Overview
overview
10Static
static
10XWorm-3.1-main.zip
windows7-x64
1XWorm-3.1-main.zip
windows10-2004-x64
1XWorm-3.1-...ox.dll
windows7-x64
1XWorm-3.1-...ox.dll
windows10-2004-x64
1XWorm-3.1-...IP.dat
windows7-x64
3XWorm-3.1-...IP.dat
windows10-2004-x64
3XWorm-3.1-...1).ico
windows7-x64
1XWorm-3.1-...1).ico
windows10-2004-x64
3XWorm-3.1-...0).ico
windows7-x64
1XWorm-3.1-...0).ico
windows10-2004-x64
3XWorm-3.1-...1).ico
windows7-x64
1XWorm-3.1-...1).ico
windows10-2004-x64
3XWorm-3.1-...2).ico
windows7-x64
1XWorm-3.1-...2).ico
windows10-2004-x64
3XWorm-3.1-...3).ico
windows7-x64
1XWorm-3.1-...3).ico
windows10-2004-x64
3XWorm-3.1-...4).ico
windows7-x64
1XWorm-3.1-...4).ico
windows10-2004-x64
3XWorm-3.1-...5).ico
windows7-x64
1XWorm-3.1-...5).ico
windows10-2004-x64
3XWorm-3.1-...6).ico
windows7-x64
1XWorm-3.1-...6).ico
windows10-2004-x64
3XWorm-3.1-...7).ico
windows7-x64
1XWorm-3.1-...7).ico
windows10-2004-x64
3XWorm-3.1-...2).ico
windows7-x64
1XWorm-3.1-...2).ico
windows10-2004-x64
3XWorm-3.1-...3).ico
windows7-x64
1XWorm-3.1-...3).ico
windows10-2004-x64
3XWorm-3.1-...4).ico
windows7-x64
1XWorm-3.1-...4).ico
windows10-2004-x64
3XWorm-3.1-...5).ico
windows7-x64
1XWorm-3.1-...5).ico
windows10-2004-x64
3Analysis
-
max time kernel
62s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
13/06/2024, 15:07
Static task
static1
Behavioral task
behavioral1
Sample
XWorm-3.1-main.zip
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral2
Sample
XWorm-3.1-main.zip
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
XWorm-3.1-main/FastColoredTextBox.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
XWorm-3.1-main/FastColoredTextBox.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
XWorm-3.1-main/GeoIP.dat
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
XWorm-3.1-main/GeoIP.dat
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
XWorm-3.1-main/Icons/icon (1).ico
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral8
Sample
XWorm-3.1-main/Icons/icon (1).ico
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
XWorm-3.1-main/Icons/icon (10).ico
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral10
Sample
XWorm-3.1-main/Icons/icon (10).ico
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
XWorm-3.1-main/Icons/icon (11).ico
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral12
Sample
XWorm-3.1-main/Icons/icon (11).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
XWorm-3.1-main/Icons/icon (12).ico
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral14
Sample
XWorm-3.1-main/Icons/icon (12).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
XWorm-3.1-main/Icons/icon (13).ico
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral16
Sample
XWorm-3.1-main/Icons/icon (13).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
XWorm-3.1-main/Icons/icon (14).ico
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral18
Sample
XWorm-3.1-main/Icons/icon (14).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
XWorm-3.1-main/Icons/icon (15).ico
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral20
Sample
XWorm-3.1-main/Icons/icon (15).ico
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
XWorm-3.1-main/Icons/icon (16).ico
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
XWorm-3.1-main/Icons/icon (16).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
XWorm-3.1-main/Icons/icon (17).ico
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
XWorm-3.1-main/Icons/icon (17).ico
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
XWorm-3.1-main/Icons/icon (2).ico
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral26
Sample
XWorm-3.1-main/Icons/icon (2).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
XWorm-3.1-main/Icons/icon (3).ico
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral28
Sample
XWorm-3.1-main/Icons/icon (3).ico
Resource
win10v2004-20240611-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
XWorm-3.1-main/Icons/icon (4).ico
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
XWorm-3.1-main/Icons/icon (4).ico
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
XWorm-3.1-main/Icons/icon (5).ico
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
XWorm-3.1-main/Icons/icon (5).ico
Resource
win10v2004-20240611-en
windows10-2004-x64
General
-
Target
XWorm-3.1-main.zip
-
Size
26.6MB
-
MD5
e63875032d805238fc44ca59fd732673
-
SHA1
df6408dc3ef6e223a79f5667e6a5bbc1ae2ed77a
-
SHA256
7c65d3e792ca1c0c5ed98143c7ce93684b8e3f78e12d122e5f220f29e2516027
-
SHA512
8938ac4cf037c6361abaca5bb427a511866a5a596d602be6a3605383f5832f388e7addd605125ba21f60e1cdb986bb1383041c5fba0e02c0b20418c29d8140ed
-
SSDEEP
786432:gj8DNnx2+mNYb1uIr38/a1VnGajZAS/BImN4q1dnV:Q8DNnxVmibco8/argevNV3
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe -
Suspicious use of AdjustPrivilegeToken 52 IoCs
description pid Process Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe Token: SeShutdownPrivilege 2288 chrome.exe -
Suspicious use of FindShellTrayWindow 34 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe 2288 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2288 wrote to memory of 1976 2288 chrome.exe 31 PID 2288 wrote to memory of 1976 2288 chrome.exe 31 PID 2288 wrote to memory of 1976 2288 chrome.exe 31 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 1664 2288 chrome.exe 33 PID 2288 wrote to memory of 2284 2288 chrome.exe 34 PID 2288 wrote to memory of 2284 2288 chrome.exe 34 PID 2288 wrote to memory of 2284 2288 chrome.exe 34 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35 PID 2288 wrote to memory of 1544 2288 chrome.exe 35
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\XWorm-3.1-main.zip1⤵PID:2768
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1984
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef50d9758,0x7fef50d9768,0x7fef50d97782⤵PID:1976
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:22⤵PID:1664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1496 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:82⤵PID:2284
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:82⤵PID:1544
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2148 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:12⤵PID:2984
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2276 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:12⤵PID:2852
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1160 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:22⤵PID:1692
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2544 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:12⤵PID:348
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3316 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:82⤵PID:2612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3308 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:12⤵PID:2264
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3444 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:82⤵PID:2028
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2740 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:82⤵PID:2132
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2000 --field-trial-handle=1300,i,16390271995094458060,1463091578161201406,131072 /prefetch:12⤵PID:2468
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:552
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
142KB
MD5fdf74769287d67705b331fa6e9e8b15f
SHA1a4d62ec19a47ac66d528fc9ecdb7e390dcb7f50b
SHA2566d83a58f7661c5cb837a219fb48445d7678085e511ab13b837d9a917a7283de5
SHA512e5b8296bc2b8de8d9df5874714920555e12699db5c0ac1c428a1ea8bbf6ff4da22b763e17a96dd6146893f16bbd073175ed231e9d591ec396d9f619b96be2edb
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
Filesize
5KB
MD526aca34fe4ba860a919ca47f353d50fa
SHA150f04308fd79d3a36c4814c15c600c5b706e10de
SHA2562f4a41a0de51d608efb2e31e6fb28ae866ad640692b2153900b1dd4770d357b2
SHA512bbb665bf5e42000bbb05eca80159df1e5784f4aa53e6364b7be8069e75ba2b535e18b0a3d3797239696727d212120bd57e6c3660d41fe3edbc8d754ec05cc901
-
Filesize
5KB
MD5b54630b128868e8ddcbd826aa366457c
SHA15c4bca3807b11267abc890beaeb7bbcd10898a3e
SHA25689c4b73109de2a323333147a64ae0795fb416fc8395fa11e546621934716e2a0
SHA51283911c3f664231b48e59ce01f68a46577509acfd4aac7ab17cb2c9fe64ce2ecf5f837268a9d779525553b7018a62d849fba53645f7899248d8ea6af65cad8f65
-
Filesize
16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
140KB
MD5cbb670b1720c7e35bdf520797f540201
SHA1a08a14733952a407806c820cbe2a2748cbb8178c
SHA2560a6ce1b8c41620ba36bc2116765f11e702dc838aa9ee13ce94a8930d073e6ccc
SHA512ac7b5b9db32ae1fe5f1ca452d5a06e17050efa6f6f142f1cdad3736f9ea8e9df65415872c2366f4afed98b3c7fec1a2aaf1536a494c3ae8668b5fb74b2078611