Overview
overview
3Static
static
3New Compre...er.zip
windows11-21h2-x64
1Kiwi X/Kiw...config
windows11-21h2-x64
3Kiwi X/Kiw...config
windows11-21h2-x64
3Kiwi X/Mon...se.txt
windows11-21h2-x64
3Kiwi X/Mon...nc.txt
windows11-21h2-x64
3Kiwi X/Mon...lf.txt
windows11-21h2-x64
3Kiwi X/Mon...ns.txt
windows11-21h2-x64
3Kiwi X/Mon...lv.txt
windows11-21h2-x64
3Kiwi X/Mon...6x.svg
windows11-21h2-x64
1Kiwi X/Mon...6x.svg
windows11-21h2-x64
1Kiwi X/Mon...in.css
windows11-21h2-x64
3Kiwi X/Mon...te.svg
windows11-21h2-x64
1Kiwi X/WRD...F.json
windows11-21h2-x64
3Kiwi X/bin/settings
windows11-21h2-x64
1Kiwi X/bin/ver.txt
windows11-21h2-x64
3Kiwi X/bin...rs.txt
windows11-21h2-x64
3Kiwi X/bin...ts.txt
windows11-21h2-x64
3Kiwi X/bin...rs.txt
windows11-21h2-x64
3Kiwi X/bin...gs.txt
windows11-21h2-x64
3Kiwi X/bin...4.json
windows11-21h2-x64
3Kiwi X/bin...s.json
windows11-21h2-x64
3Kiwi X/bin...er.txt
windows11-21h2-x64
3Kiwi X/bin...op.txt
windows11-21h2-x64
3Kiwi X/bin...re.txt
windows11-21h2-x64
3Kiwi X/bin...es.txt
windows11-21h2-x64
3Kiwi X/finj.exe
windows11-21h2-x64
1Kiwi X/log...ash.js
windows11-21h2-x64
3Kiwi X/wor...age.js
windows11-21h2-x64
3Kiwi X/wor...IDI.js
windows11-21h2-x64
3Kiwi X/wor...ler.js
windows11-21h2-x64
3Kiwi X/wor...ise.js
windows11-21h2-x64
3Kiwi X/wor...til.js
windows11-21h2-x64
3Analysis
-
max time kernel
119s -
max time network
114s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
04-06-2024 14:27
Static task
static1
Behavioral task
behavioral1
Sample
New Compressed (zipped) Folder.zip
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral2
Sample
Kiwi X/Kiwi X WPF.exe.config
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral3
Sample
Kiwi X/Kiwi X.exe.config
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral4
Sample
Kiwi X/Monaco/base.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral5
Sample
Kiwi X/Monaco/classfunc.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral6
Sample
Kiwi X/Monaco/globalf.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral7
Sample
Kiwi X/Monaco/globalns.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral8
Sample
Kiwi X/Monaco/globalv.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral9
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_16x.svg
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral10
Sample
Kiwi X/Monaco/vs/editor/contrib/suggest/media/String_inverse_16x.svg
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral11
Sample
Kiwi X/Monaco/vs/editor/editor.main.css
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral12
Sample
Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral13
Sample
Kiwi X/WRDAPICONF.json
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral14
Sample
Kiwi X/bin/settings
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral15
Sample
Kiwi X/bin/ver.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral16
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Empty Servers.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral17
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Servers With Fruits.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral18
Sample
Kiwi X/bin/workspace/Blox Fruits Fruit Farm/Total Servers.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral19
Sample
Kiwi X/bin/workspace/Fruit Farm Logs.txt
Resource
win11-20240419-en
windows11-21h2-x64
Behavioral task
behavioral20
Sample
Kiwi X/bin/workspace/Mukuro/BF/kiwiecksfruits_3897567374.json
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral21
Sample
Kiwi X/bin/workspace/NotSameServers.json
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral22
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Enter.txt
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral23
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/ExtoriusOnTop.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral24
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Here.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral25
Sample
Kiwi X/bin/workspace/Self Bot RMA/saved_admins/Usernames.txt
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral26
Sample
Kiwi X/finj.exe
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral27
Sample
Kiwi X/logs/02-10-2022_00-54-09_Crash.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral28
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/package.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral29
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/MIDI.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral30
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/TaskScheduler.js
Resource
win11-20240426-en
windows11-21h2-x64
Behavioral task
behavioral31
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/Util/Promise.js
Resource
win11-20240508-en
windows11-21h2-x64
Behavioral task
behavioral32
Sample
Kiwi X/workspace/rostruct/cache/releases/richie0866-midiplayer-LATEST-ZIPBALL/src/Util/TableUtil.js
Resource
win11-20240419-en
windows11-21h2-x64
General
-
Target
Kiwi X/Monaco/vs/editor/standalone/browser/quickOpen/symbol-sprite.svg
-
Size
20KB
-
MD5
649fb0a55b0e0fc9d79e6b7872a14c10
-
SHA1
b33619c9dfd65d3f2e5a5fcb767a752123d51607
-
SHA256
fcc3026b97068f3d9e1743d36ca26b96ffdbcd2841fa9d804caccc4f249911c8
-
SHA512
3fb4b07e9313b69c84f887c9ca0464e4c8d06a98a8f2ad7d0b48452d068bd526004c21633d0279b4b5e17ad882acf8c7e99b4c3e7650be43b495b670a87d0cbd
-
SSDEEP
384:cyPJZCcKWPJuCNoSmvcar1PNY6g2HdSjEc3/WD3:DCdCNkvcaQ6x9SjES/W7
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Modifies data under HKEY_USERS 2 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry chrome.exe Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133619849478196674" chrome.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe Token: SeShutdownPrivilege 2100 chrome.exe Token: SeCreatePagefilePrivilege 2100 chrome.exe -
Suspicious use of FindShellTrayWindow 26 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious use of SendNotifyMessage 12 IoCs
pid Process 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe 2100 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2100 wrote to memory of 3404 2100 chrome.exe 79 PID 2100 wrote to memory of 3404 2100 chrome.exe 79 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 5040 2100 chrome.exe 81 PID 2100 wrote to memory of 4376 2100 chrome.exe 82 PID 2100 wrote to memory of 4376 2100 chrome.exe 82 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83 PID 2100 wrote to memory of 396 2100 chrome.exe 83
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\Kiwi X\Monaco\vs\editor\standalone\browser\quickOpen\symbol-sprite.svg1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xb8,0x10c,0x7ffcfa65ab58,0x7ffcfa65ab68,0x7ffcfa65ab782⤵PID:3404
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1548 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:22⤵PID:5040
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:4376
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2128 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:396
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:12⤵PID:2372
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3032 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:12⤵PID:4596
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:2084
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4420 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:1328
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4440 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:3476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:224
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 --field-trial-handle=1828,i,7650945818347052878,1898872380406910220,131072 /prefetch:82⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:2700
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5b664c9999ca902633829c8876dd7a2eb
SHA158c4483371d5bb713c95a90222a1ffb48087a284
SHA256a7a1f691c2f3442b1d218f6bc9dd1d4bc37e5092a866dc5f9f758fefd7206f2b
SHA512b4378d66e5301692e4a8273bad1c0d815f70ac9d28322f4582cd5e538452e18c4ab28ef33a4b6d8466c225acfdf44a718abdbd54a0590634f91a8d3f048c933f
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD59b1376a0fc90652ba06a727dbee797a7
SHA116b56aca7da28491ca9f90e78613b7752d252174
SHA2564c2fa182ae5cc46eb123e5515a279296b88a8a6a481d2cad6b9c275350dd8a79
SHA512c31e701e4a01d28c941b266fa2b51d9d72ff99b2dfe69fa1a31cc89422b2b479bf7189d62fa7a14c110afa3c6ad1c46b7b53344cb6d0ee422b3d7e896f2b9336
-
Filesize
131KB
MD5fe996192cc0a6a91a589fbc45468ac39
SHA1952fbfbb167ff8e80a88e127b02fe5c82dccd185
SHA256fa1d17d6b7f857191ee3269c54d5057c07aa4ebd98860b7893913c0fce63d819
SHA51297a6833ba5df071d5f6dc17b25f2a41cd7762f4cc3cf536a752e8f709aac9c5c5c31a9a7efd861ed643aa85af98564c553ae1234311990140fc80201e453c0e9
-
Filesize
152KB
MD57f4d231b896088589cc311b7e51de008
SHA17bc83bf25a8d4e489710e5008d92c7e529ec7fe7
SHA25613a42485f2b190d24fac4f9e3a124d99149399784b5bfa45c886806f6db54e84
SHA512dbb28091e1ca58e167f172b3a11b9e08cfabd7f96fe84c35ec818c2bbd517a3e418a3cad91f593d404953936aa35b523d9f95eec8242081a0cd472b7de20b22b
-
Filesize
131KB
MD5ea1fd3fc2259e31f61889b68538f90a1
SHA1ba88c90cd0b64bed318e8a43ee7df50fa5c19953
SHA25635a005e6b736928e4893fcd8343d3099fbd6cb83f2f114f0f51f86990d8b2f88
SHA51224fd4199e3bcb4e10f1fdb58cd419c605df57c4a99387088c3550d9baff082052ffa5e0f2b19babe02b5a0e306e85cbbf3e0751153b3bdb543c3c19061312146
-
Filesize
131KB
MD5769b2f7d97167c88a7297db91a7b4c9a
SHA14a0385e1d17fb3632dd49892cae4cb18b65a0ae1
SHA2562b89458da94b081f15787a0e7619571cbe81e54275cccc69c94618fbf996bbc7
SHA512d0c5e635d455293f3b6dbc98addb4f8d4702ac0d8ad734127b150cf8c1fe5bddb6fbbd109df3d95d5a8e8d93af3ed0fcabf86deb580a79b0239cc9cf3d0f562b
-
Filesize
86KB
MD5aa27a11e7bdf325720b62960535ae89f
SHA16269a185b40efb8aadab8ef2831e495a567dfa68
SHA2567630c801508beab12b0df8a6ae6693f3a6945d1cabe9c79fc938cd5379431a96
SHA512a6fea69ab7839206f0156f0a34798d2fb5015ac27896613346668bdf4e9160e1f5aeab1070d819fea637ee3b78c75d2fe952fbe55aa870d00349860f0b5124bf
-
Filesize
83KB
MD5054f4eb861a129f8510803d2844409b6
SHA1a415447f07490c7ead612b0e8ca5778bc5402dfa
SHA256715df57d0b1d0a4e43c3433212643015597c111592482339383fe8794f3dee1f
SHA512b5987e3ddc145f1760664f64a2e2e3bef4561190b19f3cc2d2227c8466d7fd200efc9bd5d6c1dcb3e5497c23d398372c846d5c9408d429221c808f8ca9581455