Overview
overview
10Static
static
10XWorm/XWor...db.dll
windows7-x64
3XWorm/XWor...db.dll
windows10-2004-x64
1XWorm/XWor...db.dll
windows7-x64
1XWorm/XWor...db.dll
windows10-2004-x64
1XWorm/XWor...ks.dll
windows7-x64
1XWorm/XWor...ks.dll
windows10-2004-x64
1XWorm/XWor...il.dll
windows7-x64
1XWorm/XWor...il.dll
windows10-2004-x64
1XWorm/XWor...ts.dll
windows7-x64
1XWorm/XWor...ts.dll
windows10-2004-x64
1XWorm/XWor...re.dll
windows7-x64
1XWorm/XWor...re.dll
windows10-2004-x64
1XWorm/XWor...rs.dll
windows7-x64
1XWorm/XWor...rs.dll
windows10-2004-x64
1XWorm/XWor...ed.dll
windows7-x64
1XWorm/XWor...ed.dll
windows10-2004-x64
1XWorm/XWor...ls.dll
windows7-x64
1XWorm/XWor...ls.dll
windows10-2004-x64
1XWorm/XWor...io.dll
windows7-x64
1XWorm/XWor...io.dll
windows10-2004-x64
1XWorm/XWor...on.dll
windows7-x64
1XWorm/XWor...on.dll
windows10-2004-x64
1XWorm/XWor...ws.dll
windows7-x64
1XWorm/XWor...ws.dll
windows10-2004-x64
1XWorm/XWor...ne.dll
windows7-x64
1XWorm/XWor...ne.dll
windows10-2004-x64
1XWorm/XWor...at.dll
windows7-x64
1XWorm/XWor...at.dll
windows10-2004-x64
1XWorm/XWor...rd.dll
windows7-x64
1XWorm/XWor...rd.dll
windows10-2004-x64
1XWorm/XWor...ss.dll
windows7-x64
1XWorm/XWor...ss.dll
windows10-2004-x64
1Analysis
-
max time kernel
113s -
max time network
162s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
14-12-2024 08:32
Behavioral task
behavioral1
Sample
XWorm/XWorm V5.1/Mono.Cecil.Mdb.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
XWorm/XWorm V5.1/Mono.Cecil.Mdb.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
XWorm/XWorm V5.1/Mono.Cecil.Pdb.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
XWorm/XWorm V5.1/Mono.Cecil.Pdb.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
XWorm/XWorm V5.1/Mono.Cecil.Rocks.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral6
Sample
XWorm/XWorm V5.1/Mono.Cecil.Rocks.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
XWorm/XWorm V5.1/Mono.Cecil.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral8
Sample
XWorm/XWorm V5.1/Mono.Cecil.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
XWorm/XWorm V5.1/MonoMod.Backports.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral10
Sample
XWorm/XWorm V5.1/MonoMod.Backports.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
XWorm/XWorm V5.1/MonoMod.Core.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
XWorm/XWorm V5.1/MonoMod.Core.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
XWorm/XWorm V5.1/MonoMod.ILHelpers.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
XWorm/XWorm V5.1/MonoMod.ILHelpers.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
XWorm/XWorm V5.1/MonoMod.Iced.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
XWorm/XWorm V5.1/MonoMod.Iced.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
XWorm/XWorm V5.1/MonoMod.Utils.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
XWorm/XWorm V5.1/MonoMod.Utils.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
XWorm/XWorm V5.1/NAudio.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
XWorm/XWorm V5.1/NAudio.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
XWorm/XWorm V5.1/Newtonsoft.Json.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
XWorm/XWorm V5.1/Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
XWorm/XWorm V5.1/Plugins/ActiveWindows.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
XWorm/XWorm V5.1/Plugins/ActiveWindows.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
XWorm/XWorm V5.1/Plugins/All-In-One.dll
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral26
Sample
XWorm/XWorm V5.1/Plugins/All-In-One.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
XWorm/XWorm V5.1/Plugins/Chat.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
XWorm/XWorm V5.1/Plugins/Chat.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
XWorm/XWorm V5.1/Plugins/Clipboard.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
XWorm/XWorm V5.1/Plugins/Clipboard.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
XWorm/XWorm V5.1/Plugins/Cmstp-Bypass.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
XWorm/XWorm V5.1/Plugins/Cmstp-Bypass.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
XWorm/XWorm V5.1/Mono.Cecil.Mdb.dll
-
Size
42KB
-
MD5
1c6aca0f1b1fa1661fc1e43c79334f7c
-
SHA1
ec0f591a6d12e1ea7dc8714ec7e5ad7a04ef455d
-
SHA256
411f8ed8c49738fa38a56ed8f991d556227d13602e83186e66ae1c4f821c940b
-
SHA512
1c59e939d108f15881d29fe4ced4e5fa4a4476394b58b6eb464da77192cb8fe9221b7cd780af4596914d4cce7c3fc53f1bb567f944c58829de8efbe1fd87be76
-
SSDEEP
768:Ar5EYZep98C87KHeBUZwrEzsEAnbF+em50KktmM4CRIcZwMRTIzMAtpw:Ar59g98C87KHeBUb5AnZG+zdwMRTzAtS
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2628 chrome.exe 2628 chrome.exe -
Suspicious use of AdjustPrivilegeToken 24 IoCs
description pid Process Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe Token: SeShutdownPrivilege 2628 chrome.exe -
Suspicious use of FindShellTrayWindow 50 IoCs
pid Process 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe -
Suspicious use of SendNotifyMessage 48 IoCs
pid Process 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe 2628 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2628 wrote to memory of 2664 2628 chrome.exe 32 PID 2628 wrote to memory of 2664 2628 chrome.exe 32 PID 2628 wrote to memory of 2664 2628 chrome.exe 32 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 1016 2628 chrome.exe 34 PID 2628 wrote to memory of 536 2628 chrome.exe 35 PID 2628 wrote to memory of 536 2628 chrome.exe 35 PID 2628 wrote to memory of 536 2628 chrome.exe 35 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36 PID 2628 wrote to memory of 2924 2628 chrome.exe 36
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\XWorm\XWorm V5.1\Mono.Cecil.Mdb.dll",#11⤵PID:2568
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2628 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef7329758,0x7fef7329768,0x7fef73297782⤵PID:2664
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1152 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:22⤵PID:1016
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1532 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:82⤵PID:536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1632 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:82⤵PID:2924
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2240 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:1672
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2252 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:1900
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1496 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:22⤵PID:1400
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3312 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:2456
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=1228 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:1668
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4012 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:2476
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3972 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:82⤵PID:628
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=2812 --field-trial-handle=1268,i,908866062914481417,2008257474154637839,131072 /prefetch:12⤵PID:3024
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:3008
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
363B
MD5f3a8595d246c68b2d1260a02005915f4
SHA1e56a326734064698c4a3b06aba29f4c2f5683d35
SHA256be09ea75652c23bfafc9f9cd0c819b5bf9b57a8254c086684bf15ea409e50e88
SHA51218f4cd8732a0a71c71293249feaf5813dba7d3e3d7d12527e704c4564492b3184a03f1cff05970f652092b92c2194b9ef100c43dfa0dc4aec471723e3b75ded2
-
Filesize
4KB
MD5f285d41d0226eb5b68eb79cc41e0b6fa
SHA1951ee475a0b2d7a4f08aada602e83c36f0e767df
SHA2561454ff1145e284c625c6e83c66c4430871aa47b3d759e1257867e9c3fd80efd9
SHA5120ed074abab696ca2738178f0d617d33ea67b4873c85647c87c1b0598315802029884eb4c54b352aeb48bf5d0723f250e99aa941c216982b10cb11c27d7dc60fe
-
Filesize
4KB
MD58493d1068f53d56c2e2f225713f3ebec
SHA1d12bfb11a782d6d7b347a2a79350053b882177e0
SHA256aeb9e5255282cf19bfdd634b4e001324deab6cebddf3b0ef0726d27ca64994b1
SHA512b1aa177ee28e273347b937d8e3a7244f8fced156e9c12f09935a4d23ff2f7aed03d8610057086f6640233b9809ad1e28ea161908f450f88d7a3d269e819844e5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2