4c68fc7cfea0b998be9ebc730f6fb64453111463cc97a05832f826bd5c95c70a

Resubmissions

11/11/2024, 22:32

241111-2f212axldw 10

11/11/2024, 22:25

241111-2b6hnaybkd 10

11/11/2024, 22:10

241111-13dfhsxhkh 10

Analysis

max time kernel
360s
max time network
356s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
11/11/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

XWorm V5.6.7z
Size

18.5MB
MD5

6df23ee40cdb76bcbaf9debadabadd54
SHA1

98113a1537411c368d33691af4d7b03b4019b828
SHA256

4c68fc7cfea0b998be9ebc730f6fb64453111463cc97a05832f826bd5c95c70a
SHA512

198472da9d16717d5607541b26951c113e821cca95a204c8973b3b3f92ed42eba35dc42ab2a4efa193c404319a64c34c90b35837ab4c924c1dba3a3fcce55292
SSDEEP

393216:CipL2GD+ki9oXFJan9qqBYpusMUO8hEx2sidgNwVgs5517:CiF2k+f9oXFmq9pusMX8axD6355F

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000\Software\Microsoft\Internet Explorer\GPU	TextInputHost.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133758376737892172"	chrome.exe

Modifies registry class 34 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\NumberOfSubdomains = "0"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CRLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\CRLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\Certificates	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\CRLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost\ = "0"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\CTLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\Certificates	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\Certificates	TextInputHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\ = "0"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\Certificates	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage\localhost\NumberOfSubdomains = "0"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust\CTLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\EdpDomStorage	TextInputHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	TextInputHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed\CTLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	TextInputHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DOMStorage\localhost\NumberOfSubdomains = "1"	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Root\CTLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\trust	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Explorer\DomStorageState	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\MuiCache	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\CA\CRLs	TextInputHost.exe
Key created	\REGISTRY\USER\S-1-5-21-556537508-2730415644-482548075-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Software\Microsoft\SystemCertificates\Disallowed	TextInputHost.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3360	TextInputHost.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe
1932	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3740	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3740	7zFM.exe
Token: 35	3740	7zFM.exe
Token: SeSecurityPrivilege	3740	7zFM.exe
Token: SeSecurityPrivilege	3740	7zFM.exe
Token: SeSecurityPrivilege	3740	7zFM.exe
Token: SeSecurityPrivilege	3740	7zFM.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe
Token: SeShutdownPrivilege	1172	chrome.exe
Token: SeCreatePagefilePrivilege	1172	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
3740	7zFM.exe
3740	7zFM.exe
3740	7zFM.exe
3740	7zFM.exe
3740	7zFM.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
3740	7zFM.exe

Suspicious use of SendNotifyMessage 16 IoCs

pid	Process
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe
1172	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
3360	TextInputHost.exe
3360	TextInputHost.exe
3360	TextInputHost.exe
3360	TextInputHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1172 wrote to memory of 2032	1172	chrome.exe	85
PID 1172 wrote to memory of 2032	1172	chrome.exe	85
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 644	1172	chrome.exe	86
PID 1172 wrote to memory of 2112	1172	chrome.exe	87
PID 1172 wrote to memory of 2112	1172	chrome.exe	87
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88
PID 1172 wrote to memory of 5484	1172	chrome.exe	88

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\XWorm V5.6.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9208bcc40,0x7ff9208bcc4c,0x7ff9208bcc58
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1872,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1748,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2024 /prefetch:3
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2212 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3084,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4440,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:1
  2⤵
  PID:5616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4560,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4620 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4564,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:8
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4580,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4920,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4944,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4572 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4852,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5072,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5060 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4608,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5420,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3404,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5720,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5500,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5680 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5676,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3400 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1124,i,4976630079009425215,1093690708875748878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1932

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5520

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5548

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d7b5e1beb3dccddff93a58b61d170d48

SHA1
7482f1f3e4179608efbdff4ab6ca43ea18d8cf9b

SHA256
5002d2499bf107710433d77c2a6ab79b76c2a001e8f42321ec38fa49806670c3

SHA512
4c26abb3eb596316126b9232ab9ffd4a5ef56fd670a8df23396c5fceaf0ddea20df0cdd7adbace4a1cbfcc4d9f992b731c66ef63a1b24493fdc91bf6e91d7b31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
005892f2581534362dcdd99aa9609471

SHA1
45aa6733cffda75598ceb00fe04b0fb6a341ea02

SHA256
8707c5b7da834203a41051b3183aec6b0f5188995271093ce9eb23e39d78e68a

SHA512
311c61b14e6a2ea65ae026f96b7ab5066300720c47022006eb775b8082aca9141d935c1826aa92648ae174ba7c0ea7cdc380a5122f065ee5d4165c82d648d41c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
f1742985f0bd3c93ba9da5746b422a4f

SHA1
6f7f6e7f446596f7f0e619c12c26f8ca62bf06be

SHA256
e5b0af545eb1bd120ff1e394904228ba8022295e82df356f0f11a810d7ec251c

SHA512
1e4a209d7865b1b789ad69fad8c715593fb5fdd389031951ad754150d61fbc3b7eae161e0d24cc11533ead76cb422cf8b9b9090d9841cd81381301c2975cae5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
f5541cf13b2b52af60369d83437b2c17

SHA1
088e6e3dc2aadb4cb80e4fb6bf1f41c779bc4994

SHA256
4b64d4725d4f896a28987dde06d21cd7f871a3edd836c3081f6b0360eac19f94

SHA512
bd004db66beece85386d947bea019c11b553c3b8504866608f043272cb223ce42657ccbe6a2b6c7b6f4f7daa77fa4216cd6c886cd2f9e61281d1b70c72f27f55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
70762dfc2268f523479089e26622d5f6

SHA1
0cffacef51a353fa2410236af64f6d9276ba1685

SHA256
797f48046a5c9e905801afd595e15679718c999915e3169105fce99038f648bf

SHA512
1524029c828690eed5d5511c93dbe1ec0a42b046959cfa15e8f768238e7a365ddcf9f85ddcef1204fb85ae83d6353dcbb6568017ae1676636d3d5cd55d2626d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
65377d29e79d1161a6e17ef95e66ffc9

SHA1
8b2cd5a368ba479e78865e373c9730918fcb9b9e

SHA256
ed786453002992408a754ffeadc8ebbba0842fb684031b75b47027fcc8ff2c20

SHA512
e153074688c545f8929797b1a71f243ecce240954f1b4893289e3e67a004cc69629db56244e4ddc9c5ded55975f811f34df20815a9536552f7b35b15fc1f885b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
524B

MD5
32ce112dd04d3533f76819003c4d7d9e

SHA1
8f9623d66e008b6e478fec9399d5643aa506bf6f

SHA256
50875aaf4e4d8183081460d8296e1941071c6cc62bbea258a0162ec4486372a4

SHA512
8cb787a28fb965c95ee4821bb54c3169fb5609a4572f50c25a3649ddb361f688ae4c62ca32b9a3a18cca3154ad9a774b0c5771f8403348404e5dc492c7b17eab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
6775c1e4af17c95e600eeb11460a3dac

SHA1
a296f5155136970abd700bad32d25fa445b32224

SHA256
3e99213fd475d4ee6227170cdba463e9c8af02777664ffc539f4664ad7e72a8e

SHA512
a84e3566109a037d7bca021a4ac72346c85575dde24a4d97c12cd56d758ccbf95ffe7ae12266b2efc872bc25bc7c303a53d61008e1d68f3e710ac7c9d5b88bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c438e9e045a30a24a50c333dedfb262e

SHA1
15ee1eac9a1b2610471fdcf005da493007cfe165

SHA256
c816055f984e7acc850527b1fc3458d4f4c47332afaf7396653bf6d06a228af7

SHA512
2386b5f5a8a427570ca838503823c4b805f306d7a253bc8cb3cbf5a140b8c69336e155e4d134d57f160a8821f2c34d9b437ff6523b7eaf73c314f513521a136a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7049b0dee7e6d00361473945a61784b0

SHA1
5cf7e3c7efefa188452347f4d106d632b8faab7c

SHA256
0654927a028c9de6bbf21c703c6092b4e6c8511f582c298a82675bacbd606128

SHA512
19a10d9fb60b2f3a7a37b13b06d8543a78efde8b14594110274048bca9fb116a3b7421945cb426dacc5ab20acf5ac0b2bad65e08746d9aa2cde1ab122a96e6d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8d0164135900ebb34d22fcdf7091d6ab

SHA1
9ef9ceea95416165034c5cafc79c38989ecface1

SHA256
9fd6f46a0231439151c4c2b8e99961913ae987492dd6d512c69e7c59bd39e4e9

SHA512
e0f076955a74935456aea94241af0b0c123e7febe69a9c2ea47cec829db58ef75c47bc7843484a54282720330ec0df79bb476ceee310dea6b08e8d900ee30c86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a0baf722d0ed9fe8bbe25548b1666f4

SHA1
77364e12d09dd745349253968a31f8867f6d2926

SHA256
ebc8d0b5c96ecbe25ed818365a3578b4b30ff567e9f44c7ba48a9a0512a89eb8

SHA512
ee1f40f14b97850484f2a6e96c15aa5e29655eef85c2d93e226721ae89e173be665e941448d30ea627e4a9764c076e59717785144039e1962d2128982e9efe19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
93c68116804f100e85ed6b7c3bedc029

SHA1
66199bfd1f82b3a4ab962e8696ff371e95617215

SHA256
db7c54cf1d0e77f2a8d8b1c1dc0f41c73535ca8a441222c73e7efcffde0fd2ee

SHA512
367b519df44134a40cd457a03304bdad3365e761ee7cd2939029e5e86e775619f45708f7a3e45f5f3691472ac945a219931106896360777e39899b9c88d55916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6c4009cf7721bd074d6005f3c022fe49

SHA1
225c1c98b58265a7d28c676b0a777d6ec0597fcb

SHA256
23fb012a66493e64720652143b23df15067319060bfab6a29d298a522d7d7311

SHA512
81b2ce1333fe152a64efd4d7bce584522e3b3a8aee28870707189a24d1291c96bd2251ad08df801864908a50ad5849f139fb4c50354404105979330aa4a0ddec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4ec85964c60519ab8a42dac2a4408e03

SHA1
53e4d5892a0da1e62b1a56fb43ba7f307a995dcb

SHA256
4c4e272345b7137c113907a02e7bbd5044d51e89dc3e20a88aa24be280c87e29

SHA512
dd046de5c285d28325d048a6321637396f5fe2bbf30297abfde76e4caa94edc6970ef7d7df5524731af8abed4bb52f773933843c0a9930ab437fd58e1c639434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
afd70f6c0f6e605e174e27eb7a9e5349

SHA1
031de6f82bc89d2829d15cc23ed277d6e7b57cf2

SHA256
342182be70656bea94dfbd168a85262f6d8a64a4a996186e7d7ee7e6c1ba885b

SHA512
8247cb367e6b632e02d6a42a3bb50c4b1c02e4c636b36a8f7ed70212fb7b02c160d3e0ea403a2b2e3817ad5fbc7aeb557755494fdf1901b16f6729a13c2db7db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4e6c41611eddbf92f40b406249c11df5

SHA1
e4cdf5e2cd7107876b02aac065e50499ddb16be9

SHA256
f24c0b652b987e5a59319d6a1fd3b4bb096b08897f4d85f3f92633dbff78c92a

SHA512
1cea4370769ef06e6ef276ddf66f468378d01778a055f7ae4eb0a6623c93f5e4f4f9a5e6cf92ed88115e62e4b2c6f588ab31ca4312afbcf10bf0f13d0a5b9950

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0e4aff4aca962bcdbcb6816ac687011

SHA1
b6f3407c70a55edf8f6892e7cd65400c75459f6f

SHA256
63705462ffdb2cc7639a5e61abb608047e6a93b8a473a49f46c2b30b3f4b724b

SHA512
fe45f20663a6e3036b27aa2e5a662d06c3e8632139e336d13991da43debe96e753c4c03e5de8aeca7d56e7c791846330ac7714883a54e3274fbb3c60bf9777c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
875047d2c9bac1f8da9b12f245314b7b

SHA1
b0588e9cc4558cc9ea78e1543258f24106e33729

SHA256
a69304dc659a2cabfef242f8228cead3be3c7adcb883966ad824eb740d23a2dd

SHA512
5501817d679d180f0f7aa0e062c0154dc402ded13bcbba5f4ffc4a8695498ae113d964c750b584e7d141e02a00e62e3cdd1f4ea9896c3e67c4048c976aad70e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
56b13cdef190ccc9d53600a87e2faf25

SHA1
c6e31e57bd95969f05f6f60f985ac7f2915756e3

SHA256
416a15f234e4ca953de5fb5bee07b9f0f8742e8976bd9c8ae2b6efabacccda12

SHA512
bb5d0f31dbbb6e43f66c6ab6f70b86e17b98dfac1ce83112ccf138e6807df91f22200da17fca46c1b3f8dfab3a630ab3208cb52fe7ba83d2dd4953991420e050

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dccbdf6ecc381b74d1f177bcd08f4382

SHA1
0086e15803fae2b3f09c484dc2e235eafab6a94f

SHA256
860743234b7db116ba971c5ff6e542746d15452d7ebf8764768d815c8e9a97fd

SHA512
8f5730b9b93ccca51bf51cd06503228dec201c27258d2e3b3c9c27a3fc892450d87f6392c6725e028aca6e70f21bfe33d520b1d347efea0e8313f374960a0f1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8152b90752ec89fe9c812e7cdc3fa69

SHA1
60a963876b258ea42a9b69aa4eb17d1baeb35de8

SHA256
99c39a1803546759581ead77243a4aa82f475ad15267c749cd9787907d7d6e10

SHA512
70f23cc685ce56c532c1471a362619a6331ae5eb0fa43b548ff8841f007e9bdc140c9961cfc0ae5e141f25ce5c8949599234bc9d3d377811457f10ab2f874cba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
884b42696d2ad93a06db0a8f7a79ad0f

SHA1
0aaaefd4ccaf84f60fc5ac09e31f592a7596f19d

SHA256
5b76563a9fe4e869ea569add81320ed1d1f8baaebd6d4339325be63dfb444c24

SHA512
07edbba93efd8c3100c9b763b83371ba32b133eed5d8bea3feaf0be34e475d398d6b4d51f3bf765a3e5862d9a6eab79370d3126048bd18d38dba32a2e3c0da6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ca3c8d2f9fa261ee199729f74a13e922

SHA1
d8403072b47087970929bb048ddf153b2c63e548

SHA256
39e4a849d606847d4a8b56873035dcf84d0382bae87df50de8cb4bc0b7971dd3

SHA512
0e61a985a6b0f0e9108ebc0822413280afc4166a09441e23bba1ae340dce4d3fe2c657275fdf66f07dc639cc54bd99d86eb90405f3ea418a10e91f50a295eb08

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b06e776c256262a92abbe5dcaf4ae4f9

SHA1
145eab03c2c7c38b4446e950000ec516b953ee8c

SHA256
a63de43ca13a0ec9274dd3a425cae5adf5d829d78bb9e99f9d2ed9642ff7ce5a

SHA512
2850cc117e5f18ec8ede4c3fa3bc0b8f2e0048a8d0b5f4213f8485e2870ce0acb694e409a1339fea0704d2b1a72b7ea6410e4f17266ede7acc1c443e7d1226c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
18e420b99509294134f8e6ff821b37a4

SHA1
d589f082ec6f07ad73913a2d1160320bf381dd11

SHA256
be1f406d3f06b9e90ad1fc15a1a9bebb590004be2c395868f9de0ca041c70b1d

SHA512
cdb85c8d5907775efcff0a71e633925fa0c599c2fe9c8fb7b0f2a3e36406e33dd7ccfbf6e564996021ec0682c8a8a0fae71e15d83d433d2012223836e3476a97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
8c367acfda7e7c26e59434514cce9292

SHA1
ece34c76f1e4c8b97b19ccabe7923293c73a6dea

SHA256
a2a03bab1c05de0d4a9e7db9ebec670c1a65d853c20d7af878d3eff169bcefd7

SHA512
37a315d75604f982a1b96e609b252342f4829262659068faf51682e7eb2154d504dd03bce594afdffa8c31d29197a1898ffb2b63b7fd174eb4d626435dda54db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
66238589a49242d2311e2ad9ec4a0c1a

SHA1
1b62df29f6fc7a7f6a951943a6a6a2355821401f

SHA256
e6a3f56fbf4ee502fafd579ca3055bc5c8b472f10f4beb004d1a0c8840afdec3

SHA512
60549f5ce21a9b90dd6e6a0694f752a461f12aed7cbb4eb8a7aae7909dcdbcdf1b6a148349672b91c0920dc800e351409a906d95c824bcebe1b4219b26084fdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
92cbe6aa61e730bdf8399dc6943060aa

SHA1
155c0becfcc136ab37534529caf65e7964ead21a

SHA256
399f764863dcffd88f789b5aca267fb4903a7a8ea22e985474988ea87e836f87

SHA512
283bde7458696b3e29454e529181fd8f9706e1ace8f9ff349b4df91e647b7c72139a87ada25d73bf78b5ff148feeca47c8cf7b66c3f54c8e82b0d375a3420857

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
8d706230853a815edf8a0798bccf8aa7

SHA1
918183a0c329a61f3e8a79fa47ad38f974ffe4b3

SHA256
9f14cc643c21e4e2673e15374a428b9eef40b47d812764083e9e3e7cc7384b74

SHA512
3ab3eba801aa9334539a407ff0a9faaf5a515087a3f0393f7831a91a68ff998e6abfff8fcc12889a57929cc38169fbf2274f0b4829160021f86179ec9daaddad

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.__sb3qw1unnammcedvqccqs5.tmp

Filesize
2KB

MD5
530f1945913c81b38450c5a468428ee6

SHA1
0c6d47f5376342002ffdbc9a26ebec22c48dca37

SHA256
4112d529734d33abda74478c199f6ddc5098767e69214a00d80f23d2ea7291ff

SHA512
3906427ffb8f2dfea76ba9bb8cac6bd7dece3ebee7e94ea92da5bbdb55d8859c41260a2bda4e84fab7e1fb857ad12a2e286694ea64d00d0aa6cab200fbbf64f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.mgkzsxuxdivza_3_lzm0h0sph.tmp

Filesize
1KB

MD5
4085b7b25606706f1a1ad9a88211a9b7

SHA1
31019f39a5e0bf2b1aa9fe5dda31856b30e963cc

SHA256
b64efcb638291c1e1c132ed5636afbb198031cee44384f3ecf67d82b73accecc

SHA512
9537559523839e3e708feabe8c04f40236add7d200ec36bad00c10a69337a15001103c17093dcc0d8cadb4713d911f39a6411624c1db4cbf1ea1af272a716168

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\Temp\APPX.oas_y8rz6llg90mgrmdmozdb.tmp

Filesize
9KB

MD5
24ebdb1228a1818eee374bc8794869b7

SHA1
79fc3adb42a5d7ee12ff6729ef5f7a81e563cd2d

SHA256
92a7d7d3b0bfac458ddcef07afcdad3646653ba7f4ad048fdd7a5ec673235923

SHA512
63764d99a0118fac409327d5bf70f2aa9b31caf5277c4bc1e595016a50c524cd6c3d67924321b0fcad12cd968de1a62bd292151e35fd907034efd0f40b743d6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1172_2100583741\627b1e06-bf22-4f86-bd8b-0903c9a67387.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1172_2100583741\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
memory/3360-742-0x0000019B7D370000-0x0000019B7D470000-memory.dmp

Filesize
1024KB

Download