Analysis Overview
SHA256
76b24fbf7dcc4ff46b3a455761b063b46ec52354c117724e34a911dda45b1d42
Threat Level: Known bad
The file Stop (1).bat was found to be: Known bad.
Malicious Activity Summary
XenorRat
Executes dropped EXE
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
Uses Task Scheduler COM API
Suspicious use of FindShellTrayWindow
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: GetForegroundWindowSpam
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Scheduled Task/Job: Scheduled Task
Checks SCSI registry key(s)
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Modifies registry class
Modifies data under HKEY_USERS
Enumerates system info in registry
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-19 15:14
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-19 15:14
Reported
2024-08-19 15:18
Platform
win10-20240404-en
Max time kernel
246s
Max time network
245s
Command Line
Signatures
XenorRat
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\XenoManager\TransAgenda.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| N/A | N/A | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\4272278488\2581520266.pri | C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe | N/A |
| File created | C:\Windows\rescache\_merged\4183903823\2290032291.pri | C:\Windows\system32\taskmgr.exe | N/A |
| File created | C:\Windows\rescache\_merged\1601268389\715946058.pri | C:\Windows\system32\taskmgr.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Desktop\TransAgenda.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\schtasks.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\XenoManager\TransAgenda.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 | C:\Windows\system32\taskmgr.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A | C:\Windows\system32\taskmgr.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133685540901503532" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\OpenWith.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings | C:\Windows\system32\taskmgr.exe | N/A |
Scheduled Task/Job: Scheduled Task
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\schtasks.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\7-Zip\7zFM.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Stop (1).bat"
C:\Windows\system32\schtasks.exe
schtasks /delete /tn "WindowsSystem32" /f
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fffb4829758,0x7fffb4829768,0x7fffb4829778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2084 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2864 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4372 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4816 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4764 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4788 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5068 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=2592 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3064 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4728 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3084 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:8
C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=5696 --field-trial-handle=1856,i,16331030594753963152,10930510642651833437,131072 /prefetch:1
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\TransAgenda.7z"
C:\Users\Admin\Desktop\TransAgenda.exe
"C:\Users\Admin\Desktop\TransAgenda.exe"
C:\Users\Admin\AppData\Roaming\XenoManager\TransAgenda.exe
"C:\Users\Admin\AppData\Roaming\XenoManager\TransAgenda.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "TransAgenda" /XML "C:\Users\Admin\AppData\Local\Temp\tmpF9BD.tmp" /F
C:\Users\Admin\Desktop\TransAgenda.exe
"C:\Users\Admin\Desktop\TransAgenda.exe"
C:\Users\Admin\Desktop\TransAgenda.exe
"C:\Users\Admin\Desktop\TransAgenda.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "TransAgenda" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4D1C.tmp" /F
C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
"C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe" -ServerName:SecHealthUI.AppXep4x2tbtjws1v9qqs0rmb3hxykvkpqtn.mca
C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
C:\Users\Admin\Desktop\TransAgenda.exe
"C:\Users\Admin\Desktop\TransAgenda.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "TransAgenda" /XML "C:\Users\Admin\AppData\Local\Temp\tmp4046.tmp" /F
C:\Users\Admin\Desktop\TransAgenda.exe
"C:\Users\Admin\Desktop\TransAgenda.exe"
C:\Windows\SysWOW64\schtasks.exe
"schtasks.exe" /Create /TN "TransAgenda" /XML "C:\Users\Admin\AppData\Local\Temp\tmpDB9C.tmp" /F
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 227.74.250.142.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | gofile.io | udp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| FR | 51.38.43.18:443 | gofile.io | tcp |
| FR | 51.38.43.18:443 | gofile.io | udp |
| US | 8.8.8.8:53 | 18.43.38.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | api.gofile.io | udp |
| FR | 45.112.123.126:443 | api.gofile.io | tcp |
| FR | 45.112.123.126:443 | api.gofile.io | udp |
| US | 8.8.8.8:53 | 126.123.112.45.in-addr.arpa | udp |
| US | 8.8.8.8:53 | s.gofile.io | udp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| FR | 51.75.242.210:443 | s.gofile.io | tcp |
| US | 8.8.8.8:53 | content-autofill.googleapis.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 210.242.75.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ad.a-ads.com | udp |
| DE | 136.243.55.84:443 | ad.a-ads.com | tcp |
| US | 8.8.8.8:53 | 170.20.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.55.243.136.in-addr.arpa | udp |
| US | 8.8.8.8:53 | static.a-ads.com | udp |
| US | 8.8.8.8:53 | 25.140.123.92.in-addr.arpa | udp |
| DE | 116.202.214.170:443 | static.a-ads.com | tcp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.75.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 170.214.202.116.in-addr.arpa | udp |
| US | 8.8.8.8:53 | store3.gofile.io | udp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 136.175.10.233:443 | store3.gofile.io | tcp |
| US | 8.8.8.8:53 | 233.10.175.136.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.170:443 | content-autofill.googleapis.com | udp |
| US | 8.8.8.8:53 | 67.214.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 174.60.140.164:7707 | tcp | |
| US | 8.8.8.8:53 | 95.16.208.104.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 8.8.8.8:53 | 11.211.222.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.142.123.92.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 8.8.8.8:53 | watson.telemetry.microsoft.com | udp |
| US | 52.182.143.212:443 | watson.telemetry.microsoft.com | tcp |
| US | 8.8.8.8:53 | 212.143.182.52.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 138.91.171.81:80 | tcp | |
| US | 8.8.8.8:53 | 215.169.36.23.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 8.8.8.8:53 | 240.143.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 174.60.140.164:7707 | tcp | |
| US | 174.60.140.164:7707 | tcp |
Files
\??\pipe\crashpad_4608_CKJUGHORVJDXZQBV
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | b8a25502572c70f1a7a313b5fe52c0f4 |
| SHA1 | 99670376646adf0fc5c1dd345a6a519b2815f204 |
| SHA256 | 5bf7f48e87027213d77b3095b937b9185acf0331973015befcda00d2d348391f |
| SHA512 | 70347b92cd52af377e613272766f24f6be5f95b5d10dd50ff20e0a1d897373ddeb2f77dca258a5bac469a9300ff130931b302b3b69ad1374c683b029ad5e2936 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 40b2bc09c6ebecb9f549df1a4a8f87d6 |
| SHA1 | c077dcb0f67abb586e31aea7a7a79d44a789da2f |
| SHA256 | 8ea43a16021b8c7e1b20554ca7b9c7fb82ee30699144086e4be8688d54ac4e83 |
| SHA512 | e0b6aebac5f96a7169ac811bb2ebcf01ccce7de81bed605fb2f93cc15d48a8631592bbe1f8d0205e127f6eeaaa411c17d5447122d17b3cce5378cfa129944b65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b73297480e580de55372bf97b9d8a87b |
| SHA1 | 1f791bfa134a6063966e42eea040615aaf8dd78c |
| SHA256 | 59fcfc0eee20127c2fe4d6365a47a0642fbb829c3a40c38089edd77e31e4b6f4 |
| SHA512 | 109436b087f05453a58172dcd5a5e921359834c56c15b56aa7401f5626bf00e2b800f65979d8b39e8536d00f2a6dc0af1b374a66d96ea655f91a6343e459c36f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | 12b2ca394c7f9d7eef2ff330117b94d9 |
| SHA1 | 8bc245710260f0a0560e8a66eaf4418fc68c246a |
| SHA256 | 75c6bd9dda13d8f2f3b20f74cb2dd43be4d00cfbfe68d4e288554e569aa899c7 |
| SHA512 | 558b316827db487d0d0ea88ae355993c96c355a49ff0a23d12403261dba5ac23634a26d79b2db5692d6b95c7f0db46a891e4b37553ba3f6081f4fcd1bdd001d3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | e23edb50fd08f7d31652718456eef155 |
| SHA1 | f9f94ba990d3ba3149f15e7773db80313dea6b8b |
| SHA256 | 16d8632f8b4fc6b3b31c4b087065223ec9870de6fec04879f89136aa1fcbaba9 |
| SHA512 | fdb714298ddd1702c65bcb8fa7e46f83390e39363032a87fff0b7136ddbb80e49c85cb72c736fda32cd76fa529e8aebd3e536a00391bbcafcc2a95b77c5f69b9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 147fa6d591a3de10cfcf0d6cd32fe703 |
| SHA1 | 97ae67f76450584382bf9d850fa8c6b4268df6e8 |
| SHA256 | d5d3eb3ffac46c705a6030c81d333185c057d6d735bd6a396b26d56b3deeb9eb |
| SHA512 | 659d87e118aa27c2bbec512b3e2a386ba88b344501b63e33359ffb28381f66f96eadf2c5cb3e4082855d57480c66f573d3abf69d3a0bc77b7e29abd8cf6c8a28 |
C:\Users\Admin\Downloads\TransAgenda.7z
| MD5 | 80d38162566dd741aa1f49d8dff64f06 |
| SHA1 | 4bf98a19163cec8f30e55f5f51734dac6bf95416 |
| SHA256 | 2b322a7ca22c6db611c3f427462a2e93f8f7985ca2213d18ef266e66a8e46aed |
| SHA512 | 01f95146d3cba4b6a18d341e0546b5101e2078ee93dba624a5deee2c77e56681c06690ddce491f7acf1c0e490dd8599c2650c721ac1f688220548d28fabdc732 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 5edfcb996a9fb168a4a3e34d3f384ad9 |
| SHA1 | e91366a381afce18e419bd0b0508d503377a062b |
| SHA256 | 93dd79eced23595de50720ab894a8357e378a1b633af56082b3a2e9ecd3d4e2f |
| SHA512 | 806d6f9ca633eabc220904859ae09adf32f5c53d4cb3be1899584b63328f43dd087d040f761d7a636a6ad6a74235f999d0606eb2f1709896c79d29792d7d8064 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0972bd513695211d95b892ce2b51bf5b |
| SHA1 | 0f176b06a8ac81a855346b86df2589455db7fafa |
| SHA256 | f7336ea120a275c1596aad945bb5137bc6d4d4a518b668fd851ed5bfbed95254 |
| SHA512 | ca087a828ea5a2c09ac95ba72a6030bd735876de896d8223119f04e1c895dfba66f115ecd8781b1cf288c15a71645a86521d51401b8a6b53edfca4cf0a995e56 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
| MD5 | d943fe351ea94903446bf64543571664 |
| SHA1 | c62d2864cff31181b99ce5861b75216908f05c28 |
| SHA256 | f03b0e71b1fa5e50cb2ed8729fc7a804c38facf6d35f4805e7771c065a4ca1ff |
| SHA512 | f46feae34e50d7f01195af174f7b2a7ded7c2ea10523e8e49081cc3cbbda281c748ddf8b3444b92e60e83faf1b670699898f4f843f69453baf66a3fc4a219237 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581623.TMP
| MD5 | 52b2afec647f76364b539200b4e8de85 |
| SHA1 | 67858697ed1daff361b1c91ecbbb3a4d27d2808d |
| SHA256 | bdc1e70909b17fb1f46e7edf378d8c3e03e1b59a1e5c72d5ce004d099712e9ec |
| SHA512 | 8b8d943aef8f0a6ef5789c3bc224101289bced52261b27642f467b6893ac8e2637985ac43e6288305c8b1d81df6f4dced8a5dfdaee2ccb57fc15039ddf08aa89 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 92c9af316b768942282a93b970919a92 |
| SHA1 | 89e1ad8106bdcac068e75be42196b31a11b5d541 |
| SHA256 | 54aeeac86fa529b3ea0013c7c3e190b5b31a01c8513387e157aa64807dc9b0c3 |
| SHA512 | 57fd82a07f67bf07d3e1af331de53103bbe1c735c868ca48d6478379109cb8c8ecc3e47e6c29a15e77a8d3cde06a09772d0cdea9589ef34b023db738e7fa90c6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c60d5deda56e5a34dc35ee277f44269c |
| SHA1 | f81626cf94b61b075147cf87994c0f219db33ae6 |
| SHA256 | 77b7fc25a8693e12381eb133e2c521f38195a500b86c30932c80a006fc9f5cfc |
| SHA512 | 51d7eee4069f2cc92391e3750962e2a1a0db47ec7e8124857bf99127a50e29c654563c8c208c78d036a2d76c0625b93ae1c6a9eb0ded66de0d5747d7c37ac282 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 010befa39e601e5735a71f4048b2cfea |
| SHA1 | 6072175e3a3b66f08b4e53569fe9e7e605ee4a9d |
| SHA256 | 06953cecce6c523fa6a7507f99b19022dc70e651b2f51705ebec2d2c9ab77186 |
| SHA512 | 7834fefb9c1b568485ebc4921e2ca385db230da81499d69a9728b712dd0f106440ba55178aa4cf5a07f31a8ef281601441df0140d11a68cf222a1b84c67e2349 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | e53a3cb702de742ccc796f77fb9212ad |
| SHA1 | cc9dba54dff144c89344c9e5ae9334b2567fe549 |
| SHA256 | 60d5e7d84a257fa3f5dd569d9477cbfcee3bfe26c40306806f1082d714cdc5db |
| SHA512 | 7915d54da8b68023effd9264c02fa4348d69a7ff5aefddbac8791e7f9db8eafc0292722f47a23162f2054b7c111248859ca1912e81626549825b7b1e7b94fe23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | b58df0ef1f48254d95a87d93888ce20b |
| SHA1 | a6ec4f78e7690c879b810317ff047e007b2c5683 |
| SHA256 | 044d2670ad956e8dc62209b34e3871823b56ccf1e51a899280736e60f8d67cc3 |
| SHA512 | f5712e0bf5b8a25becad71ec1b4c804f13809c5e9692a54b0a2be3efc2d9b89999121e16c5c5695a03c231046fc689e0577e8916061a5c21b6a809540fe8b150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 802abd9bb13481998f49eaf79a0245e4 |
| SHA1 | 485cadb0636d43287cbec882421bb9951518a1f2 |
| SHA256 | 4cd4e005e173396f41ee2952f8f8d11b25ca1a25626bd18188fc6ede5015cfde |
| SHA512 | 820f6775a8290daa5dc0993ad170485016bba0e56b561bcb4d883c7f14f03004435108db0b9d6dfeeb378bf37dd13cdd66961ced2941953851d2ac8b30e74d15 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0c2c8231209a5a6a50efe67ee61f3c9c |
| SHA1 | 7fcf8da37500bbd0b21b265e14d418c1a6a30c1d |
| SHA256 | ac4a2045dc874dd19b87a76c9041f1172e3f83268d59b82751b15fb2498da888 |
| SHA512 | db8464e3153786215b302a62ddf5805324d59746f601f5bf2f5a06f0682cd55e11d53624a4c5a306c513b476f698bb70b3088599c26373b6e58cf51ec978e41d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 61eda8680e9ed930e7077a914937f9b6 |
| SHA1 | 7f16b454c6fb611f5b302627daec92f7c6b4cf28 |
| SHA256 | 2e8728f245fbaaf76b732672267b7c09f7d07dd5ee5f5b5c1ecad2f6fa6d4ec9 |
| SHA512 | aa9afc4ed3a22d9f4866c7df37cac2bea298fa11e1a32970de9b6143e07333b5863b46d0079ed18b133bc65e4000f3906c937b2d71f7b4b97f024adfd8448ab5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
| MD5 | 9afc71295b36a671b1acaeae2d21b7d2 |
| SHA1 | c3a9cbf0d859f896d37f2e3c4db645272f7dae5c |
| SHA256 | 8ec79b434c9918b228efe3273fe19e4b23fb0c3a501254de7a876d22851e1654 |
| SHA512 | 951260639aff7df1ae742b5b041a33f15da0bd75876de4bd9af474845049233db635e19d685a50c2d14dc3e5729c15c0de5b7e41ec3d8303e0fac0e619000412 |
C:\Users\Admin\Desktop\TransAgenda.exe
| MD5 | 8dbebef8a47ea96ceed4408641e195ce |
| SHA1 | b13a236bdf60de5fac38ab11344392eadb7462a9 |
| SHA256 | 2bee910afaec59b55af87e2056a52cc43d879a2582dc5d148bcf696ddbd0516d |
| SHA512 | 9159cf5a19963d73d947cf17db303eb84353a0237b03bb61fc553b6945f3c670da79cc5185211a793effa191ef438f0ce3f1b894dde3983cc068adce0757540d |
memory/4836-331-0x0000000000740000-0x0000000000766000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpF9BD.tmp
| MD5 | a9c1f7e3003f94a8c0313a0dc0724247 |
| SHA1 | c175bfbdeed865347102f9f709808ab69ef558f5 |
| SHA256 | 8847403fa9782db190ff467a63a6d84af09ad173a4fed107a9b11aee0cf26e26 |
| SHA512 | fc86570456b8d7f1f01c5f8580ace3c627e7368640c704471787831bd58829ce99ee7f0a6cfea601f9038602e4988f769a16e4016790af76431d6ccb54983b37 |
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\TransAgenda.exe.log
| MD5 | 957779c42144282d8cd83192b8fbc7cf |
| SHA1 | de83d08d2cca06b9ff3d1ef239d6b60b705d25fe |
| SHA256 | 0d7ca7ba65e2b465e4878e324ceab8f8981f5ec06dcf5bc32559a4467a9c7d51 |
| SHA512 | f1549c61b4f2906d13b2aabb74772c2bc826cd42373d7bb6c48cbb125d5aa2ec17617e6b5e67e8aae3bb5790cc831cdba48a45008ed01df4fba8be448cce39fd |
C:\Users\Admin\AppData\Local\Temp\tmp4D1C.tmp
| MD5 | 8b4e1a1239b8d7e51e9a0f2ac78e3041 |
| SHA1 | 1d8e9e5bb9ee67e376d147a5ff74ebf5fbb815d9 |
| SHA256 | 0367db2838dbd4ca003ed3e6190544f82550b4fe94991dfbb77b4af1e55144eb |
| SHA512 | f46c338778f00fa1b4ba09524916cfab24e2d9592a3452d23cbb6668ac639928bb6b9b3b95653f3467992286f224661e35daf4f9d2061084d6ceb49fcf38243a |