Overview
overview
10Static
static
10XWorm-V5.6.zip
windows7-x64
3XWorm-V5.6.zip
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....es.vbs
windows7-x64
1RES/XWorm....es.vbs
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
8RES/XWorm....ources
windows7-x64
3RES/XWorm....ources
windows10-2004-x64
3Analysis
-
max time kernel
840s -
max time network
849s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09-02-2025 00:38
Behavioral task
behavioral1
Sample
XWorm-V5.6.zip
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
XWorm-V5.6.zip
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
RES/XWorm.Port.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral4
Sample
RES/XWorm.Port.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
RES/XWorm.ProcessV.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
RES/XWorm.ProcessV.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
RES/XWorm.Programs.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral8
Sample
RES/XWorm.Programs.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
RES/XWorm.Proxy.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral10
Sample
RES/XWorm.Proxy.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
RES/XWorm.Ransomware.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
RES/XWorm.Ransomware.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
RES/XWorm.Registry.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral14
Sample
RES/XWorm.Registry.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
RES/XWorm.RemoteDesktop.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral16
Sample
RES/XWorm.RemoteDesktop.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
RES/XWorm.Resources.vbs
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
RES/XWorm.Resources.vbs
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
RES/XWorm.RunPE.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
RES/XWorm.RunPE.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
RES/XWorm.ServiceManager.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral22
Sample
RES/XWorm.ServiceManager.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
RES/XWorm.Shell.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral24
Sample
RES/XWorm.Shell.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
RES/XWorm.Sound.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
RES/XWorm.Sound.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
RES/XWorm.StartupManager.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral28
Sample
RES/XWorm.StartupManager.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
RES/XWorm.TBotNotify.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral30
Sample
RES/XWorm.TBotNotify.resources
Resource
win10v2004-20250207-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
RES/XWorm.TXT.resources
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral32
Sample
RES/XWorm.TXT.resources
Resource
win10v2004-20250129-en
windows10-2004-x64
General
-
Target
XWorm-V5.6.zip
-
Size
25.3MB
-
MD5
278f46d169c34e63c670df069261a331
-
SHA1
845e392a91e153be59387073c8ae34e3693e58e8
-
SHA256
ee0b405b3e166fa9c1062ac6bed228b4ca7f990ce2dc62305d15ae4b3e6e35f1
-
SHA512
da520eff0473baabd20cd44bbe29b40c787b493bca11bcd925019c82740fb0230e328fd77d12a41535293bc3579437f44b4a7f8902c33f78decbaa9befb842e7
-
SSDEEP
393216:sG6433DDU9Pr/rQSbu4s+tR2vQ5HOiPNKfsbQA1G7cjNAuR1Fwt2TWx4qXkiQo1H:tDUpzpbrj2vku68SQA1awAuvFGjUi/ZZ
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName chrome.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer chrome.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2116 chrome.exe 2116 chrome.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 33 2764 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2764 AUDIODG.EXE Token: 33 2764 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2764 AUDIODG.EXE Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe Token: SeShutdownPrivilege 2116 chrome.exe -
Suspicious use of FindShellTrayWindow 35 IoCs
pid Process 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe 2116 chrome.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2116 wrote to memory of 2472 2116 chrome.exe 35 PID 2116 wrote to memory of 2472 2116 chrome.exe 35 PID 2116 wrote to memory of 2472 2116 chrome.exe 35 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 2968 2116 chrome.exe 37 PID 2116 wrote to memory of 1972 2116 chrome.exe 38 PID 2116 wrote to memory of 1972 2116 chrome.exe 38 PID 2116 wrote to memory of 1972 2116 chrome.exe 38 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39 PID 2116 wrote to memory of 1556 2116 chrome.exe 39
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\XWorm-V5.6.zip1⤵PID:2564
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2932
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xc81⤵
- Suspicious use of AdjustPrivilegeToken
PID:2764
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef68f9758,0x7fef68f9768,0x7fef68f97782⤵PID:2472
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1176 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:22⤵PID:2968
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1500 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:1972
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1616 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:1556
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2316 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:12⤵PID:2212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2336 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:12⤵PID:2160
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1172 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:22⤵PID:2136
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3220 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:12⤵PID:1716
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3428 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:2260
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3552 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:2272
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3976 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:1964
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 --field-trial-handle=1240,i,6165755038513713914,13606796045587167551,131072 /prefetch:82⤵PID:2708
-
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵PID:2916
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
264KB
MD5f50f89a0a91564d0b8a211f8921aa7de
SHA1112403a17dd69d5b9018b8cede023cb3b54eab7d
SHA256b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec
SHA512bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58
-
Filesize
4KB
MD5e6738ee5acd5d893bfe31fbb1ea450e1
SHA1f70ca4854380a6ccc2ff3131db3f46c71198a4f5
SHA256c0a2b62eafeac0cdd0fafa78a00753f28ba87b4fa2cfa44260da7bd8f7e28ef6
SHA512adad9045af1a871cad659b6832b4929a5498071ff6eea2e6c62bfad66fd5fd8d670ded7f6289a389119a7be59ae8b269f018ec86db77099e3f1e8155fa222299
-
Filesize
4KB
MD5993fae5efbc5b9dea61468dc84f2c5aa
SHA123c2f72aff4d321a59fe943fa5ac450cb6643aeb
SHA256a174ed82e76413acb1c6eba11bda7f57f5a1bbd32b21c6c19ed3ff52d7d1d023
SHA512d3efa5d10d15ab1f2a75e76567c5cfe68203cd64fa39a7b0fa14fb03614a5c3898e1216ffa5ad357d113713da9e1b5b885bf813943f0a20d9a970ab01bb6a25e
-
Filesize
4KB
MD55076012cee2e2771feb9d19a9e9fe753
SHA167b01319174a61e39293b3931be981b5b271a326
SHA2563fe00be1ffee05cb62570da916aae12d5b6a73b5f452e3732cf75e5484f392f0
SHA512bdcec2f04cacaaa81855067e8eeaf3a084748132652c1b7321fadb0f1adedc7276be57bb452f776372b787f7d2c148df8a94e59b1eb242e73adc097ccd2e4bd5
-
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp
Filesize16B
MD518e723571b00fb1694a3bad6c78e4054
SHA1afcc0ef32d46fe59e0483f9a3c891d3034d12f32
SHA2568af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa
SHA51243bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2
-
Filesize
357KB
MD555056cd8831fc3bd330d4f5d29ad6435
SHA1759bce9281e12c8de62490fe808d4c3bf3737ae6
SHA256a4a70fa5e4d59fe8c4275235b9f8b8d64a5a0bf8a939f1db63d7529a03584682
SHA5122b25452577c3f82a7ae03e1060f0cce5f155410458bb0de061e1a6e3ba4121d21ea4b62b184c0ff69f8c8d4209d462f083e565daa946539313e3752709f11a5e
-
Filesize
357KB
MD527382535d5d60f24070168b25f08642d
SHA1f83367eb34b2f6e29033e3de004f3a54a519718c
SHA256af40406f95ef237899a42ce9bbf4eb6c4eccce75174701bd603fbcec740e9871
SHA5121ba953810af15d7991756bb26df124dedeab1215a25aee5cc2abe7a2809efc2f5b6b60d1d6783116b2368560944c586d2c713173666bcc4ecf3ae7362aea151e