d791f8aff6
SHA19670cfedbcf476f60c971350da20f85c8329374a
SHA2568c7f61f5f4e59d6e54e5ac57a132a17f6fa9697abb431cdeec134cf13b40a9d2
SHA512cd0da65e33f4b28475d1231ab3c9e7906193ab658bbe7b7f6e73b6d9efcd19810b3d0a829d61d22e3fcc8e06aa783b6141cce39b5f23e60f24d9da0c4a1ae4f7
-
Filesize
1KB
MD5ae5c2d8cba44763dbf86b72d081d5bdc
SHA1825666b2b7cba0594db99126bbd3c4bbdeab2d82
SHA25691381f9721353e2356d625d2bbd7e9a4795155737605d3e20f3156f7a1cff709
SHA51276d3d14a1d7f3dd9c109b4098f7d2c6f9046def9fe8bd3005e7093ca62a8db7691e259630839208e191fe40f9a6b034b200eddad25753bb5e219d8f40db5a85b
-
Filesize
371B
MD59dce0610d6f3becd0c620836f7f54121
SHA192b979738daab6f0484d658aa413a58aea78f7c7
SHA2566b9db084a9a055734ad0e479c80118781f2aaef077d7bd5c9bfc6ee214f660bb
SHA512bfbaeae4cc3949a189d86c74ac2334f0c14bdaea6dcea2b3911056692a6844ab3ed3a5c52be684b993d2bde02bb0d227562f712efdfad8ff207a0d1bd43a09c8
-
Filesize
1KB
MD58ea08ecfe7de960273d2d44c289933c9
SHA1351f0b39f947a750b89365f28000e21269474928
SHA25660d29302e6b073ac4925047e1b457445c06a6c43f1b8a78832db60c2b46a9850
SHA5129af89e1e23307f20f5563f9efdba40c44e510307e59ef4da8a14210c0254beb1b30f94e66ffa42e2e41537e29da9e3a40c0a88f9f432fd795050a883b4289621
-
Filesize
1KB
MD5653a026e324563b25ca36cd88d27d080
SHA1f7c054f0ffafb95508f88ffb4ec6296935969bd0
SHA2568cc4b8f3be907cd65fa2dd854cb25bbf0c7acaef99dc3ed786d92f2c96b28c16
SHA512e1a2a0d709077993931b433d01eb42579c9ee3a06f4fb41f757d51297876e187cac9bbafaf0ff48afc42054c06175ea533747b4d74d49e790c4437c497c066a9
-
Filesize
1KB
MD50fad7645280522958aecabf3d14630d3
SHA1e76cad002caa23dee3556b60e60b80cfd676a04c
SHA256c91abe5306f36c368546237735fa1f5d7a3cad3946f52b87d33414983e4e2f5b
SHA51293183b0213a8b78c4e942bb81b35c6d27a2af6a06cc950acb44066d7f5fe2594cfffecbda813d301bac8d2bfa502925086a22e9831ed45a2fc50d9fe7930cbe4
-
Filesize
1KB
MD537291c97053ee5a75c4f4b79c7d6ba8e
SHA1405514b8e25eb74b8cc0eaf76384b49a9218c67f
SHA256d10c100c29cb9007147abddfdd24c441c720151a56eeeff26288fc30a04f7fa7
SHA51243723f1180d9429a745b401ff94232c0bd9fa68b72e764c4e1d89390879a8e843c48d60a6a841545d72cf80b6b1a44c3900d4314193af291f2d203e448448ba8
-
Filesize
371B
MD562a76b002a9d919d9531ccac95846b58
SHA11f107aa48dcf5b5afec00f45eb71db76853d81bc
SHA256f3801309895f6b040aa8865a1210882e6b07fffd2ff3afcd18e83cf7bcf31911
SHA512f5aaf54cad87193bd46b0ef381e3437a61cd8e4294eb2e2493bf611a80ca627aaa090523f3fa3286564a6094ad9fe62a345aa6f44419aabb80dd0faf74e0db2c
-
Filesize
6KB
MD57d6d6c9d21a2c84bc811785201a5f1ff
SHA1f6b8a8ef35fa933b56dd7bb75e2b919f70f35411
SHA256e2f19b976006181afbb0b2dadf7e724b57910688438e72d51249369edd87d425
SHA512cb05d9f943caa1db0f93f77a944201e19b8912b024893a26e992a8c354fb4485fec80b7c7cb9cff49e9f0ae3b0e5acc8983fa76314170fe73d0a26e968f8deff
-
Filesize
5KB
MD575b3e89a52aac56151cb6001c1903c5a
SHA1ac31a36bcd0dda051c607e832e5edbe84a2f4baf
SHA256606b57e533f05c5d34d1b851da07414dd901bedfd6cde3e84bddf105bd10b415
SHA5124be1c799e575d9e706c80a34b45ef9cda8d7240bfce4e709e2dba3697e40875f58d70f48dbe0a33e858d667a5c75115709c4ca54e59e446b4c5a25bb677c573f
-
Filesize
6KB
MD59df17345e1bddd7f38ba773fec7b3a0c
SHA195742587d6189f2734a57b810fb0c059fc4761dc
SHA2565ad646695886e1b40d5d171a0a0658baa77c484b4d00b37755e42d8539aa474d
SHA512eedd5632a1c23cb1c8a00340eba42fae580d8f8b55dc0049117b709467edf036aa7cd378da2e5a51c500bca12913ad20640de938d917eb10cfbcf2e088250867
-
Filesize
6KB
MD5e084bbdde634fe5d18a4cefe634abfcd
SHA18be74bd45fb0ef15f4ddf2d0b461c63318328485
SHA25620f0655cab00447357d4017ab1beff2bcd892218e3377241545eae1aee612991
SHA512007731381bf9ec93b7f60351d3102dfd1b66568f36b762b97c7cabe2a388ee1ac7a1ac90f8e1fdb96d4c5de4d59eb5564a6bed6f18726c4b59e06803ce936790
-
Filesize
6KB
MD58b95114041e4e54b13fb6ffe8cb66a9e
SHA1c63efb8b6ef58e8903592d5c4fdbd565b37bc88a
SHA256e2a0f0e0b11148a349a54d55245fa45c708137d006f758b4ba791765197fd70d
SHA5128abb32e59a3f5d45b2af1a8c2025abe717fad1ccc18a9ec974d9ee220083fc2ef33d5f1617f459a319e847ed5139db2ad8adf8a25d6e9b6d56cfd542f9b2f553
-
Filesize
6KB
MD5d5a38c164b4cb03ac41d1f36dc677f27
SHA103bef893815a89aa9eb977c670a885266288c72b
SHA256963b7a0b5dc7f45a130e024409da0ec97c43d7f0f325b6a8255ff7edacf0391a
SHA512509993b24bb2ca2a0b83fb161db9b0e4116b350a7635d760c3cf635d3fc4c6fb95f712d6209f338b47787ecb4e8354972cd1195229a84fa555c963abf1508b3e
-
Filesize
6KB
MD5c2967c262d101eee1c32c6daf9b2e481
SHA1fe9dabb0bea5e8562671c9d05498e9cc723b4bde
SHA256f8b644145b29c91f870b4c18c6a8a7bc6e743a699d58046a4546790989027fe1
SHA512aee3cfae8cb4e4f2e1fa78fe98ad180698bac7dcd1888ca638d7f33df3ca04a4d2c244fab8027b03176583e04a200bf9bbaf35500eaa3611a1f58ee561a37f96
-
Filesize
12KB
MD548fb96887d2935945a94d6963acfb752
SHA1db43471487dea306664987efc1720e0778230c76
SHA2567396eff1dccfefe2a4b2dc6eed5885e6b7cf3b5b3fbf2f35d51cc59058db07c2
SHA512e0b917541fa2b0309ee5053720a1103754fa737a534d9f2a98612c1bac10bda2d56bfbd3db8c6ed86beb36463202cea67f6c9e7f600e2933b88cdd6953b85847
-
Filesize
259KB
MD57675074f8c30539fb8df7fac305514fc
SHA1fe57c72ca0b4ea402b753bfec83d80fa0448e148
SHA256428f4588f747e4193ef9c84613f2c4761637876b407576b0e00f42acecaf21c9
SHA512bed78ff16ef2cd3c25fddd454ca94ece7c7b084ab9728eb844b99a08ddd0b43e00ef8fdb12ecc6e28ff5c1899243cd28b75b066eb30283ac474599e4a437c48f
-
Filesize
259KB
MD5bee2ff48d04adfd566f9ce779f0d6704
SHA1206db3a659ef140e53fbac728e7e0844692ca518
SHA256ff2e239c0a1c84f6f4254766d3087b4cf2c8926092de6fd70d9629deb33ac3b5
SHA512e93894ada4fc22d37ec1116ca79aa9d698ec0e1fd2b4869ce985af8778359afdfb5f73db28e810739ae11860ed8be0e6119c1000c88bc257a532ca5a9d167458
-
Filesize
108KB
MD54f7a80bb747ce40c05d5254faab06e38
SHA1a0ccb5fbd7fc3f689d1ca4a95ea9284930e52414
SHA256f1711eccdf81b81a4faa6f5884ddb4f274782db1f44afad240faca27764faf41
SHA5122e84a5b67638673f07534809b45f90ad3e2fb6e2b61590b4a53d734c026d41cdcd5dde7ccd07178cda86bcd8ac947bf786f12140a7e35a6b19c648e2595ae72d
-
Filesize
101KB
MD57b119af5340a45a4b545b1684b9adbc3
SHA146623786dd389ab774422e15a5765a363d18ca1c
SHA25693028e741565b4420159dfe6944f9ff500bae42007b9d5aad9fd7652abc59475
SHA51238ee9fe24231fa405b9fd46e6010f2476e057bf1bd19124fe1ce7e04f76ce816fded2a3dffd4aedfa1eb2350071c73b4b452de819cca7ff0a7857e0e1683a977
-
Filesize
93KB
MD5c2f53f02a5ff0cd2a50ff6f82b1dffe8
SHA1067ceef45328d6d7c1dac82f1cb74743d3d94422
SHA256aea70b6591b3daa732ddc3e17ab3f4c750d84a4bf7c27228c6da66733c6ad249
SHA51288346679d4ec38da2ac4517881b46631f0f4a0fad858f172b10b31905ac7d2b0898bdee862ba78c847cda7b8f84c367ba33a46526efb738372b95a8c67e9520e
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
9.2MB
MD5cb0b68fecf135471dc855390f6ca0c93
SHA12ff0261ef39a0fe2df8aba8a95501fe9c1b315f9
SHA256240c167dd4fc902976fe2b27e4a47689f1e18c564f72cc5083dd62b81ac15c2c
SHA512d69e645c44e80019dfaf9a6b40c8b2d2fa568a4b83704e54b568c944e442f01897655ec1ed89f340d987b4b68f251214f21e934ad510ad01103d722655ea1c0f
-
MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e