xworm | a463af54be05508515f9b72b9d9e9f6cf27bbc8cb39e69169f4ec926bc7af666

Analysis

max time kernel
418s
max time network
408s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-11-2024 10:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test2.exe
Size

55KB
MD5

08937179fe05585b1022f353822f5800
SHA1

0e819ef45fba856c83f0c4395d5ee98779a6c457
SHA256

a463af54be05508515f9b72b9d9e9f6cf27bbc8cb39e69169f4ec926bc7af666
SHA512

8cb0c37a33d8fe6efd6266576f67ac45122f82ede53b513daec197a06b42aabc79b25d7cee7b8587f624cb00f3e08e62c1e24b63144c6979f7d96aabd16a1dbe
SSDEEP

1536:A22xM7y1Vhg4ZDPbETtJ/aBs6zGkO1OvMLW:LLeZPbETtUBZGkO1ekW

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

0.tcp.ap.ngrok.io:12725

Attributes

Install_directory
%Public%
install_file
hh.exe

Signatures

Detect Xworm Payload 3 IoCs

resource	yara_rule
behavioral1/memory/4452-1-0x0000000000070000-0x0000000000084000-memory.dmp	family_xworm
behavioral1/files/0x000d00000001b61a-474.dat	family_xworm
behavioral1/memory/4516-490-0x0000000000B60000-0x0000000000B74000-memory.dmp	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm
Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
4516	test1.exe
3276	test1.exe

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
5	ip-api.com
90	ip-api.com
92	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133756212287582992"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
964	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4452	test2.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe
Token: SeCreatePagefilePrivilege	1524	chrome.exe
Token: SeShutdownPrivilege	1524	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
1524	chrome.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe
964	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 4300	1524	chrome.exe	104
PID 1524 wrote to memory of 4300	1524	chrome.exe	104
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 4564	1524	chrome.exe	105
PID 1524 wrote to memory of 3600	1524	chrome.exe	106
PID 1524 wrote to memory of 3600	1524	chrome.exe	106
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107
PID 1524 wrote to memory of 2344	1524	chrome.exe	107

C:\Users\Admin\AppData\Local\Temp\test2.exe
"C:\Users\Admin\AppData\Local\Temp\test2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe0c3ccc40,0x7ffe0c3ccc4c,0x7ffe0c3ccc58
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1924,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  PID:3600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2308,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:2344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3220,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4072,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4836 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4784 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5084,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5092 /prefetch:8
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5052,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5060,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5088,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:2180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5264,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5364,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4980,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5784,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  PID:1660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5932,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3696 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5684,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:4144
- C:\Users\Admin\Downloads\test1.exe
  "C:\Users\Admin\Downloads\test1.exe"
  2⤵
  - Executes dropped EXE
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5176,i,4212829484416371670,11601507911334410595,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:4976

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2204

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:964

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4144

C:\Users\Admin\Downloads\test1.exe
"C:\Users\Admin\Downloads\test1.exe"
1⤵
- Executes dropped EXE
PID:3276

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4e40c47fd271d84c4051de92036d65f4

SHA1
6ebc19ef8661f32cc447d985fb4680b48d697d50

SHA256
804c56da769575abd04c4015f2d2fd6c5bca980b652f47497f30ecb3fe5ed8de

SHA512
f7b5c0bdadde3edec92bb77b321e021509dfa5396ee0863c5b2db53cc544be6fb8ae585ba9391f7c72e5c71941994272eff87bbd540ef43fb5e60d814b4f434a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
f4422d42fde9277f5ecadd3f0e16aad9

SHA1
bf605eaaa8584aec39d70fb72a79003e397c44d0

SHA256
bb1f3d5510aabc0ebd7514dffff35e4d767518ba6d15fba13dce2b634c65bed2

SHA512
d678d6aa6702d646a939d13db631e1509bf7fd022e94f119037ea4c51b2d179f97e0e27c9e073c08f92b8a0d610e61fbd54804589d398c520a7a7e51571c22d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
35eef868b55bdcef9b6b229594463de1

SHA1
09eaa914d5a766a23c30719e9f3372f496dd4b68

SHA256
40088cb930087301b5849ee8b81000dc23e4872d01aee00ce8d8084ca1eebec8

SHA512
6a792ea6f30992dcd5fb5d2ba9e37a10f552c60bf687c87eaa21156e68dcc2ee523c5bb591ee10285da7290c0587570173bbeeb6b828f3a138cbc21dc2151bea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e28c90a1311fb1700befc19f467ac80b

SHA1
cb9bcfa3c4284106f6da5687c19eb92e494e1cf9

SHA256
e8cacd7eff30e58ba66ece9d3036e758640e3586a10447413f2fc93d7ca3aa94

SHA512
fe66f661e9b42fb4f71bb2780baba7e47a44c6883369e82b38c43ae6fb5f38fd62a8a32e1fc9041e12844274de9e5b5ddfa55b517e5befecb212eca8ea975757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
821712c8c6ab2d61b154d992d64dd277

SHA1
ddb37fb8372f3c64c1fddcff13b42b355299eab0

SHA256
3989d11f7bd511dad46a3bf30beb418cd6150b386ffb804b1294ecc81128e243

SHA512
a738b9828e8b67938092f1f1e5f2bbd3ad1281d4762d57dab0526380ad016d7b4719cfdafe9d0532ac44424f218d3018ec3627d290fb53b62e3c707a7f6535b9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
993f676dac7996588f43a0e21e3572f7

SHA1
6461e187c5c14cbc9a886d57067155fd9d161782

SHA256
b250f3422e9b489910c2cdfc92b12fc68df060fae07545283d1323a9f486a892

SHA512
896ee6b9bc1e3682e5b8e5bf22ef82b24ce2a7d2b81a3636fd26fdc8f563f0991eb4a8aeb96c4aa522958c435ea141011121f9a3b5a3fe1ef6f81259bcca4b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
aa7419e23e20062519c401c3ff9793d8

SHA1
345e80bd83ac011ca6753ef74200a603fff45aa3

SHA256
d043fedae91625db3bcde9ef590e72639ee9052ccd9ffe71c760fe5522fab7d4

SHA512
3aa973b68889b573a430c6f10068790c941d398de3d540643f9223b5e1b43db0c882836f31a2b6b5faf057fec7d30c45d65a85de5ee59b5ef4d38517e4cedf8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a0a1a09cfd5aa0a58a1b1d94ed14cc0a

SHA1
e62dad2e67d65a686d3249267d1a30477cd3ea25

SHA256
b968592a56bb09432aecb58e643dc2ea02dcb29162ce766e5747bb3603d4b128

SHA512
caff339cc76593a73a1b3cc288e72572f44b4481f664ad869d9f799867bd7dfe8c1acf86ff00aa49fb7369a22e65d53e8a8c21a283b5d843d8d20afb3208b956

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c388f11c1ea4c42cd2e1068685d37d2e

SHA1
f13ef911af55c5955bf40594b0d64b783c116b38

SHA256
6bd8023a0c27925db3d86822afa7d03f4f32923270a9ecbc4cce19f46140f0a7

SHA512
bef7a8a6e6e1457bf80b70ba156ea7fdff4d4e00f12c8c0be379ea8d7ccc722d48b65f82e8d0611def7d88cceb734aec267ba44aeb298b47f5fb587a7cfd8def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
287b929e6dd2396a0093d5c77b6c643d

SHA1
7a82019803f7db415ba92dc8138873b14e2c5c8d

SHA256
f6ddf783819a82341172ce07261ba0fc828757181f0b27faabfbdc2bc09dcc1c

SHA512
12e9c580cd115593612d22ba600b47e48dd676031f6a7279eefcd2727cd5c753cefa36fa89c802546209358de76155d318a8b42f37d5ca6f13f10923ec4487a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c90b3cea9089103e6c066494389d39eb

SHA1
8209574dfa08ccccf02f0372c01f1d74831c2156

SHA256
20217b15246b3166f63f1d9d98ae3b8b619a708f37645d2a818c503d5ffa43be

SHA512
f53b523f5d69c8d8303d4b15b4c841abee16c566c2143214ae66ffe970e62b1f77380fafbb74ca4c378e0ce5cf1b19a9ca967295d1c8a6600d797bd2481551c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f73b65b92340d7b33ed08e63e4cea4b8

SHA1
ac63de5863b0c9bbeb5ee5d933c59958a2e3be3d

SHA256
a4cc8f95872cbba6281c3bd192529040497b57123694927f198ac7f9c0b6234d

SHA512
14183696d8ce2b60f9a9e4f2a51ddb4f743af7c77a0862cfd646f0471942d5ca40200a2a8cf0f934b2fba6a18b716db124cbedf464a649a21bf53ce2e6fcf4ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a88301b16a52a6add17ac7b721d20dae

SHA1
d16adb921720338c74199e76177846eecbf99733

SHA256
c3d1e1c836e3c43a4b0a97e0d8b440be941d9a9390203bf5341b4c2ab9b7614c

SHA512
c4101163ae1c3eb897b04055661a9551fcc2fc27bbc3930df5b0fe1c9dc872953b103e755c21cd542c61a235887e690bbd6884ede47eae46cc7ef5abc6e80405

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
616facb869b359fb65ae236368b69ac6

SHA1
85f267797a14abab4f5cd0dc43364bdcc9f976b9

SHA256
1eaa25f035522ba10e08bcc03ee92e2351058f208b9d9fea638e7723787a9ea9

SHA512
1a80c9794f76acd9f026a95fce2bcf7faadb96c5f6e05debf87a5283624c942cb74c34c1d51ac4d5cba5ed673d43742f9f9e2d0c1139e0385d42f074235cd77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1efa33690da22384cb1419c65dd1547b

SHA1
72935c434e0471be80274c1facf929b8822a8014

SHA256
818aea90e9c3bc4d6fe0357d12302c0b9fb10f220cd00d0b0eda100ad202f907

SHA512
f45554c2783e01b9df3374f1287c33ec5cd5303b75cfd17e7e0a9562185bf86b7b4d28387ab5aa29dce86b98a8eb50c77d503d69829232adf6738dff84159336

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5788391fcde7b5dd746bd4234b0ea981

SHA1
d730377120c86d3357a60819ba55a199afacae5f

SHA256
1bb573bd6a1642a1fe6947a4f8c7346e6a15dfbbc7171287c4dc630918a96b0c

SHA512
539fd4ddc36931f1a5ee59d04834a8f2bbcd5d2e6c0805cd0884ac927f500152cd80a0f1e83217f5d401a68b89a59af0c7cb2525e70034760212a7133ddc4de6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
08184243992a82914fe0b39dfbf89074

SHA1
8aec054f19766ee19b4686656d7eb7de2b427318

SHA256
fafc2034345a4472c89f124550021139b549a23328d514231e64f5cb326d89ad

SHA512
3659677763735cd9a41733682db60440f5d9e6f3e9b209b70002f05578d3ad6033215f7935ef2a0cb3bcf5610dca9fe87ee193f3196b3fb4c0704dc473ced5ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3ea6215536ef8af8f076801be09da9a3

SHA1
f3d0964e29b02ddb1c936d04579b863697239c66

SHA256
ede8ed3bc0da124f88dc4853e03180149f9ed57725e35dc24a9e42a37101eca3

SHA512
a0f0d2581891b59d0220cd19d81d6f71f41973014ad914bf8d6d85127cfe70880187183624e76e492819452a065d820ddef003882e7f82574061f62a08ccd729

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f112348bd84c814381267f79f7d99ef6

SHA1
25001e56d5977c95e5ae52130144fbdeea0c0fe8

SHA256
4e6ceac6dec91c61c3a23f983d1a7fb7d200e72f34a7193881f9c91466fb92c7

SHA512
10422ce935d529e1de5d1626823cdd8b172816e6c23ce3e4de521778074c547c9144e342cdf474fd801f800901bc8101eb1848410d5f6656d7e5f807147986ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e525d30339ddf1af188afbef0230f692

SHA1
991b733e57cad8fdf36294bd0ebc7342ad867689

SHA256
c5a98498c96a3a863b4701fbf4247cfc38f9b5b9ea91446fab9e049beb2cdb3d

SHA512
e8e23fe4806e9bae650b58f6e36c98ea3135621ca219b741bb4034842254e5c27d952b1c70da58291d567d5da599cd553742f8df86fc95cb55ae056c78d2e7ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a6886f82ed7edc08347ba758454e8281

SHA1
cb4de83971c6c5f567cd5121c06535932bfbb07e

SHA256
238153ebc0791b38677fb38c17c0049ce179b014069a71f33faefc26d00084ef

SHA512
966d5f46382fa946c6dd4c932d486f1ecd8f9dac412157bed5173749ca79f972d957cfee448ca9e2a04a1f6ddcbfef273d6a53f78b13fd647d04741ec77891a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d9b649cbfc93b556f67423879ebb2c37

SHA1
4d691034a0d74f5ca4086144b5fd79c5e8bf8f67

SHA256
e1f645c5efeb2cf8e3dca7a717d4b797b11be025e0083394764d108e9cb679c7

SHA512
8a5bf610143e5f0f66b05276d9bd35cb51d04c5498df32ff595184c1dfc59a07c855e89730394db29500f5fe581ee565c40fe06886a41ab1e51f0aad10b56269

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
47109ef672481a57fbba961c2e585667

SHA1
5f670983de6297bb789d8e6d3e8cc24c88f2018c

SHA256
2410ff9621f9331df81db433177184be842f7ed7d505bdb4ca25a151b90976b3

SHA512
db0ecbcd901d2024fd1645c5a14f35efba0602349d5363ee53540cf22b90aedc04882c67118198f6d282b6ef2ec0993739816184000c9ee00e8c9aa5fdb6ade0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
60090484f958eefa58b4ad2412dc7400

SHA1
be1c6dc8d8107ab02f0d103746fa7ad5f452374e

SHA256
0ffb04944abbc010409f70e510d60a37a1422df8d93af1768896b887be38e3be

SHA512
9d46fd975428b2fd9ed8341ee8bde59f2030cb1fc1ded83d75d1d423514d54bee37ed04dcb6cb42b575731dcd4fe2139891e9e271ac5b3d3248897adb31a0578

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1524_847104019\0fa2d8ff-1ff7-48e9-a500-e3b2a36856c1.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1524_847104019\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\test1.exe.crdownload

Filesize
58KB

MD5
32dcb36e278d68980a5dedd79248e3cd

SHA1
e8b9a0a0b09f17436f74527310b78db7b83af2eb

SHA256
5f49c0689f07e79b21277407d64af87ebc74628ec160ced48a34f22d3fd76f60

SHA512
b334a2cd5a888d89b9246dbe1b26be1976240918f0f7c11079cc4aa2f07c5631fe19a7d2a18cdb4d475440457a7cbe168f6c5e4e99d4d6f7db3774919bf67a16

Download Submit
memory/964-521-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-519-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-510-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-511-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-516-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-518-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-520-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-509-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-517-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/964-515-0x00000186AED50000-0x00000186AED51000-memory.dmp

Filesize
4KB

Download
memory/4452-0-0x00007FFE0C913000-0x00007FFE0C915000-memory.dmp

Filesize
8KB

Download
memory/4452-3-0x00007FFE0C910000-0x00007FFE0D3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4452-2-0x00007FFE0C910000-0x00007FFE0D3D1000-memory.dmp

Filesize
10.8MB

Download
memory/4452-1-0x0000000000070000-0x0000000000084000-memory.dmp

Filesize
80KB

Download
memory/4516-490-0x0000000000B60000-0x0000000000B74000-memory.dmp

Filesize
80KB

Download