Overview
overview
3Static
static
3New Compre...er.zip
windows11-21h2-x64
1Kiwi X/Kiw...config
windows11-21h2-x64
3Kiwi X/Kiw...config
windows11-21h2-x64
3Kiwi X/Mon...se.txt
windows11-21h2-x64
3Kiwi X/Mon...nc.txt
windows11-21h2-x64
3Kiwi X/Mon...lf.txt
windows11-21h2-x64
3Kiwi X/Mon...ns.txt
windows11-21h2-x64
3Kiwi X/Mon...lv.txt
windows11-21h2-x64
3Kiwi X/Mon...6x.svg
windows11-21h2-x64
1Kiwi X/Mon...6x.svg
windows11-21h2-x64
1Kiwi X/Mon...in.css
windows11-21h2-x64
3Kiwi X/Mon...te.svg
windows11-21h2-x64
1Kiwi X/WRD...F.json
windows11-21h2-x64
3Kiwi X/bin/settings
windows11-21h2-x64
1Kiwi X/bin/ver.txt
windows11-21h2-x64
3Kiwi X/bin...rs.txt
windows11-21h2-x64
3Kiwi X/bin...ts.txt
windows11-21h2-x64
3Kiwi X/bin...rs.txt
windows11-21h2-x64
3Kiwi X/bin...gs.txt
windows11-21h2-x64
3Kiwi X/bin...4.json
windows11-21h2-x64
3Kiwi X/bin...s.json
windows11-21h2-x64
3Kiwi X/bin...er.txt
windows11-21h2-x64
3Kiwi X/bin...op.txt
windows11-21h2-x64
3Kiwi X/bin...re.txt
windows11-21h2-x64
3Kiwi X/bin...es.txt
windows11-21h2-x64
3Kiwi X/finj.exe
windows11-21h2-x64
1Kiwi X/log...ash.js
windows11-21h2-x64
3Kiwi X/wor...age.js
windows11-21h2-x64
3Kiwi X/wor...IDI.js
windows11-21h2-x64
3Kiwi X/wor...ler.js
windows11-21h2-x64
3Kiwi X/wor...ise.js
windows11-21h2-x64
3Kiwi X/wor...til.js
windows11-21h2-x64
3Analysis
-
max time kernel
120s -
max time network
124s -
platform
windows11-21h2_x64 -
resource
win11-20240426-en -
resource tags
arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-06-2024 14:27
Static task
static1
Behavioral task
behavioral1
Sample
New Compressed (zipped) Folder.zip
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Kiwi X/Kiwi X WPF.exe.config
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Kiwi X/Kiwi X.exe.config
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Kiwi X/Monaco/base.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Kiwi X/Monaco/classfunc.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Kiwi X/Monaco/globalf.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Kiwi X/Monaco/globalns.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Kiwi X/Monaco/globalv.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Kiwi X/Monaco/vs/editor/editor.main.css
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Kiwi X/WRDAPICONF.json
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Kiwi X/bin/settings
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Kiwi X/bin/ver.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Empty Servers.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Servers With Fruits.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Total Servers.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Kiwi X/bin/workspace/Fruit Farm Logs.txt
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Kiwi X/bin/workspace/Mukuro/BF/kiwiecksfruits_3897567374.json
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Kiwi X/bin/workspace/NotSameServers.json
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Enter.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/ExtoriusOnTop.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Here.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Usernames.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Kiwi X/finj.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Kiwi X/logs/02-10-2022_00-54-09_Crash.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/package.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/MIDI.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/TaskScheduler.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/Util/Promise.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/Util/TableUtil.js
Resource
win11-20240419-en
windows11-21h2-x64
General
-
Target
New Compressed (zipped) Folder.zip
-
Size
29.2MB
-
MD5
f3ef389e70359a1d4a8d851dc830fd2b
-
SHA1
b70f099d71bb67184cc09cc5fd36f1196cb572bd
-
SHA256
b85e29da84a43b64dcbfc2afd00058b1674675f2742e1e518eff1a66a4daa771
-
SHA512
e2803804a77957d477c7a3a4ac36799fc510d2059b20dd221de3876994a9188d9d1807198187e5b3cfb9ff636d734e29fc813c2f1795133bfa35abded11d9ee0
-
SSDEEP
786432:q8bLIZYVsDHJ2lJcLzoQJ8hEJKIvkxFXY1QxcN1:9LIZYVsDHklMolhEoQ6YyO1
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619850292513585" chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe Token: SeShutdownPrivilege 4876 chrome.exe Token: SeCreatePagefilePrivilege 4876 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe 4876 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4876 wrote to memory of 224 4876 chrome.exe 79 PID 4876 wrote to memory of 224 4876 chrome.exe 79 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 1784 4876 chrome.exe 80 PID 4876 wrote to memory of 4028 4876 chrome.exe 81 PID 4876 wrote to memory of 4028 4876 chrome.exe 81 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82 PID 4876 wrote to memory of 836 4876 chrome.exe 82
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\New Compressed (zipped) Folder.zip"1⤵PID:2440
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4876 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe0,0x10c,0x7ffa3554ab58,0x7ffa3554ab68,0x7ffa3554ab782⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1512 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:22⤵PID:1784
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:4028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:836
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:12⤵PID:4532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:12⤵PID:1072
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4308 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:12⤵PID:4352
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3792 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:1216
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3040 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:4980
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:2312
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4960 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:4136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:82⤵PID:3668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=1488 --field-trial-handle=1712,i,14470721577107072430,2415643057713110589,131072 /prefetch:12⤵PID:3920
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:4640
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
356B
MD5b1b1b9fbe802572ed5a2bba648f42e12
SHA18ccd50f1aeb155ce4dc6a9ea3e6f2fc12b77beea
SHA2561fdabf30413782447c6d3871a6f449835e3550ed44c96071bba2e7370d49d1b4
SHA512b5cfab2542f6f7f7daed2da8bbef55466c07aabf89d7310825fba69e732655ad55869860c845a67af3a14ab8c257c517a328e7ad77c5676f2e7588e98bae5fa4
-
Filesize
7KB
MD5078c8d1ac6ddf142447a705da5b9827c
SHA171a960a47bc6c591d41eb4065972e9295636c714
SHA256f290ebd35ec9ff44aae444eb50501b35bcec6c5a13d0843a187d3c081e18d5da
SHA512a8df2073acc1f8c5b66701169e49b43860e9b566cc10a7d07aa2075a238cab4f7c3ec7751b1ef0c42c73b0ac9647a197d6c1b6590c507ae2fbc4e3a308c2c8d3
-
Filesize
16KB
MD5fb3f124d99d6fda137ad60c92c68d839
SHA1d43581ac9eb2df71c85d1f0af4d043aa7fff584e
SHA25602f6ad47bff149f03bc7e311199b25c6de1e8091a1f6c85f2e7ccfc6fd64b41d
SHA5123d9d723769a0ade6a8516969650bab16726061ce047712f12464f6ab88addb404bb5508d344d033dffefe6bcf6f944438e9a982df8d19a51e68de9d31644d59c
-
Filesize
261KB
MD53e03ef583f651b9e15abdb830a365cb5
SHA13097d5c61a376ac14a26bd3deb267eade2708499
SHA2564508fa61994d04d4a7fb620585fe6622afeddb9d12c5bc8f4a4e78b8cf428d60
SHA51238a262999cbf674374760cbcee4e17e24861d29490e52dd6b214f45f7b3ead1d4225355e276ef440b1067ff9971a1896ec4b32611c4af6f3e584037cff212281