Malware Analysis Report

2024-08-06 18:05

Sample ID 240701-mx4hvszhrp
Target https://raw.githubusercontent.com/IncsecRishie/wdwddwdw/main/something.exe
Tags
xenorat persistence rat trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://raw.githubusercontent.com/IncsecRishie/wdwddwdw/main/something.exe was found to be: Known bad.

Malicious Activity Summary

xenorat persistence rat trojan

XenorRat

Downloads MZ/PE file

Executes dropped EXE

Checks computer location settings

Adds Run key to start application

Legitimate hosting services abused for malware hosting/C2

Enumerates physical storage devices

Runs net.exe

Suspicious use of FindShellTrayWindow

Suspicious use of WriteProcessMemory

Suspicious use of SendNotifyMessage

Enumerates system info in registry

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Delays execution with timeout.exe

Modifies data under HKEY_USERS

Scheduled Task/Job: Scheduled Task

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK Matrix V13

Initial Access
TA0001
Execution
TA0002
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Persistence
TA0003
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Privilege Escalation
TA0004
Boot or Logon Autostart Execution
T1547
Registry Run Keys / Startup Folder
T1547.001
Scheduled Task/Job
T1053
Scheduled Task
T1053.005
Defense Evasion
TA0005
Modify Registry
T1112
Credential Access
TA0006
Discovery
TA0007
Query Registry
T1012
System Information Discovery
T1082
Lateral Movement
TA0008
Collection
TA0009
Exfiltration
TA0010
Command and Control
TA0011
Web Service
T1102
Impact
TA0040
Resource Development
TA0042
Reconnaissance
TA0043

Analysis: static1

Detonation Overview

Reported

2024-07-01 10:51

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-01 10:51

Reported

2024-07-01 10:53

Platform

win10v2004-20240611-en

Max time kernel

113s

Max time network

118s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://raw.githubusercontent.com/IncsecRishie/wdwddwdw/main/something.exe

Signatures

XenorRat

trojan rat xenorat

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\pics.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2080292272-204036150-2159171770-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\Downloads\something.exe N/A
N/A N/A C:\Users\Admin\Downloads\pics.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\pics.exe N/A
N/A N/A C:\Users\Admin\Downloads\man.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.exe N/A
N/A N/A C:\Users\Admin\AppData\Roaming\XenoManager\xbbwz401u6.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\"" C:\Users\Admin\Downloads\something.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\"" C:\Users\Admin\Downloads\man.exe N/A

Legitimate hosting services abused for malware hosting/C2

Description Indicator Process Target
N/A raw.githubusercontent.com N/A N/A
N/A raw.githubusercontent.com N/A N/A

Enumerates physical storage devices

Delays execution with timeout.exe

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A
N/A N/A C:\Windows\system32\timeout.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133643047118904604" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Runs net.exe

Scheduled Task/Job: Scheduled Task

persistence execution
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A
N/A N/A C:\Windows\SysWOW64\schtasks.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4644 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4516 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 64 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 1144 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 4644 wrote to memory of 4132 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://raw.githubusercontent.com/IncsecRishie/wdwddwdw/main/something.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcdc47ab58,0x7ffcdc47ab68,0x7ffcdc47ab78

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2212 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2972 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2980 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4696 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4732 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5016 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5180 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4784 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Users\Admin\Downloads\something.exe

"C:\Users\Admin\Downloads\something.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "something.bat"

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Windows\system32\net.exe

net session

C:\Windows\system32\net1.exe

C:\Windows\system32\net1 session

C:\Windows\system32\timeout.exe

timeout /t 5 /nobreak

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5372 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5392 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5424 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5508 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Users\Admin\Downloads\pics.exe

"C:\Users\Admin\Downloads\pics.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Users\Admin\AppData\Roaming\XenoManager\pics.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\pics.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Chrome" /XML "C:\Users\Admin\AppData\Local\Temp\tmp1057.tmp" /F

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6116 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6128 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6080 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5396 --field-trial-handle=1876,i,16973052674775539889,4816589415538777647,131072 /prefetch:8

C:\Users\Admin\Downloads\man.exe

"C:\Users\Admin\Downloads\man.exe"

C:\Windows\SYSTEM32\cmd.exe

cmd /c "man.bat"

C:\Windows\system32\certutil.exe

certutil -decode C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.txt C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.exe

C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.exe

C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.exe

C:\Users\Admin\AppData\Roaming\XenoManager\xbbwz401u6.exe

"C:\Users\Admin\AppData\Roaming\XenoManager\xbbwz401u6.exe"

C:\Windows\SysWOW64\schtasks.exe

"schtasks.exe" /Create /TN "Chrome" /XML "C:\Users\Admin\AppData\Local\Temp\tmpA2C3.tmp" /F

Network

Country Destination Domain Proto
US 8.8.8.8:53 8.8.8.8.in-addr.arpa udp
US 8.8.8.8:53 raw.githubusercontent.com udp
US 185.199.110.133:443 raw.githubusercontent.com tcp
US 8.8.8.8:53 241.150.49.20.in-addr.arpa udp
US 8.8.8.8:53 133.110.199.185.in-addr.arpa udp
US 8.8.8.8:53 0.204.248.87.in-addr.arpa udp
US 8.8.8.8:53 202.212.58.216.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 22.177.190.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 13.107.21.237:443 g.bing.com tcp
BE 2.17.107.114:443 www.bing.com tcp
US 8.8.8.8:53 237.21.107.13.in-addr.arpa udp
US 8.8.8.8:53 114.107.17.2.in-addr.arpa udp
US 8.8.8.8:53 58.99.105.20.in-addr.arpa udp
US 8.8.8.8:53 133.211.185.52.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 103.169.127.40.in-addr.arpa udp
US 8.8.8.8:53 92.12.20.2.in-addr.arpa udp
NL 91.92.245.171:5764 tcp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
NL 91.92.245.171:5764 tcp
US 8.8.8.8:53 21.236.111.52.in-addr.arpa udp
NL 91.92.245.171:5764 tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 10.28.171.150.in-addr.arpa udp

Files

\??\pipe\crashpad_4644_RKJWKGNSVNCZMUFO

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 1850884f3b42640a012555e48cde43aa
SHA1 24d85662b4e2c91c259734545bb3e6e75cc2ff96
SHA256 b3c5b400268d09a1a0c77921dfa2de192f075d462dd86bc2995ded02d0db5c2c
SHA512 b9918eabf5ab1743f4b8d0712b12ddec0d2535e35dc96b51811b834687604f93689e0d15b1595ccc850ef42cc5ea1b1da1e011d0e8a7dd228a2f928c7e9ccce6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 8c6abb7e88108e0e3d5bbc4f2bfb5328
SHA1 35f45c8d3ad5005346c906fc9188aac21c51c4ed
SHA256 566c43e0ee545c8bd51ffb47a6ab8ce04ca57d166d8fa270d9c46d33f448eeaa
SHA512 4d5b9df47be36851c1e92de1f72bb8be81c32eb0312b00dc7f335ba5f332832b22f7126f89edccb3210f11e077ed8ec06dd3bef9a578a0f626fab17fda1c010c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 f8b42bb71f28ec70ed0a86b11b4a6cf3
SHA1 696b5c0aba67d63ef7e5dcee563e7e9429490fa3
SHA256 6750788a8e04ba8494a8f208151ca7dd973c67e257124f0c8653f4f69f5f4332
SHA512 06f1ecbe285346ff7c81748acc975f55461dbd952487074f5735d0c5d10b5fe515121fcd895d28597dd542366181078142a9a18c10d9d6a73d3cae7108482c6b

C:\Users\Admin\Downloads\something.exe

MD5 ef27c04fd27ff6ced209a5d87aa80875
SHA1 d6cd18130f6a988477ec2a01bfb0556910287d93
SHA256 a8f4f303f7fa7ad96207fcc5943c93c4e54c53fd07e42caae9af16e2360f7e0f
SHA512 63312bc9aab3430a59d169ca4d1222aac44b430faa7dfb4498de4ddb966c25b98046abf11dec021a2f69aeb7d4d0537e1a3850449288535989a6d642b4e4d374

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\something.bat

MD5 1afe03ea8170f5eacbe2106bef00722b
SHA1 f957f6e435f0741458a05d10226939f7baab68b5
SHA256 87d3fc8a117d46fa6c58f40fa7711affea75c4b67a74f20ffd4dd649b7194cee
SHA512 59d611164d1eca2fc15f8964cdc1a6e448bd0147afc0bd44839ed053803b316bd603ddb2207a0e33b9c34671d962bb39961dd46115cde5e8548a7283487da797

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 bec72d1225e04947100ec294de963634
SHA1 1ae5f36d90018995d3d68996db94ce125e733a67
SHA256 33a39cbf94d611c75b0081e8f590c112cc2eb0b35e2b357a0c57700101cc8f8b
SHA512 a1395e35532e794a2a2355164371787ebdb5b7fc3118499d542a5fee37d810ad4f1b0703c980670a5de028a64d65132555032f94775a123814c23264f494ff62

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57973f.TMP

MD5 fc9ac2b2f1e9846b348fb23da1d0ccc8
SHA1 be2c6a3653b5dd051020f0063944d8d3ec13ea1d
SHA256 8603e1708893c19afd91f8dd0cf83bd055d6ae0a461efc7818c475bda576a507
SHA512 3081edfa869c71241506331015cfd31cadc652ad23d77e0f9d74faa92805a618add0fb7888c10a3b41912ac62bb633acd64bdc4b76672d78647700fc92209d6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 a04feedcc8183214b6d528694cf4d233
SHA1 3f4cb03467389540812188eb757343eeceb966de
SHA256 923ca979ecf054f01137f06fb6032e8a65e223e9a3fa1a3e4d0156435f8649d2
SHA512 09cede8b49d58125e8d7c00072088503cc220e45bcb96b263d73b9c3d91f96b46fe2848ab3a9cf87357cfa7a73c59678c251a86e758581622acf54d3b1194ab3

C:\Users\Admin\Downloads\pics.exe

MD5 a02107a30c960620ce21bd2030442feb
SHA1 51ff3d68754c8b39479649691d5fcc1179fa07b6
SHA256 3e85bcf513c45d1d4ff742714cdde33230115c4a64a74d46770b3f62ad7a1c7d
SHA512 ed16c4048c255dbf80770f9fedbac6d8e4604d64cc7040a8d69a314c68313eed04bf1683dd14f9619e3b0d81756b3ed044f7a4768c0c0588f7d4b893f8ff2299

memory/2316-134-0x0000000000600000-0x0000000000612000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\pics.exe.log

MD5 916851e072fbabc4796d8916c5131092
SHA1 d48a602229a690c512d5fdaf4c8d77547a88e7a2
SHA256 7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d
SHA512 07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

C:\Users\Admin\AppData\Local\Temp\tmp1057.tmp

MD5 161ba12614199f010311ae403ee3cb15
SHA1 0a517dea47f339d1a0007eed7e8605336fb30a50
SHA256 8859b03b98668fb99b7ff032939baa1f629cdbe794a355297c01f279c4fa012d
SHA512 2d26ae231aeae9127e767c8c19b30270103e994bebf8651caca38fa8fde69f0bc3dd10a04be609356ee4032c768e70488bacdfc8708ac68702e026e95781cd78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 1f6dfad690cf5bb9c9e82d666325edb9
SHA1 17d3c38c5813a92f8cf49180fc80a5127bd7e36b
SHA256 c8e8244939943b8f493cb85c6673ef714f3a6b2a7b028d92a4ce08d945c741b3
SHA512 55627a83cf7f2fd8d9be9a47701c53f55ad4b2278866f1311938045d71e858593020a56bccb8675c43ba157192173a5b565322f79cbc3765d2d310af6c7df08d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f4ac13ac115bf3b600109e9f05fb2b6b
SHA1 94842899189ca72fc2e8eea75780b22f884fa105
SHA256 c759717cac75d04b6d50554cc7563d444aece52639bc5992550b40194b24ccea
SHA512 5885448016787fceeac10fd3719ddb5a310df6e44fa9847e49757bee0a0384b58b81550d5904fc816d48def49fc5bbd95c6e06e30970acec3c4235c41d667d01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 0cfdd24fe31748402ba90f5218fa4690
SHA1 323d81488c3459e7edeb8e384b8c94801aa1c861
SHA256 8144249b0897fad78f8f078d3c0de12ae210ce5737883abb64eaa8f1895569db
SHA512 e8a435695c7ae32566b3e1358b797d79723bb4d9aef4b0ff2856dd92f28df0e23b51374f17d1757a2c25c176007b8528bdf236ab86334e70427df9f9c081b11e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 9b49a09b30721d9dc2265601ad3a4686
SHA1 7125ace69166935fb3d838c4cc19634e6ff117d7
SHA256 b926d57ce9381ed484dc27656797e707d62c3ff8b4968fb480a6ae31776d58a6
SHA512 e89cf2d99f38d6a710651b0c06420b28041dd63a9e9c03be0a695bafc0ceb82ac4c6ce3c41a6eb31417d60cea047a2b3b6dc03dd054f8470c1159a336dd5c990

C:\Users\Admin\Downloads\man.exe

MD5 1268743be22b8e86fd133bedbbafce73
SHA1 4f22a9363f5e07d307a594555233f5ce38c6412e
SHA256 f60bc836779c9371dfbb897506c0e74c3985e3b246ad53924b63cc80a9910de4
SHA512 ddf9415783536e941e811e4ad3bc36fb2a91cc650f47d473bca85ddbb70cad2c7f7bc0be31b18ad74ee91278db5da833a7ad51b54abbe552744ab38347ff5d8f

C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\man.bat

MD5 7d78c3eabc42e1a89c1936f032286977
SHA1 7eee938120f623c000caaf2a499cfde522835e67
SHA256 46de1da9ea5372ce4b6d5a7252bc2160bed21d348ef537eafbd3b70e6a90ddcb
SHA512 394f36c63ac023a1c9a777ccdf68ee0142faacb33be8b0402fedd3e70b65a758d0d69e7c50009fdf1e68a83965558eea08f9b7bfcec5d7cd4209421c73c163ed

C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.txt

MD5 3ea07e0b9eef74c0ec87ea477afbfea6
SHA1 a8c5252c9d45611fb6fbd56279c9966a44d6354f
SHA256 f6e3a5b5b5d566beb9a1d00da4726520c105424c7b580a9333e2c4c5c0ac8d40
SHA512 35f24164068d997045b7bfd6f73b74297cabcf14e25dac2050f3fc73e95849c2c99760f494e04a4f9609d904e03e8195cef77e18bc5339a67e9cea01787f948a

C:\Users\Admin\AppData\Local\Temp\xbbwz401u6.txt

MD5 d2d356dc9a643a52eaf1c75d4d7b9e0b
SHA1 df47945e40353a311f0c8425a571b3363c02daf8
SHA256 232207e84e48bad8a9d0ef2ef9feb745e0bcc315fb5240266cca993dea06b875
SHA512 c240b4ec2579e6cca68640d7b141ccae2153a5abe1c0a85b7824aec8d27872ba1c49b21998b0b07422572095b1039012e23210ef01a7ba281b46e708813481b0

C:\Users\Admin\AppData\Local\Temp\tmpA2C3.tmp

MD5 fbb03ce259a0eeb94dcf06f9e271638e
SHA1 8d2574236e0fa6b15f6e7b226e333e4e3d7e8de1
SHA256 81b8ce02c477b0014626ee6023591f367fd0369887ed3d1e935a9ecac9612a2d
SHA512 91a2438d4b8cde81f66758ccaba84fb163974f1ee57456e35801980b12eb139c1f5d6f6ef9862238c790d834acd99125ad03a2e3964b4ba6f81ac7cae4212705

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 4b89dfed5a6939f9d0b41de036f2e9f2
SHA1 ae65258c4bfd73933247997ddccd62ff46e7eca0
SHA256 8ac23c87f1542bd70afa753e610e35b0356d04ef032b3419cf8254ca010cce0d
SHA512 dec696cbaa03845ee1a544843f35527649a86d3d3ac15255d6594bafbc4f5be1b878e9752d6fd2971b118bd0abe0c47d594ea6a8ab0940ae35a206292dd52529

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d6575c16b7789abe900e98a82e433cc3
SHA1 9c9dbfb88a15f8e73abe25569404ab1179fff5db
SHA256 6f01ba98b50f49722785e96fb29eab22f50b61b24e97cbac1ca056b6781efc42
SHA512 90185a14fb919f177496f928d87a10aab3f00a0858858d608e18012fdea4e688eaf24a7d3d6ecac4e0a743780fd3cdff7d3045e4f08e37c2a54483351bc8045f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 be03402d6bb9afa303e3f0f65079e6e6
SHA1 0aba7dd8d73179f4b26558415b70dd8eb41df5fc
SHA256 5c73e132ce8a2305849fda77c683afa19119e9ab8fcc0f758c3eedf0729655b5
SHA512 63a267bec3977ee9e385e22743d2c835e91acfb85fe56475decf7f84a61f0f733a6bde6d4e777d6851d03fc0694664825697bcc0e610a5f06c60d97274b076a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

MD5 ed54734acd949da0d0b659ec9f71dc0f
SHA1 bfaa933bb6ff1cca555d52e04082c51276a816c7
SHA256 32d14e97f78a6f89ec56e3ba330e202dda9fd920e0532f4a76ec093a6559ccf5
SHA512 fefac5d2e6e897410d3b1a0b108a79c266dabbeff0a668aaa0f1fff8d292a7783ed8b6a3848844a8500b5e8e6de32f3f23d4563deef02616e721c76fc062037c